Generate_cert client "Client-only" "-extfile tls/openssl. Generate_cert server "Server-only" "-extfile tls/openssl.cnf -extensions server_cert" KeyUsage = digitalSignature, keyEncipherment subj '/O=Redis Test/CN=Certificate Authority' \ A certificate restricted for SSL server usage. # Generate some test certificates which are used by the regression test suite: # COPIED/MODIFIED from the redis server gen-certs util I've created an example repo, for how one might setup a docker container to use the new redis v6+ ssl:Ĭommand: Redis client stunnel conf file - /etc/stunnel/nf cert = /etc/cert/private.pem Related files on the client side (localhost):
Redis server stunnel conf file - redis/nf cert = /etc/certs/private.pem nginx is a web server and it can be used as reverse proxy and therefore act as TLS terminator. stud is a recent attempt to write a simple TLS terminator which is efficient and scalable. Redis server redis conf file - redis/conf/nf. stunnel is the oldest one and uses a threaded model. Redis container Dockerfile FROM redis:5-alpine home/avner/avner/redis/conf:/etc/redis Related files on the redis server Docker side:ĭocker-compose file (my webapp includes multiple services, but to for simplification I removed all services except for the redis container): version: '3'Ĭommand: sh -c "stunnel /stunnel_nf & /usr/local/bin/redis-server /etc/redis/nf" I successfully tested the connection from my localhost to the redis docker container, by invoking redis-cli from localhost (via stunnel) to the redis docker container, using the following call from the localhost: redis-cli -h 127.0.0.1 -p 6381 verify 1 Verify the certificate, if present. I followed this tutorial to set redis with ssl and this tutorial to set redis with ssl via stunnel in Docker container. Stunnel has 3 methods for checking certificates, which are controlled by the verify option: Do not Verify Certificates If no verify argument is given, then stunnel will ignore any certificates offered and will allow all connections. How do I configure and run redis with ssl? Note that when I run without ssl connection in the web and celery containers, the connection is fine.
#Use stunnel for tls how to#
I adjusted the web, and celery containers for secure connection.īut I don't know how to configure the Redis container for secure connection with ssl When using one of those Linux distributions, mounting an Amazon EFS file system using TLS fails.
Note that some versions of Linux don't include a version of stunnel that supports these TLS features by default. which requires secured ssl communication. The Amazon EFS mount helper uses the stunnel program for its TLS functionality. In my case I am operating in a Docker environment, and I have a secured site (i.e.
0 kommentar(er)
