Written by Tejaswee Das, Sr. Software Engineer, Powerupcloud Technologies
Collaborator: Layana Shrivastava, Software Engineer
This blog will guide you through the steps to connect to a SSL enabled remote Azure Redis Cache from redis-cli. We will demonstrate how to achieve this connectivity in both Windows & Linux systems.
While connecting to a non-SSL redis might be straight forward, works great for Dev & Test Environments, but for higher environments – Stage & Prod, security is something that should always be the priority. For that reason, it is advisable to use SSL enabled redis instances. The default non-SSL port is 6379 & SSL port is 6380.
Step 1: Connecting to non-SSL redis is easy
PS C:\Program Files\Redis> .\redis-cli.exe -h demo-redis-ssl.redis.cache.windows.net -p 6379 -a xxxxxxxx
Step 2: To connect to SSL redis, we will need to create a secure tunnel. Microsoft has recommended using Stunnel to achieve this. You can download the applicable package from the below link
We are using stunnel-5.57-win64-installer.exe here
2.1 Agree License and start installation
2.2 Specify User
2.3 Choose components
2.4 Choose Install Location
2.5 This step is optional. You can fill in details or just press Enter to continue.
Choose FQDN as localhost
2.6 Complete setup and start stunnel
2.7 On the bottom task bar, right corner, click on (green dot icon) → Edit Configuration
2.8 Add this block in the config file. You can add it at the end.
[redis-cli] client = yes accept = 127.0.0.1:6380 connect = demo-redis-ssl.redis.cache.windows.net:6380
2.9 Open Stunnel again from the taskbar → Right click → Reload Configuration to effect the changes. Double click on the icon and you can see
Step 3: Go back to your redis-cli.exe location in Powershell and try connecting now
PS C:\Program Files\Redis> .\redis-cli.exe -p 6380 -a xxxxxxxx
Step 1: Installation & configuring Stunnel in Linux is pretty easy. Follow the below steps. You are advised to use these commands with admin privileges
1.1 Update & upgrade existing packages to the latest version.
- apt update
- apt upgrade -y
1.2 Install redis server. You can skip this if you already have redis-cli installed in your system/VM
- apt install redis-server
- To check redis status : service redis status
- If the service is not in active(running state): service redis restart
1.3 Install Stunnel for SSL redis
● apt install stunnel4 ● Open file /etc/default/stunnel4 --Enabled=1 (Change value from 0 to 1 to auto start service) ● Create redis conf for stunnel. Open /etc/stunnel/redis.conf with your favorite editor and add this code block [redis-cli] client = yes accept = 127.0.0.1:6380 connect = demo-redis-ssl.redis.cache.windows.net:6380 ● Check status: systemctl status stunnel4.service ● Restart stunnel service: systemctl restart stunnel4.service ● Reload configuration: systemctl reload stunnel4.service ● Restart: systemctl restart stunnel4.service ● Check status if running: systemctl status stunnel4.service
1.4 Check whether Stunnel is listening to connections
- Netstat -tlpn | grep
1.5 Try connecting to redis now
>redis-cli -p 6380 -a xxxxxxxx >PING PONG
Success! You are now connected.
So finally we are able to connect to SSL enabled redis from redis-cli.
This makes our infrastructure more secure.
Hope this was informative. Do leave you comments for any questions.