{"id":5226,"date":"2020-01-07T06:06:14","date_gmt":"2020-01-07T06:06:14","guid":{"rendered":"https:\/\/cloudkul.com\/blog\/?p=5226"},"modified":"2020-01-07T06:54:16","modified_gmt":"2020-01-07T06:54:16","slug":"secure-redis-client-and-server-with-stunnel","status":"publish","type":"post","link":"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/","title":{"rendered":"Securing Redis Client and Server with Stunnel"},"content":{"rendered":"

INTRODUCTION<\/strong><\/h2>\n

 <\/p>\n

Redis is an open-source key-value data store, using an in-memory storage model with optional disk writes for persistence.<\/p>\n

Stunnel is an open-source multi-platform application used to provide a universal TLS\/SSL tunneling service. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. Therefore the stunnel application is a SSL encryption wrapper that can tunnel unencrypted traffic (like redis) through a SSL encrypted tunnel to another server.<\/p>\n

 <\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Setting up the server host :-<\/em><\/h2>\n

 <\/p>\n

Step 1: Install the redis-server<\/strong><\/p>\n

Install redis-server. After installation we will change the password in the redis configuration. For better security we will enable password which requires all clients to authenticate before being able to pull or put data from the redis instance.<\/p>\n

apt-get install redis-server\r\nvim \/etc\/redis\/redis.conf\r\nrequirepass <yourpass><\/pre>\n
 <\/p>\n
Step 2: Restart the redis service<\/strong><\/p>\n
In order for our configuration changes to take effect we will need to restart the redis service.<\/p>\n
\/etc\/init.d\/redis-server restart<\/pre>\n
 <\/p>\n
Step 3: Install Stunnel<\/strong><\/p>\n
Redis is start and running now we will install Stunnel.<\/p>\n
apt-get install stunnel4<\/pre>\n
 <\/p>\n
Step 4: Start Stunnel on boot<\/strong><\/p>\n
Stunnel doesn’t start on boot. To start Stunnel on boot make changes in the below file.<\/p>\n
vim \/etc\/default\/stunnel4\r\nENABLED=1<\/pre>\n
 <\/p>\n
Step 5: Creating a self-signed Certificate<\/strong><\/p>\n
Stunnel requires a certificate to use for client to server communication.<\/p>\n
 <\/p>\n
a) <\/strong>Generating a key:<\/em><\/p>\n
First we will create a private key. Use openssl to create a 4096 bit RSA key.<\/p>\n
 <\/p>\n
openssl genrsa -out \/etc\/stunnel\/key.pem 4096<\/pre>\n
 <\/p>\n
b)<\/strong> Creating the Certificate:<\/em><\/p>\n
We will now create a certificate. While generating the certificate we will be asked a series of questions; the answers provided are used to prove the validity of the certificate.<\/p>\n
 <\/p>\n
openssl req -new -x509 -key \/etc\/stunnel\/key.pem -out \/etc\/stunnel\/cert.pem -days 1826\r\n\r\nYou are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter '.', the field will be left blank.\r\n-----\r\nCountry Name (2 letter code) [AU]:US\r\nState or Province Name (full name) [Some-State]:Arizona\r\nLocality Name (eg, city) []:Phoenix\r\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:cloudkul.com\r\nOrganizational Unit Name (eg, section) []:\r\nCommon Name (e.g. server FQDN or YOUR name) []:sh.com\r\nEmail Address []:testing@example.com<\/pre>\n
 <\/p>\n
Combine both the key and certificate into a single file for stunnel to use. We will also change the file permissions .<\/p>\n
 <\/p>\n
cat \/etc\/stunnel\/key.pem \/etc\/stunnel\/cert.pem > \/etc\/stunnel\/private.pem\r\nchmod 640 \/etc\/stunnel\/key.pem \/etc\/stunnel\/cert.pem \/etc\/stunnel\/private.pem<\/pre>\n
 <\/p>\n
Step 6: Configure the stunnel<\/strong><\/p>\n
We will create a file named redis-server.conf<\/code>and place our configuration within it.<\/p>\n
vim \/etc\/stunnel\/redis-server.conf\r\n\r\ncert = \/etc\/stunnel\/private.pem\r\npid = \/var\/run\/stunnel.pid\r\n[redis]\r\naccept = <yourexteronalip>:6379\r\nconnect = 127.0.0.1:6379<\/pre>\n
 <\/p>\n
By default redis listens to the localhost IP 127.0.0.1 on port 6379 . Our configuration has stunnel accept connections on the external IP and forward the connections to the redis instance listening on 127.0.0.1<\/p>\n
 <\/p>\n
Step 7: Starting Stunnel<\/strong><\/p>\n
After the configuration file is in place we will start stunnel.<\/p>\n
\/etc\/init.d\/stunnel4 start<\/pre>\n
 <\/p>\n
Setting up the client host :-<\/em><\/h2>\n
 <\/p>\n
Step 8: Installing redis-cli<\/strong><\/p>\n
Install the redis-cli tool. You would not need to install redis-server.<\/p>\n
apt-get install redis-cli<\/pre>\n
 <\/p>\n
Step 9: Install Stunnel<\/strong><\/p>\n
Install stunnel on the client.<\/p>\n
apt-get install stunnel4<\/pre>\n
 <\/p>\n
Step 10: Start stunnel on boot<\/strong><\/p>\n
To have stunnel start on boot we will need to edit the \/etc\/default\/stunnel4 file.<\/p>\n
vim \/etc\/default\/stunnel4\r\n\r\nENABLED=1<\/pre>\n
 <\/p>\n
Step 11: Copy the certificate file from server to client<\/strong><\/p>\n
In order to establish an SSL connection we will need the private.pem file that we generated on the server host. Copy the private.pem file from server host to client host.<\/p>\n
chmod 640 \/etc\/stunnel\/private.pem<\/pre>\n
 <\/p>\n
Step 12: Configure the stunnel client<\/strong><\/p>\n
To specify this stunnel instance is a client we will add client=yes to the configuration.<\/p>\n
vim \/etc\/stunnel\/redis-client.conf\r\n\r\ncert = \/etc\/stunnel\/private.pem\r\nclient = yes\r\npid = \/var\/run\/stunnel.pid\r\n[redis]\r\naccept = 127.0.0.1:6379\r\nconnect = <serverip>:6379<\/pre>\n
Stunnel listens locally on port 6379 and forward connections to the server host IP with port 6379.<\/p>\n
 <\/p>\n
Step 13: Start stunnel\u00a0<\/strong><\/p>\n
Start stunnel service<\/p>\n
\/etc\/init.d\/stunnel4 start<\/pre>\n
 <\/p>\n
Step 14: Testing the connection<\/strong><\/p>\n
Both the server and client hosts have stunnel installed and a SSL tunnel established. Test the connection by using the redis-cli command to connect to localhost on the client.<\/p>\n
redis-cli -h localhost \r\nredis localhost:6379> auth <yourpass>\r\nOK<\/pre>\n
 <\/p>\n
As a result when a client on the client host connects to port 6379 locally it will be forwarded through the SSL tunnel that stunnel has created with the server host and redirected to the redis instance running on server. To setup an application to call this instance you would simply install the application on the client host and have it connect to redis on localhost.<\/p>\n
 <\/p>\n
In case of any help or query, please contact<\/a> us <\/em>or raise a ticket<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
INTRODUCTION   Redis is an open-source key-value data store, using an in-memory storage model with […]<\/a><\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[32,2,25],"tags":[16,3,27,246],"yoast_head":"\nSecuring Redis Client and Server with Stunnel - Cloudkul<\/title>\n<meta name=\"description\" content=\"In this blog we will discuss about how redis client and server can be secured by using stunnel. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Redis Client and Server with Stunnel - Cloudkul\" \/>\n<meta property=\"og:description\" content=\"In this blog we will discuss about how redis client and server can be secured by using stunnel. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/\" \/>\n<meta property=\"og:site_name\" content=\"Cloudkul\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-07T06:06:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-07T06:54:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cloudkul.com\/blog\/wp-content\/uploads\/2020\/01\/redis1-300x100.png\" \/>\n<meta name=\"author\" content=\"Shubhangi Priyadarshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/\",\"url\":\"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/\",\"name\":\"Securing Redis Client and Server with Stunnel - Cloudkul\",\"isPartOf\":{\"@id\":\"https:\/\/cloudkul.com\/blog\/#website\"},\"datePublished\":\"2020-01-07T06:06:14+00:00\",\"dateModified\":\"2020-01-07T06:54:16+00:00\",\"author\":{\"@id\":\"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/d28de492418b09a7015ef4f742f5d2ad\"},\"description\":\"In this blog we will discuss about how redis client and server can be secured by using stunnel. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.\",\"breadcrumb\":{\"@id\":\"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cloudkul.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing Redis Client and Server with Stunnel\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cloudkul.com\/blog\/#website\",\"url\":\"https:\/\/cloudkul.com\/blog\/\",\"name\":\"Cloudkul\",\"description\":\"Host your eCommerce Store on AWS with Optimized Performance\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cloudkul.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/d28de492418b09a7015ef4f742f5d2ad\",\"name\":\"Shubhangi Priyadarshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/079a268ffe2d3b318f1484ef9736eab8?s=96&d=https%3A%2F%2Fs.gravatar.com%2Favatar%2F6148c37469011bc2f8e491ca8f5de495%3Fs%3D80&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/079a268ffe2d3b318f1484ef9736eab8?s=96&d=https%3A%2F%2Fs.gravatar.com%2Favatar%2F6148c37469011bc2f8e491ca8f5de495%3Fs%3D80&r=g\",\"caption\":\"Shubhangi Priyadarshini\"},\"url\":\"https:\/\/cloudkul.com\/blog\/author\/shubhangi-priyadarshini350\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing Redis Client and Server with Stunnel - Cloudkul","description":"In this blog we will discuss about how redis client and server can be secured by using stunnel. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/","og_locale":"en_US","og_type":"article","og_title":"Securing Redis Client and Server with Stunnel - Cloudkul","og_description":"In this blog we will discuss about how redis client and server can be secured by using stunnel. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.","og_url":"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/","og_site_name":"Cloudkul","article_published_time":"2020-01-07T06:06:14+00:00","article_modified_time":"2020-01-07T06:54:16+00:00","og_image":[{"url":"https:\/\/cloudkul.com\/blog\/wp-content\/uploads\/2020\/01\/redis1-300x100.png"}],"author":"Shubhangi Priyadarshini","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/","url":"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/","name":"Securing Redis Client and Server with Stunnel - Cloudkul","isPartOf":{"@id":"https:\/\/cloudkul.com\/blog\/#website"},"datePublished":"2020-01-07T06:06:14+00:00","dateModified":"2020-01-07T06:54:16+00:00","author":{"@id":"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/d28de492418b09a7015ef4f742f5d2ad"},"description":"In this blog we will discuss about how redis client and server can be secured by using stunnel. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.","breadcrumb":{"@id":"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cloudkul.com\/blog\/secure-redis-client-and-server-with-stunnel\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cloudkul.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Securing Redis Client and Server with Stunnel"}]},{"@type":"WebSite","@id":"https:\/\/cloudkul.com\/blog\/#website","url":"https:\/\/cloudkul.com\/blog\/","name":"Cloudkul","description":"Host your eCommerce Store on AWS with Optimized Performance","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudkul.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/d28de492418b09a7015ef4f742f5d2ad","name":"Shubhangi Priyadarshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/079a268ffe2d3b318f1484ef9736eab8?s=96&d=https%3A%2F%2Fs.gravatar.com%2Favatar%2F6148c37469011bc2f8e491ca8f5de495%3Fs%3D80&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/079a268ffe2d3b318f1484ef9736eab8?s=96&d=https%3A%2F%2Fs.gravatar.com%2Favatar%2F6148c37469011bc2f8e491ca8f5de495%3Fs%3D80&r=g","caption":"Shubhangi Priyadarshini"},"url":"https:\/\/cloudkul.com\/blog\/author\/shubhangi-priyadarshini350\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/posts\/5226"}],"collection":[{"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/comments?post=5226"}],"version-history":[{"count":31,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/posts\/5226\/revisions"}],"predecessor-version":[{"id":5261,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/posts\/5226\/revisions\/5261"}],"wp:attachment":[{"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/media?parent=5226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/categories?post=5226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/tags?post=5226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}