To establish encrypted communication between Redis masters and slaves, we recommend using stunnel. Stunnel serves as a TLS encryption wrapper between the client and server.
This tutorial provides a detailed explanation of installing and configuring
stunnel proxies on both the FreeBSD client and server.
Although the configuration procedures for other operating systems are quite similar, this tutorial focuses on replication to a single client host to simplify the process. This configuration does not require individual pre-shared keys for each client.
Assuming we have 3 Redis instances on both
client, listening sockets on the
server (master side):
|instance||Redis socket||stunnel socket|
redis instance should not be mirrored, we will replicate the
bayes instances. Consequently, we need to set up two TLS tunnels.
First install the
# pkg install stunnel
Create pid-file directory:
# mkdir /var/run/stunnel && chown stunnel:stunnel /var/run/stunnel
stunnel add the following lines to the
setuid = stunnel setgid = nogroup pid = /var/run/stunnel/stunnel.pid [bayes] accept = 6478 connect = 6378 ciphers = PSK PSKsecrets = /usr/local/etc/stunnel/psk.txt [fuzzy] accept = 6477 connect = 6377 ciphers = PSK PSKsecrets = /usr/local/etc/stunnel/psk.txt
setuid = stunnel setgid = nogroup pid = /var/run/stunnel/stunnel.pid [bayes] client = yes accept = localhost:6478 connect = master.example.com:6478 ciphers = PSK PSKsecrets = /usr/local/etc/stunnel/psk.txt [fuzzy] client = yes accept = localhost:6477 connect = master.example.com:6477 ciphers = PSK PSKsecrets = /usr/local/etc/stunnel/psk.txt
psk.txt file contains one line for each client:
Do not use example passwords.
Since both the
fuzzy Redis instances are located on the same host, we can use the same key for both of them.
Considering that this file contains sensitive information, it is crucial to maintain its secrecy by setting secure permissions on it:
# chmod 600 /usr/local/etc/stunnel/psk.txt
# service stunnel start
From the client host use the
redis-cli utility to connect to the remote instances:
# redis-cli -p 6477 # redis-cli -p 6478
Now that the connection is established, you are ready to proceed with configuring replication between the Redis instances. You can follow the instructions provided in the Redis replication configuration guide.