Help Center/ Distributed Cache Service/ User Guide/ Accessing a DCS Redis Instance/ Public Access to a DCS Redis 3.0 Instance (Discontinued)/ Connecting to Redis 3.0 over a Public Network on redis-cli
Updated on 2024-10-28 GMT+08:00
View PDF
Share

Connecting to Redis 3.0 over a Public Network on redis-cli

This section describes how to access a Redis 3.0 instance over a public network on redis-cli.

Public access helps R&D personnel establish local environment for development or testing, improving development efficiency. However, in the production environment (official environment), access a DCS Redis instance through a VPC to ensure efficient access.

Prerequisites

Before using redis-cli to access a DCS Redis instance over a public network, ensure that:

  • The instance version is Redis 3.0 and public access has been enabled.
  • If certificates are required for accessing the DCS instance, download the certificate from the DCS instance details page.

Accessing Redis 3.0 over a Public Network (Linux and SSL Enabled)

  1. Ensure that the security group rule allows public access through port 36379.

    When SSL encryption is enabled, allow public access through port 36379. Ensure that the Stunnel client has been installed.

    Figure 1 Security group rule (port 36379)

  2. Obtain the public access address and the certificates of the instance on the instance Basic Information page.

    • The public access address is displayed in the Connection section.
    • The certificates can be downloaded by clicking Download Certificate for Public Access in the Connection section. After decompression, you will obtain dcs-ca.cer (the public key certificate in binary format) and dcs-ca-bundle.pem (the certificate file in text format).
    Figure 2 Viewing the public access address (SSL enabled; port 36379)

  3. Log in to the local Linux device.
  4. Install the Stunnel client.

    Use either of the following methods to install Stunnel.

    Installation methods apt and yum are recommended. Any common Linux OSs should support at least one of these installation methods.

    • apt-get method:

      apt-get is used to manage DEB software packages and applicable to Debian OSs such as Ubuntu. Run the following command to install Stunnel:

      apt install stunnel or apt-get install stunnel

      If you cannot find Stunnel after running the command, run the apt update command to update the configuration and then install Stunnel again.

    • yum method:

      yum is used to manage RPM software packages and applicable to OSs such as Fedora, CentOS, and Red Hat. Run the following command to install Stunnel:

      yum install stunnel

  5. Open the Stunnel configuration file stunnel.conf.

    • If Stunnel is installed using apt-get, the configuration file is stored at the /etc/stunnel/stunnel.conf directory by default.

      If this directory does not exist or no configuration file exists in it, add a directory or configuration file.

    • If Stunnel is installed using yum, the configuration file is stored at the /usr/local/stunnel/stunnel.conf directory by default.

      If this directory does not exist or no configuration file exists in it, add a directory or configuration file.

    • If you are not sure where to store the configuration file, enter the stunnel command after the installation to view the directory for storing the configuration file.
    • The configuration file can be stored in any directory. Specify this configuration file when starting Stunnel.

  6. Add the following content to the configuration file stunnel.conf, and then save and exit. 

    debug = 4
output = /var/log/stunnel.log
sslVersion = all
[redis-client]
client = yes
accept = 8000
connect = {public access address}
CAfile = /etc/stunnel/dcs-ca.cer
    Modify the following parameters as required and leave other parameters unchanged:
    • client: indicates Stunnel. The fixed value is yes.
    • CAfile: specifies a CA certificate, which is optional. If a CA certificate is required, download and decompress the certificate dcs-ca.cer as instructed in 2. If it is not required, delete this parameter.
    • accept: specifies the user-defined listening port number of Stunnel. Specify this parameter when accessing a DCS instance by using a Redis client.
    • connect: specifies the forwarding address and port number of Stunnel. Set this parameter to the instance public access address obtained in 2.

    The following is a configuration example:

    [redis-client]
client = yes
CAfile = D:\tmp\dcs\dcs-ca.cer
accept = 8000
connect = 49.**.**.211:36379

  7. Run the following commands to start Stunnel:

    stunnel /{customdir}/stunnel.conf

    In the preceding command, {customdir} indicates the customized storage directory for the stunnel.conf file described in 5. The following is a command example:

    stunnel /etc/stunnel/stunnel.conf

    For the Ubuntu OS, run the /etc/init.d/stunnel4 start command to start Stunnel. The service or process name is stunnel4 for the Stunnel 4.x version.

    After starting the Stunnel client, run the ps -ef|grep stunnel command to check whether the process is running properly.

  8. Run the following command to check whether Stunnel is being listened:

    netstat -plunt |grep 8000|grep "LISTEN"

    8000 indicates the user-defined listening port number of Stunnel configured in the accept field in 6.

    If a line containing the port number 8000 is displayed in the returned result, Stunnel is running properly. When the Redis client connects to the address 127.0.0.1:8000, Stunnel will forward requests to the DCS Redis instance.

  9. Access the DCS Redis instance.

    1. Log in to the local Linux device.
    2. Run the following command to download the source code package of your Redis client from http://download.redis.io/releases/redis-5.0.8.tar.gz:

      wget http://download.redis.io/releases/redis-5.0.8.tar.gz

      You can also install the Redis client by running the following yum or apt command:

      • yum install redis
      • apt install redis-server
    3. Run the following command to decompress the source code package of your Redis client:

      tar -xzf redis-5.0.8.tar.gz

    4. Run the following commands to go to the Redis directory and compile the source code of your Redis client:

      cd redis-5.0.8

      make

    5. Run the following commands to access the chosen DCS Redis instance:

      cd src

      ./redis-cli -h 127.0.0.1 -p 8000

      In the preceding command:

      • The address following -h indicates the address of the Stunnel client, which is 127.0.0.1.
      • The port following -p is the listening port of the Stunnel client, which has been configured in the accept field in 6. 8000 is used an example.

      Do not use the public access address and port displayed on the console for the -h and -p parameters.

    6. Enter the password. You can read and write cached data only after the password is verified.

      auth {password}

      {password} indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

      You have successfully accessed the instance if the following command output is displayed:

      OK 
127.0.0.1:8000>

Accessing Redis 3.0 over a Public Network (Linux and SSL Disabled)

  1. Ensure that the security group rule allows public access through port 6379.

    When SSL encryption is disabled, the instance public access address can be accessed only if access through port 6379 is allowed.

    Figure 3 Security group rule (port 6379)

  2. Obtain the public access address of the instance.

    The public access address is displayed in the Connection section of the instance Basic Information page.
    Figure 4 Viewing the public access address (SSL disabled; port 6379)

  3. Log in to the local Linux device.
  4. Run the following command to download the source code package of your Redis client from http://download.redis.io/releases/redis-5.0.8.tar.gz:

    wget http://download.redis.io/releases/redis-5.0.8.tar.gz

    You can also install the Redis client by running the following yum or apt command:

    • yum install redis
    • apt install redis-server

  5. Run the following command to decompress the source code package of your Redis client:

    tar -xzf redis-5.0.8.tar.gz

  6. Run the following commands to go to the Redis directory and compile the source code of your Redis client:

    cd redis-5.0.8

    make

  7. Run the following commands to access the chosen DCS Redis instance:

    cd src

    ./redis-cli -h {public access address} -p 6379

    Replace {public access address} with the address obtained in 2. For example:

    ./redis-cli -h 49.**.**.211 -p 6379

  8. Enter the password. You can read and write cached data only after the password is verified.

    auth {password}

    {password} indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

    You have successfully accessed the instance if the following command output is displayed:

    OK 
49.**.**.211:6379>

Accessing Redis 3.0 over a Public Network (Windows and SSL Enabled)

  1. Ensure that the security group rule allows public access through port 36379.

    When SSL encryption is enabled, allow port 36379 for public access. In this case, ensure that the Stunnel client has been installed.

    Figure 5 Security group rule (port 36379)

  2. Obtain the public access address and the certificates of the instance.

    • The public access address is displayed in the Connection section.
    • The certificates can be downloaded by clicking Download Certificate for Public Access in the Connection section. After decompression, you will obtain dcs-ca.cer (the public key certificate in binary format) and dcs-ca-bundle.pem (the certificate file in text format).
    Figure 6 Viewing the public access address (SSL enabled; port 36379)

  3. Download the latest Windows Stunnel installation package (for example, stunnel-5.44-win32-installer.exe) from https://www.stunnel.org/downloads.html to the local Windows device.
  4. Run the Stunnel installation program and install the Stunnel client.
  5. Configure the Stunnel client: Right-click on the taskbar and choose Edit Configuration. Add the following configuration and then save and exit. 

    [redis-client]
client = yes
CAfile = D:\tmp\dcs\dcs-ca.cer
accept = 8000
connect = {public access address}
    Modify the following parameters as required and leave other parameters unchanged:
    • client: indicates Stunnel. The fixed value is yes.
    • CAfile: specifies a CA certificate, which is optional. If a CA certificate is required, download and decompress the certificate dcs-ca.cer as instructed in 2. If it is not required, delete this parameter.
    • accept: specifies the user-defined listening port number of Stunnel. Specify this parameter when accessing an instance on a Redis client.
    • connect: specifies the service address and port of Stunnel. Set this parameter to the instance public access address obtained in 2.

    When SSL encryption is enabled, the configuration is similar to the following:

    [redis-client]
client = yes
CAfile = D:\tmp\dcs\dcs-ca.cer
accept = 8000
connect = 49.**.**.211:36379

  6. Right-click on the taskbar and choose Reload Configuration.
  7. Open the CLI tool cmd.exe and run the following command to check whether 127.0.0.1:8000 is being listened:

    netstat -an |find "8000"

    Assume that port 8000 is configured as the listening port on the client.

    If 127.0.0.1:8000 is displayed in the returned result and its status is LISTENING, the Stunnel client is running properly. When the Redis client connects to the address 127.0.0.1:8000, Stunnel will forward requests to the DCS Redis instance.

  8. Access the DCS Redis instance.

    1. Obtain and decompress the Redis client installation package.

      The Windows Redis client installation package can be downloaded here.

    2. Open the CLI tool cmd.exe and run commands to go to the directory where the decompressed Redis client installation package is saved.

      For example, to go to the D:\redis-64.3.0.503 directory, run the following commands:

      D:

      cd D:\redis-64.3.0.503

    3. Run the following commands to access the chosen DCS Redis instance:

      redis-cli -h 127.0.0.1 -p 8000 -a <password>

      In the preceding command: The address following -h indicates the address of the Stunnel client, which is 127.0.0.1. The port following -p is the listening port of the Stunnel client, which has been configured in the accept field in 5. 8000 is used an example. Do not use the public access address and port displayed on the console for the -h and -p parameters.

      <password> indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

      You have successfully accessed the instance if the following command output is displayed:

      127.0.0.1:8000>

      Enter info and the DCS instance information will be returned. If no information is returned or the connection is interrupted, right-click the Stunnel icon on the taskbar and choose Show Log Window from the shortcut menu to show logs of Stunnel for cause analysis.

Accessing Redis 3.0 over a Public Network (Windows and SSL Disabled)

  1. Ensure that the security group rule allows public access through port 6379.

    When SSL encryption is disabled, allow port 6379 for external access.

    Figure 7 Security group rule (port 6379)

  2. Obtain the public access address of the instance.

    The public access address is displayed in the Connection section of the instance Basic Information page.
    Figure 8 Viewing the public access address (SSL disabled; port 6379)

  3. Obtain and decompress the Redis client installation package.

    The Windows Redis client installation package can be downloaded here.

  4. Open the CLI tool cmd.exe and run commands to go to the directory where the decompressed Redis client installation package is saved.

    For example, to go to the D:\redis-64.3.0.503 directory, run the following commands:

    D:

    cd D:\redis-64.3.0.503

  5. Run the following commands to access the chosen DCS Redis instance:

    redis-cli -h {public network access IP} -p 6379 -a <password>

    In this command, {public network access IP} indicates the IP address of the DCS Redis instance obtained in 2. <password> indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

    You have successfully accessed the instance if the following command output is displayed:

    139.**.**.175:6379>

    Enter info and the DCS instance information will be returned.

Troubleshooting

  • Symptom: "Error: Connection reset by peer" is displayed.

    Possible cause: The security group is incorrectly configured. You need to enable port 36379 or 6379.

  • When redis-cli is used to connect to an instance, the following message is displayed indicating that the remote host forcibly closes an existing connection.

    Possible cause: SSL encryption has been enabled, but Stunnel is not configured during connection. The IP address displayed on the console was used for connection. In this case, strictly follow the instructions provided in Accessing Redis 3.0 over a Public Network (Linux and SSL Enabled).

  • For more information about Redis connection failures, see Troubleshooting Redis Connection Failures.