Setup Redis with TLS using Docker
Configuring Redis with SSL is a cumbersome task. Learn how to do it in 5 minutes.
Recently, I was trying to set up Redis for a production environment and I must say it was a bumpy ride. I ran into a lot of problems while setting up TLS.
If you don't know What is Redis?
Redis is an open-source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. - redis.io
In this guide, I will show you how you can set up Redis w/ TLS using Docker. The TLS part can be used for standalone installation. But bear in mind, you will need to build Redis from the source in order to use TLS in standalone mode.
So, let's get started.
- Docker installed.
- Docker Compose Installed.
- A client to test the Redis installation. I recommend, github.com/ekvedaras/redis-gui. It's simple but feel free to use whatever you like.
Running the Redis container
Let's run the Redis container without TLS first -
Create a file
compose.yml and paste the content below.
compose.yml file we are doing
- Specifying an image to run. Here I picked
binamiimage instead of the official docker image since it has the ability to run with TLS without needing to be built from the source.
- Specifying the
port6379 and a docker volume to persist the data.
- Setting some environment variables
Let's run the container
docker-compose up -d
Your container should be up and running. You should be able to connect to your Redis instance by using
Redis GUI or any other client. Make sure you do not specify any TLS options as we will come to that later in this guide.
In order to run Redis with TLS, we need to supply our own SSL certificate. You can buy one or for this use case we don't need to buy but generate our own self-signed certificate for both our Redis instance and the client connecting to it. This was the part that was most troublesome for me.
This might be confusing but bear with me and it should be fine.
We can do this step manually but since on the Redis GitHub repository, there is a script that generates some certificates for our use case, we will use that.
Once the script is downloaded, let's run it by
The script will create a
tests/tls folder, which contains all the certificates we will need.
Additionally, you can modify the script to add your organization name, fqdn, and other important parameters for the SSL certificate. Go ahead and take a look at the files in that directory.
We're interested in the below files -
Let's go to the next step, which is to update our
compose.yml file and include these certificate files to tell Redis to start with TLS.
Let's tell Redis container about the above files by specifying them as environment variables. Here, the best part of
bitnami image is you can do start the container with TLS without building the original redis image again.
compose.yml file to match below
Notice that we've specified the environment variable and specified a path (i.e. /tls/*) inside the container for cert files. And we mounted the cert files folder (i.e. ./tests/tls) to the container on the same path (i.e. /tls*).
Phew! That's it. Now we can run our container again and it will start with TLS enabled.
docker-compose up -d
Now, test with your client. You will need to configure your client to use our self-signed client certificate and ca certificate to connect.
Feel free to ask if you face any problems on the way.