介绍 (Introduction)
A managed Redis instance can provide benefits like high availability and automated updates. However, any time you make a connection to a remote database server, you run the risk of malicious actors sniffing the sensitive information you send to it.
托管Redis实例可以提供诸如高可用性和自动更新之类的好处。 但是,无论何时与远程数据库服务器建立连接,都存在着恶意行为者嗅探发送给它的敏感信息的风险。
redis-cli, the Redis command line interface, doesn’t natively support connections over TLS, a cryptographic protocol that allows for secure communications over a network. This means that without further configuration, redis-cli is not a secure way to connect to a remote Redis server. One way to establish a secure connection to a managed Redis instance is to create a tunnel that uses the TLS protocol.
Redis命令行界面redis-cli本身不支持TLS上的连接, TLS是一种允许通过网络进行安全通信的加密协议。 这意味着,如果没有进一步的配置, redis-cli并不是连接到远程Redis服务器的安全方法。 建立与托管Redis实例的安全连接的一种方法是创建使用TLS协议的隧道 。
Stunnel is an open-source proxy used to create secure tunnels, allowing you to communicate with other machines over TLS. In this guide, we will walk through installing and configuring stunnel so you can connect to a managed Redis instance over TLS with redis-cli.
Stunnel是用于创建安全隧道的开源代理,允许您通过TLS与其他计算机进行通信。 在本指南中,我们将逐步完成安装和配置tunnel的过程,以便您可以使用redis-cli通过TLS连接到托管Redis实例。
先决条件 (Prerequisites)
To complete this guide, you will need:
要完成本指南,您将需要:
Access to an Ubuntu 18.04 server. This server should have a non-root user with administrative privileges and a firewall configured with
ufw. To set this up, follow our initial server setup guide for Ubuntu 18.04.访问Ubuntu 18.04服务器。 该服务器应具有具有管理特权的非root用户,并应使用
ufw配置防火墙。 要进行设置,请遵循我们针对Ubuntu 18.04的初始服务器设置指南 。A managed Redis database instance. The steps outlined in this tutorial were tested on a DigitalOcean Managed Redis Database, though they should generally work for managed databases from any cloud provider. To provision a DigitalOcean Managed Redis Database, follow our Managed Redis product documentation.
托管Redis数据库实例。 本教程中概述的步骤已在DigitalOcean托管Redis数据库上进行了测试,尽管它们通常应适用于任何云提供商的托管数据库。 要配置DigitalOcean托管Redis数据库,请遵循我们的Managed Redis产品文档 。
第1步-安装Stunnel和redis-cli (Step 1 — Installing Stunnel and redis-cli)
When you install a Redis server, it usually comes packaged with redis-cli. However, you can install redis-cli without the Redis server by installing the redis-tools package from the default Ubuntu repositories. You can also install stunnel from the default Ubuntu repositories by downloading the stunnel4 package.
当您安装Redis服务器时,它通常与redis-cli打包在一起。 但是,您可以通过从默认的Ubuntu存储库安装redis-tools软件包来在没有Redis服务器的情况下安装redis-cli 。 您还可以通过下载stunnel4软件包从默认的Ubuntu存储库中安装stunnel。
First, update your server’s package index if you’ve not done so recently:
首先,如果您最近没有更新服务器的软件包索引,请执行以下操作:
- sudo apt update sudo apt更新
Then install the redis-tools and stunnel4 packages with APT:
然后使用APT安装redis-tools和stunnel4软件包:
- sudo apt install redis-tools stunnel4 sudo apt安装redis-tools stunnel4
When prompted, press ENTER to confirm that you want to install the packages.
出现提示时,请按ENTER以确认您要安装软件包。
You can check whether stunnel was installed correctly and its systemd service is working by running the following command:
您可以通过运行以下命令来检查stunnel是否正确安装及其系统服务是否正常运行:
- sudo systemctl status stunnel4 sudo systemctl状态stunnel4
Output
● stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)
Loaded: loaded (/etc/init.d/stunnel4; generated)
Active: active (exited) since Thu 2019-09-12 14:34:05 UTC; 8s ago
最低0.47元/天 解锁文章
2437
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
