Connecting to Azure Cache (Redis) with redis-cli and stunnel
If you’re using Azure Cache for Redis (managed redis instances in Azure), chances are it’s set up for SSL-only connections.
In this case, you’ll find that any commands you send over redis-cli end up timing out:
redis-cli -h digital-test.redis.cache.windows.net -p 6380 -a [password]
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
digital-test.redis.cache.windows.net:6380> pingError: Server closed the connection
(233.57s)
This is because redis-cli doesn’t work with SSL connections. To get around this, you have the following options:
- Disable SSL-only configuration (not recommended due to security concerns)
- Connect using the Azure console
- Using stunnel to tunnel your redis connection over a TLS connection
The first 2 options require logging into Azure Portal, as well as a high level of permissions which you may not have (depending on whether Redis in your environment is managed by another team or not).
So I tend towards option 3 — stunnel with redis-cli.
Here’s how to set it up on Ubuntu (I’m using WSL2 on Windows 10).
1. Install required packages
Install stunnel and redis-tools (if not already installed)
# Update your system
sudo apt-get update
sudo apt-get upgrade -y# Install stunnel and redis-tools (redis-cli)
sudo apt-get install stunnel4 redis-tools
2. Configure stunnel to connect to Azure Cache
Create a new stunnel configuration:
sudo vim /etc/stunnel/azure-cache.conf
Add the following:
pid = /tmp/stunnel.pid
delay = yes
[redis-cli]
client = yes
accept = 127.0.0.1:8000
connect = digital-test.redis.cache.windows.net:6380
pid
: this is just a file which stores the process id (pid).delay = yes
: stunnel doens’t attempt to cache IP address
3. Start stunnel and connect
You’re now ready to start tunneling redis-cli connections over stunnel:
# Start stunnel
sudo service stunnel4 start# Connect to redis through stunnel
redis-cli -h localhost -p 8000 -a [yourpassword]# Test!
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
localhost:8000> ping
PONG
localhost:8000> set abc 123 EX 20
OK
localhost:8000> get abc
"123"