Step 3: Access a DCS Redis Instance in Windows

This section describes how to access a DCS Redis 3.0 instance over a public network by using redis-cli in Windows.

Public access helps R&D personnel establish local environment for development or testing, improving development efficiency. However, in the production environment (official environment), access a DCS Redis instance through a VPC to ensure efficient access.

Prerequisites

Before using redis-cli to access a DCS Redis instance over a public network, ensure that:

The instance version is Redis 3.0 and public access has been enabled.
If certificates are required for accessing the DCS instance, download the certificate from the DCS instance details page.

Connecting to Redis with SSL Encryption

Ensure that the security group rule allows public access through port 36379.
When SSL encryption is enabled, allow public access through port 36379 and install the Stunnel client.

Figure 1 Security group rule (port 36379)
Obtain the public access address and the certificates of the instance on the instance Basic Information page.
- The public access address is displayed in the Connection section.
- The certificates can be downloaded by clicking Download Certificate for Public Access in the Connection section. After decompression, you will obtain dcs-ca.cer (the public key certificate in binary format) and dcs-ca-bundle.pem (the certificate file in text format).
Figure 2 Viewing the public access address (SSL enabled; port 36379)
Download the latest Windows Stunnel installation package (for example, stunnel-5.44-win32-installer.exe) from https://www.stunnel.org/downloads.html to the local Windows device.
Run the Stunnel installation program and install the Stunnel client.
Configure the Stunnel client: Right-click on the taskbar and choose Edit Configuration. Add the following configuration and then save and exit.
```
[redis-client]
client = yes
CAfile = D:\tmp\dcs\dcs-ca.cer
accept = 8000
connect = {public access address}
```
In the configuration:
- client: indicates Stunnel. The fixed value is yes.
- CAfile: specifies a CA certificate, which is optional. If a CA certificate is required, download and decompress the certificate dcs-ca.cer as instructed in 2. If it is not required, delete this parameter.
- accept: specifies the user-defined listening port number of Stunnel. Specify this parameter when accessing a DCS instance by using a Redis client.
- connect: specifies the service address and port number of Stunnel. Set this parameter to the instance public access address obtained in 2.
When SSL encryption is enabled, the configuration is similar to the following:
```
[redis-client]
client = yes
CAfile = D:\tmp\dcs\dcs-ca.cer
accept = 8000
connect = 49.**.**.211:36379
```
Right-click on the taskbar and choose Reload Configuration.
Open the CLI tool cmd.exe and run the following command to check whether 127.0.0.1:8000 is being listened:
netstat -an |find "8000"

Assume that port 8000 is configured as the listening port on the client.

If 127.0.0.1:8000 is displayed in the returned result and its status is LISTENING, the Stunnel client is running properly. When the Redis client connects to the address 127.0.0.1:8000, Stunnel will forward requests to the DCS Redis instance.
Access the DCS Redis instance.
1. Obtain and decompress the Redis client installation package.
  The Windows Redis client installation package can be downloaded here
2. Open the CLI tool cmd.exe and run commands to go to the directory where the decompressed Redis client installation package is saved.
  For example, to go to the D:\redis-64.3.0.503 directory, run the following commands:
  
  D:
  
  cd D:\redis-64.3.0.503
3. Run the following command to access the chosen DCS Redis instance:
  redis-cli -h 127.0.0.1 -p 8000 -a <password>
  In the preceding command:
  - The address following -h indicates the address of the Stunnel client, which is 127.0.0.1.
  - The port following -p is the listening port of the Stunnel client, which has been configured in the accept field in 5. 8000 is used an example here.
  Do not use the public access address and port displayed on the console for the -h and -p parameters.
  <password> indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.
  
  You have successfully accessed the instance if the following command output is displayed:
```
127.0.0.1:8000>
```
  Enter info and the DCS instance information will be returned. If no information is returned or the connection is interrupted, right-click the Stunnel icon on the taskbar and choose Show Log Window from the shortcut menu to show logs of Stunnel for cause analysis.

Connecting to Redis Without SSL Encryption

Ensure that the security group rule allows public access through port 6379.
When SSL encryption is disabled, the instance public access address can be accessed only if access through port 6379 is allowed.

Figure 3 Security group rule (port 6379)
Obtain the public access address of the instance.

The public access address is displayed in the Connection section.
Figure 4 Viewing the public access address (SSL disabled; port 6379)
Obtain and decompress the Redis client installation package.
The Windows Redis client installation package can be downloaded here
Open the CLI tool cmd.exe and run commands to go to the directory where the decompressed Redis client installation package is saved.
For example, to go to the D:\redis-64.3.0.503 directory, run the following commands:

D:

cd D:\redis-64.3.0.503
Run the following command to access the chosen DCS Redis instance:
redis-cli -h {public network access IP} -p 6379 -a <password>

In this command, {public network access IP} indicates the IP address of the DCS Redis instance obtained in 2. <password> indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

You have successfully accessed the instance if the following command output is displayed:
```
139.**.**.175:6379>
```
Enter info and the DCS instance information will be returned.

Troubleshooting

Symptom: "Error: Connection reset by peer" is displayed or a message is displayed indicating that the remote host forcibly closes an existing connection.
Possible cause 1: The security group is incorrectly configured. You need to enable port 36379 or 6379.

Possible cause 2: SSL encryption has been enabled, but Stunnel is not configured during connection. The IP address displayed on the console was used for connection. In this case, strictly follow the instructions provided in Connecting to Redis with SSL Encryption.
For more information about Redis connection failures, see Troubleshooting Redis Connection Failures.