Stunnel for Redis SSL¶
Redis doesn’t support out-of-the-box encryption. Stunnel creates a secure connection for clients and servers that don’t support the SSL or TLS protocol.
Configuration¶
To configure stunnel with your ObjectRocket Redis instance, use the following steps:
- Download the certificate from Rackspace:
$ wget http://ssl.rackspaceclouddb.com/rackspace-ca-2021.pem
- Create a configuration file for stunnel.
client = yes
foreground = yes
debug = info
output = stunnel.log
[redis]
accept = 127.0.0.1:6380
connect = 3514468cec674d9c9b045d4a2b243b6c.publb.rackspaceclouddb.com:6380
TIMEOUTclose = 0
CAfile = /path/to/file/rackspace-ca-2021.pem
- Use the following command to start stunnel.
$ stunnel /path/to/file/stunnel.config
2016.04.14 16:49:31 LOG5[ui]: stunnel 5.31 on x86_64-apple-darwin15.3.0 platform
2016.04.14 16:49:31 LOG5[ui]: Compiled/running with OpenSSL 1.0.2g 1 Mar 2016
2016.04.14 16:49:31 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2016.04.14 16:49:31 LOG5[ui]: Reading configuration from file /path/to/file/stunnel.config
2016.04.14 16:49:31 LOG5[ui]: UTF-8 byte order mark not detected
2016.04.14 16:49:31 LOG5[ui]: FIPS mode disabled
2016.04.14 16:49:31 LOG6[ui]: Initializing service [redis]
2016.04.14 16:49:31 LOG4[ui]: Service [redis] uses "verify = 2" without subject checks
2016.04.14 16:49:31 LOG4[ui]: Use "checkHost" or "checkIP" to restrict trusted certificates
2016.04.14 16:49:31 LOG5[ui]: Configuration successful
- Open another terminal window, and connect to redis on the local machine:
$ redis-cli -h localhost -p 6380 -a <password>
localhost:6380> ping
PONG
Stunnel is now configured.