个人学习笔记

使用Docker创建Redis7,并开启TLS连接

liu

默认你已经装了docker

docker pull redis:latest
mkdir /data
cd /data
vim redis.conf

#redis.conf
bind 0.0.0.0
protected-mode no
port 0
tls-port 56789
tls-cert-file  /data/ssl/redis.crt
tls-key-file   /data/ssl/redis.key
tls-ca-cert-file   /data/ssl/ca.crt
tls-auth-clients no
tls-protocols "TLSv1.2 TLSv1.3"
logfile /data/redis.log
databases 16
appendonly yes
dir /data/

接着我们来创建证书

mkdir /data/ssl
cd /data/ssl
openssl genrsa -out ca.key 2048
openssl req \
    -x509 -new -nodes -sha256 \
    -key tests/tls/ca.key \
    -days 3650 \
    -subj '/O=Redis Test/CN=Certificate Authority' \
    -out ca.crt
openssl genrsa -out redis.key 2048
openssl req \
    -new -sha256 \
    -key redis.key \
    -subj '/O=Redis Test/CN=Server' | \
    openssl x509 \
        -req -sha256 \
        -CA tests/tls/ca.crt \
        -CAkey tests/tls/ca.key \
        -CAserial tests/tls/ca.txt \
        -CAcreateserial \
        -days 3650 \
        -out redis.crt
openssl dhparam -out redis.dh 2048

启动redis容器

docker run -p 56789:56789 --name redis -v /data/redis/:/data/ -v /etc/localtime:/etc/localtime:ro --restart=always -d redis:latest redis-server /data/redis.conf

评论

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注