Recently we faced an issue with an AWS ElastiCache Redis instance when trying to test the connections from EC2 Instance using Redis CLI, we faced the following error
$ ./redis-cli -c -h my-redis-server -p 6379 my-redis-server:6379> set a “hello” Error: Connection reset by peer
On investigation, we found that the ElastiCache Redis Instance is using Encryption in-transit and Encryption at-rest and by design, the Redis CLI is not compatible with the encryption.
The solution to test the connectivity and to use the Redis CLI with ElastiCache In-Transit encryption, we needed to configure ‘stunnel’
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code
With stunnel client would create a SSL tunnel to the Redis nodes and use redis-cli to connect through the tunnel to access data from encrypted redis nodes.
Here is how to setup everything, we are using Amazon Linux in this example but same steps should work on Redhat Linux
1. Install stunnel
sudo yum install stunnel -y
2. Configure SSL tunnel for redis-cli
sudo vi /etc/stunnel/redis-cli.confSet the following properties in redis-cli.conf file
fips = no setuid = root setgid = root pid = /var/run/stunnel.pid debug = 7 options = NO_SSLv2 options = NO_SSLv3 [redis-cli] client = yes accept = 127.0.0.1:6379 connect = my-redis-server:6379
3. Start Stunnel
sudo stunnel /etc/stunnel/redis-cli.conf
4. Verify the tunnel is running
sudo netstat -tulnp | grep -i stunnelYou might see following output from the above command
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1314 stunnel
5. Last is to connect to Redis cluster using Redis CLI using SSL tunnel (Yes it is connecting using localhost tunnel)
redis-cli -h localhost -p 6379
Note: To install Redis CLI on Linux check this AWS documentation
6. Run few Redis commands to see if it works
$ ./redis-cli -h localhost -p 6379 localhost:6379> set a hello OK localhost:6379> get a "hello" localhost:6379>
Hope you find this post useful, please leave a comment and let us know what topics you would like to see.