如何使用 ssl 设置 Docker redis 容器 [英] How to set up a Docker redis container with ssl

问题描述

我正在关注本教程.

就我而言，我在 Docker 环境中运行，并且我有一个安全站点(即 https://localhost).这需要安全的 ssl 通信.

In my case I am operating in a Docker environment, and I have a secured site (i.e. https://localhost). which requires secured ssl communication.

为了安全连接，我调整了 web 和 celery 容器.
但是我不知道如何配置Redis容器以实现与ssl的安全连接
请注意，当我在 web 和 celery 容器中没有 ssl 连接的情况下运行时，连接很好.

I adjusted the web, and celery containers for secure connection.
But I don't know how to configure the Redis container for secure connection with ssl
Note that when I run without ssl connection in the web and celery containers, the connection is fine.

如何使用 ssl 配置和运行 redis?

谢谢

我按照本教程使用ssl和设置redishref="https://github.com/madflojo/redis-tls-dockerfile" rel="nofollow noreferrer">本 教程，在 Docker 容器中通过 ssl 通过 ssl 设置 redis.

I followed this tutorial to set redis with ssl and this tutorial to set redis with ssl via stunnel in Docker container.

我成功地测试了从本地主机到 redis docker 容器的连接，方法是从本地主机(通过 stunnel)调用 redis-cli 到 redis docker 容器，使用来自本地主机的以下调用:

I successfully tested the connection from my localhost to the redis docker container, by invoking redis-cli from localhost (via stunnel) to the redis docker container, using the following call from the localhost:

redis-cli -h 127.0.0.1 -p 6381
127.0.0.1:6381> auth foobared
OK
127.0.0.1:6381> 

redis服务器Docker端相关文件:

docker-compose 文件(我的 webapp 包含多个服务，但为了简化起见，我删除了除 redis 容器之外的所有服务):

docker-compose file (my webapp includes multiple services, but to for simplification I removed all services except for the redis container):

version: '3'

services:
  redis:
    build:
      context: ./redis
      dockerfile: Dockerfile
    restart: always
    command: sh -c "stunnel /stunnel_take2.conf && /usr/local/bin/redis-server /etc/redis/redis.conf"
    expose:
      - '6379'
    ports:
     - "6379:6379"
    volumes:
      - /home/avner/avner/certs:/etc/certs
      - /home/avner/avner/redis/conf:/etc/redis

redis 容器 Dockerfile

FROM redis:5-alpine

RUN apk add --no-cache 
    stunnel~=5.56 
    python3~=3.8

COPY stunnel-redis-server.conf /

WORKDIR /

ENV PYTHONUNBUFFERED=1

redis 服务器 redis conf 文件 - redis/conf/redis.conf

redis server redis conf file - redis/conf/redis.conf

...
requirepass foobared
...

redis server stunnel conf 文件 - redis/stunnel-redis-server.conf

redis server stunnel conf file - redis/stunnel-redis-server.conf

cert = /etc/certs/private.pem
pid = /var/run/stunnel.pid

[redis]
accept = 172.19.0.2:6380
connect = 127.0.0.1:6379

客户端(本地主机)相关文件:

redis 客户端 stunnel conf 文件 -/etc/stunnel/redis-client.conf

redis client stunnel conf file - /etc/stunnel/redis-client.conf

cert = /etc/cert/private.pem
client = yes
pid = /var/run/stunnel.pid
[redis]
accept = 127.0.0.1:6381
connect = 172.19.0.2:6380

推荐答案

Redis 本身不提供 SSL，您必须自己提供.有一篇关于它的深入文章，您可以阅读和关注.或者，如果您想使用 Dockerized 解决方案，您可以使用现成的图像，例如 这个 或 这个.在设置 Celery 以通过 SSL 使用 Redis 时，只需遵循 文档.

Redis doesn't provide SSL by itself, you have to do it yourself. There's an in-depth post about it which you can read and follow. Or, if you want to use a Dockerized solution, you can use ready images like this one or this one. When it comes to setting up Celery to work with Redis over SSL, just follow the documentation.

这篇关于如何使用 ssl 设置 Docker redis 容器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！