Remote Redis Connection Using Stunnel
When you are connecting to a remote Redis server but you are unable to execute any queries because of the ‘connection reset by peer’ exception that is because your server is non-SSL aware.
What is Stunnel
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code.
Installing Stunnel
In Mac
The easiest way to install Stunnel on Mac is to use Homebrew. If you don't have Homebrew, please follow the instructions here to install Homebrew.
Once you have Homebrew installed, execute the below command from the terminal
$ brew install stunnel
In Windows
Download the Windows binary file from Stunnel.org. Double-click on the executable and install using the default values
Certificate Configuration
Stunnel requires a pem file, regardless of whether or not the data is used. You can use the automatically generated one if you don’t need to present the key.
Configure Stunnel to use Redis remote server
- Go to the stunnel configuration location, in Mac it is /usr/local/etc/stunnel
- Edit the stunnel.conf file or create one if it is not present
- Add the below details and save
fips = no
setuid = <<your user id, you may find using whoami or give as root>
setgid = <<your group id, you may find by executing id commnad on your terminal>>
pid = /var/run/stunnel.pid
debug = 7
options = NO_SSLv2
options = NO_SSLv3
[redis-cli]
client = yes
accept = 127.0.0.1:6379
connect = <<your remote redis host name>>:<<your remote redis por>>
4. Start stunnel
$ stunnel
5. Connect to your remote Redis server using 127.0.0.1:6379 since you bind your remote to localhost
How to Add Multiple Redis Configurations?
Modify your stunnel.conf file like below,
fips = no
setuid = <<your user id, you may find using whoami or give as root>
setgid = <<your group id, you may find by executing id commnad on your terminal>>
pid = /var/run/stunnel.pid
debug = 7
options = NO_SSLv2
options = NO_SSLv3[redis-cli-dev]
client = yes
accept = 127.0.0.1:6379
connect = <<your remote redis host name>>:<<your remote redis por>>[redis-cli-test]
client = yes
accept = 127.0.0.1:6389 -- adding a new port number here
connect = <<your remote redis host name>>:<<your remote redis por>>