gasilmyi.blogg.se - Configuring stunnel

CONFIGURING STUNNEL HOW TO
CONFIGURING STUNNEL INSTALL
CONFIGURING STUNNEL SOFTWARE

CONFIGURING STUNNEL INSTALL

Install and Enable stunnel On Each Computer With the default configuration of the remote Redis server and a firewall active, we can’t currently connect to the remote Redis instance to test.

CONFIGURING STUNNEL SOFTWARE

All of the software we need is available in the redis-tools package in the default repository: The other Ubuntu 16.04 machine will function as the client. We will try to access this key from our client machine after configuring stunnel. We have set the test key to the value success. If you already have one or both of these configured, feel free to skip ahead. Install the Redis Server and Client Packagesīefore we begin, we should have the Redis server installed on one machine and the client packages available on the other. With these characteristics in mind, let’s get started.

If connecting two Redis servers for replication or clustering, two tunnels must be configured on each machine for server-to-server communication (one for outbound and one for inbound traffic).

Clients connect to the remote machine by attaching to a non-default local port, which may be unintuitive at first.

This might be a disadvantage in some situations, but it provides granular control over access.

A new tunnel is used for each purpose.

Configuration is straight-forward and intuitive.

Ubuntu includes an init script to automatically start the process at boot.

Ubuntu maintains packages for stunnel in its default repositories.

On the server side, stunnel listens on the configured port and decrypts traffic before forwarding it to a local port (in our case, the port that the Redis server listens on). The client connects to a local port and stunnel wraps it in encryption before forwarding it to the remote server. It enables encrypted forwarding between two machines. What is stunnel?įor basic encrypted communication, the stunnel utility is simple to install and configure. When you are ready to continue, follow along below. You can follow our Ubuntu 16.04 initial server setup guide to fulfill these requirements. Additionally, this guide will assume that you have a basic firewall in place. To get started, you should have a non-root user with sudo privileges configured on each of your machines. We will be using two Ubuntu 16.04 servers to demonstrate. Traffic between Redis clients and servers will be routed through a dedicated SSL encrypted tunnel.

CONFIGURING STUNNEL HOW TO

In this guide, we will demonstrate how to encrypt Redis traffic using a secure tunneling program called stunnel. If your environment does not match that assumption, you will have to wrap Redis traffic in encryption separately.

It operates under the assumption that it has been deployed to an isolated private network, accessible only to trusted parties. Redis does not provide any encryption capabilities of its own. Redis has clients written in most languages with recommended ones featured on their website.

It features transactions, a pub/sub messaging pattern, and automatic failover among other functionality. Redis is an open-source key-value data store, using an in-memory storage model with optional disk writes for persistence.