Help Center> Distributed Cache Service> User Guide> Accessing a DCS Redis Instance> Public Access to a DCS Redis 3.0 Instance (Discontinued)> Step 3: Access a DCS Redis Instance in Linux
Updated on 2024-06-20 GMT+08:00
View PDF

Step 3: Access a DCS Redis Instance in Linux

This section describes how to access a DCS Redis 3.0 instance over a public network by using redis-cli in Linux.

Public access helps R&D personnel establish local environment for development or testing, improving development efficiency. However, in the production environment (official environment), access a DCS Redis instance through a VPC to ensure efficient access.

Prerequisites

Before using redis-cli to access a DCS Redis instance over a public network, ensure that:

  • The instance version is Redis 3.0 and public access has been enabled.
  • If certificates are required for accessing the DCS instance, download the certificate from the DCS instance details page.

Connecting to Redis with SSL Encryption

  1. Ensure that the security group rule allows public access through port 36379.

    When SSL encryption is enabled, allow public access through port 36379. Ensure that the Stunnel client has been installed.

    Figure 1 Security group rule (port 36379)

  2. Obtain the public access address and the certificates of the instance on the instance Basic Information page.

    • The public access address is displayed in the Connection section.
    • The certificates can be downloaded by clicking Download Certificate for Public Access in the Connection section. After decompression, you will obtain dcs-ca.cer (the public key certificate in binary format) and dcs-ca-bundle.pem (the certificate file in text format).
    Figure 2 Viewing the public access address (SSL enabled; port 36379)

  3. Log in to the local Linux device.
  4. Install the Stunnel client.

    Use either of the following methods to install Stunnel.

    Installation methods apt and yum are recommended. Any common Linux OSs should support at least one of these installation methods.

    • apt-get method:

      apt-get is used to manage DEB software packages and applicable to Debian OSs such as Ubuntu. Run the following command to install Stunnel:

      apt install stunnel or apt-get install stunnel

      If you cannot find Stunnel after running the command, run the apt update command to update the configuration and then install Stunnel again.

    • yum method:

      yum is used to manage RPM software packages and applicable to OSs such as Fedora, CentOS, and Red Hat. Run the following command to install Stunnel:

      yum install stunnel

  5. Open the Stunnel configuration file stunnel.conf.

    • If Stunnel is installed using apt-get, the configuration file is stored at the /etc/stunnel/stunnel.conf directory by default.

      If this directory does not exist or no configuration file exists in it, add a directory or configuration file.

    • If Stunnel is installed using yum, the configuration file is stored at the /usr/local/stunnel/stunnel.conf directory by default.

      If this directory does not exist or no configuration file exists in it, add a directory or configuration file.

    • If you are not sure where to store the configuration file, enter the stunnel command after the installation to view the directory for storing the configuration file.
    • The configuration file can be stored in any directory. Specify this configuration file when starting Stunnel.

  6. Add the following content to the configuration file stunnel.conf, and then save and exit.

    debug = 4
output = /var/log/stunnel.log
sslVersion = all
[redis-client]
client = yes
accept = 8000
connect = {public access address}
CAfile = /etc/stunnel/dcs-ca.cer
    Modify the following parameters as required and leave other parameters unchanged:
    • client: indicates Stunnel. The fixed value is yes.
    • CAfile: specifies a CA certificate, which is optional. If a CA certificate is required, download and decompress the certificate dcs-ca.cer as instructed in 2. If it is not required, delete this parameter.
    • accept: specifies the user-defined listening port number of Stunnel. Specify this parameter when accessing a DCS instance by using a Redis client.
    • connect: specifies the forwarding address and port number of Stunnel. Set this parameter to the instance public access address obtained in 2.

    The following is a configuration example:

    [redis-client]
client = yes
CAfile = D:\tmp\dcs\dcs-ca.cer
accept = 8000
connect = 49.**.**.211:36379

  7. Run the following commands to start Stunnel:

    stunnel /{customdir}/stunnel.conf

    In the preceding command, {customdir} indicates the customized storage directory for the stunnel.conf file described in 5. The following is a command example:

    stunnel /etc/stunnel/stunnel.conf

    For the Ubuntu OS, run the /etc/init.d/stunnel4 start command to start Stunnel. The service or process name is stunnel4 for the Stunnel 4.x version.

    After starting the Stunnel client, run the ps -ef|grep stunnel command to check whether the process is running properly.

  8. Run the following command to check whether Stunnel is being listened:

    netstat -plunt |grep 8000|grep "LISTEN"

    8000 indicates the user-defined listening port number of Stunnel configured in the accept field in 6.

    If a line containing the port number 8000 is displayed in the returned result, Stunnel is running properly. When the Redis client connects to the address 127.0.0.1:8000, Stunnel will forward requests to the DCS Redis instance.

  9. Access the DCS Redis instance.

    1. Log in to the local Linux device.
    2. Run the following command to download the source code package of your Redis client from http://download.redis.io/releases/redis-5.0.8.tar.gz:

      wget http://download.redis.io/releases/redis-5.0.8.tar.gz

      You can also install the Redis client by running the following yum or apt command:

      • yum install redis
      • apt install redis-server
    3. Run the following command to decompress the source code package of your Redis client:

      tar -xzf redis-5.0.8.tar.gz

    4. Run the following commands to go to the Redis directory and compile the source code of your Redis client:

      cd redis-5.0.8

      make

    5. Run the following commands to access the chosen DCS Redis instance:

      cd src

      ./redis-cli -h 127.0.0.1 -p 8000

      In the preceding command:

      • The address following -h indicates the address of the Stunnel client, which is 127.0.0.1.
      • The port following -p is the listening port of the Stunnel client, which has been configured in the accept field in 6. 8000 is used an example.

      Do not use the public access address and port displayed on the console for the -h and -p parameters.

    6. Enter the password. You can read and write cached data only after the password is verified.

      auth {password}

      {password} indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

      You have successfully accessed the instance if the following command output is displayed:

      OK 
127.0.0.1:8000>

Connecting to Redis Without SSL Encryption

  1. Ensure that the security group rule allows public access through port 6379.

    When SSL encryption is disabled, the instance public access address can be accessed only if access through port 6379 is allowed.

    Figure 3 Security group rule (port 6379)

  2. Obtain the public access address of the instance.

    The public access address is displayed in the Connection section of the instance Basic Information page.
    Figure 4 Viewing the public access address (SSL disabled; port 6379)

  3. Log in to the local Linux device.
  4. Run the following command to download the source code package of your Redis client from http://download.redis.io/releases/redis-5.0.8.tar.gz:

    wget http://download.redis.io/releases/redis-5.0.8.tar.gz

    You can also install the Redis client by running the following yum or apt command:

    • yum install redis
    • apt install redis-server

  5. Run the following command to decompress the source code package of your Redis client:

    tar -xzf redis-5.0.8.tar.gz

  6. Run the following commands to go to the Redis directory and compile the source code of your Redis client:

    cd redis-5.0.8

    make

  7. Run the following commands to access the chosen DCS Redis instance:

    cd src

    ./redis-cli -h {public access address} -p 6379

    Replace {public access address} with the address obtained in 2. For example:

    ./redis-cli -h 49.**.**.211 -p 6379

  8. Enter the password. You can read and write cached data only after the password is verified.

    auth {password}

    {password} indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

    You have successfully accessed the instance if the following command output is displayed:

    OK 
49.**.**.211:6379>

Troubleshooting

  • Symptom: "Error: Connection reset by peer" is displayed.

    Possible cause: The security group is incorrectly configured. You need to enable port 36379 or 6379.

  • When redis-cli is used to connect to an instance, the following message is displayed indicating that the remote host forcibly closes an existing connection.

    Possible cause: SSL encryption has been enabled, but Stunnel is not configured during connection. The IP address displayed on the console was used for connection. In this case, strictly follow the instructions provided in Connecting to Redis with SSL Encryption.

  • For more information about Redis connection failures, see Troubleshooting Redis Connection Failures.