Azure Cache for Redis: Connecting to SSL enabled Redis from Redis-CLI in Windows & Linux

By October 13, 2020 Powerlearnings

Written by Tejaswee Das, Sr. Software Engineer, Powerupcloud Technologies

Collaborator: Layana Shrivastava, Software Engineer

Introduction

This blog will guide you through the steps to connect to a SSL enabled remote Azure Redis Cache from redis-cli. We will demonstrate how to achieve this connectivity in both Windows & Linux systems.

Use Case

While connecting to a non-SSL redis might be straight forward, works great for Dev & Test Environments, but for higher environments – Stage & Prod, security is something that should always be the priority. For that reason, it is advisable to use SSL enabled redis instances.  The default non-SSL port is 6379 & SSL port is 6380.

Windows

Step 1:  Connecting to non-SSL redis is easy

PS C:\Program Files\Redis> .\redis-cli.exe -h demo-redis-ssl.redis.cache.windows.net -p 6379 -a xxxxxxxx

Step 2:  To connect to SSL redis, we will need to create a secure tunnel. Microsoft has recommended using Stunnel to achieve this. You can download the applicable package from the below link

https://www.stunnel.org/downloads.html

We are using stunnel-5.57-win64-installer.exe here

2.1 Agree License and start installation

2.2 Specify User

2.3 Choose components

2.4 Choose Install Location

2.5 This step is optional. You can fill in details or just press Enter to continue.

Choose FQDN as localhost

2.6 Complete setup and start stunnel

2.7 On the bottom task bar, right corner, click on  (green dot icon) → Edit Configuration

2.8 Add this block in the config file. You can add it at the end.

[redis-cli]
client = yes
accept = 127.0.0.1:6380
connect = demo-redis-ssl.redis.cache.windows.net:6380

2.9 Open Stunnel again from the taskbar → Right click → Reload Configuration to effect the changes. Double click on the icon and you can see

Step 3: Go back to your redis-cli.exe location in Powershell and try connecting now

PS C:\Program Files\Redis> .\redis-cli.exe -p 6380 -a xxxxxxxx

Linux

Step 1:  Installation & configuring Stunnel in Linux is pretty easy. Follow the below steps. You are advised to use these commands with admin privileges

1.1 Update & upgrade existing packages to the latest version.

  • apt update
  • apt upgrade -y

1.2 Install redis server. You can skip this if you already have redis-cli installed in your system/VM

  • apt install redis-server
  • To check redis status : service redis status
  • If the service is not in active(running state): service redis restart

1.3 Install Stunnel for SSL redis

●    apt install stunnel4
●    Open file /etc/default/stunnel4
--Enabled=1 (Change value from 0 to 1 to auto start service)
●       Create redis conf for stunnel. Open /etc/stunnel/redis.conf with your favorite editor and add this code block
 
[redis-cli]
client = yes
accept = 127.0.0.1:6380
connect = demo-redis-ssl.redis.cache.windows.net:6380
●       Check status: systemctl status stunnel4.service
●       Restart stunnel service: systemctl restart stunnel4.service
●       Reload configuration: systemctl reload stunnel4.service
●       Restart: systemctl restart stunnel4.service
●       Check status if running: systemctl status stunnel4.service

1.4 Check whether Stunnel is listening to connections

  • Netstat -tlpn | grep

1.5 Try connecting to redis now

>redis-cli -p 6380 -a xxxxxxxx
>PING
PONG

Success! You are now connected.

Conclusion

So finally we are able to connect to SSL enabled redis from redis-cli.

This makes our infrastructure more secure.

Hope this was informative. Do leave you comments for any questions.

References

https://techcommunity.microsoft.com/t5/azure-paas-blog/connect-to-azure-cache-for-redis-using-ssl-port-6380-from-linux/ba-p/1186109

Leave a Reply