Securely Connect to Redis and Utilize Benchmark Tools
Learn how to create an encrypted connection to redis-cli using a utility like Stunnel, and benchmark your Redis instance on IBM Cloud using redis-benchmark commands.
Redis (short for REmote DIctionary Server) is an open-source, in-memory data structure widely used as a cache or a database. Due to its in-memory nature that persists on disk, Redis is fast, reliable and highly performant. To learn more about Redis and its features, refer to our article “ Redis Explained.”
There are many CLI tools for Redis. The ones most commonly used are redis-cli, iredis and redli. Redis-cli is the recommended CLI.
Along with the CLI, Redis provides a benchmarking utility called redis-benchmark
that that simulates X clients sending Y queries to the Redis instance on IBM Cloud:
Before you begin
- To explore Redis with the CLI, install Redis on Linux, macOS and Windows.
- Install Stunnel using the respective OS package managers or from the downloads link. Stunnel is an open-source proxy that adds TLS encryption, creating secure tunnels between the Redis client and the server.
- Last, but not the least, provision an IBM Cloud Databases for Redis service instance on IBM Cloud that provides you with a managed Redis deployment.
Rediss vs. Redis
Once you have provisioned the Databases for Redis instance on IBM Cloud, perform the following steps:
- Navigate to the Overview page of the service instance.
- Under Endpoints, click on the Redis tab.
- You should see
rediss
in the Endpoint:
So, what does the additional S stand for in Rediss? Similar to the ‘S’ in HTTPS, the additional s
stands for secure. All the TLS/SSL-enabled connections have a rediss:
prefix, whereas the unencrypted connections have a redis:
prefix.
Securely connect and run commands
You need a stunnel.conf
file to set up the required Stunnel configuration. As part of the conf file, you need a TLS certificate ( cert.crt
):
- From the Overview page of the Redis service, save the TLS certificate as shown in the image above into a file called
cert.crt
on your machine. - Click on Service credentials and then on New credential > Add.
- On your machine, create a filecalled
stunnel.conf
with the contents shown below. You can find the <HOSTNAME> and the <PORT> from the service credential you created above:
[redis-cli]
client=yes
accept=127.0.0.1:6379
connect=<HOSTNAME>:<PORT>
verify=2
checkHost=<HOSTNAME>
CAfile=/PATH/TO/cert.crt
The following is an example stunnel.conf
file for your reference:
4. From your terminal or command prompt, use the following command to run Stunnel:
stunnel stunnel.conf
5. After successful initialization, you can run any redis-cli or redis-benchmark commands. You can find the <USERNAME> and <PASSWORD> under the service credential of your Redis service. For example, to run 10,000 queries and 100 clients, you can issue the following command:
redis-benchmark -q -n 10000 -p 6379 — user <USERNAME> -a <PASSWORD> -c 100
There are many pre-built and custom commands available in the redis-benchmark utility to test your Redis server.
Conclusion
In this post, you learned how to securely connect your Redis client to the IBM Cloud Databases for Redis instance on IBM Cloud using the TLS certificate via Stunnel proxy.
What’s next?
- Autoscaling
- Monitoring integration: Once you set up monitoring and run the redis-benchmark, here’s how your IBM monitoring console may look like:
If you have any queries, feel free to reach out to me on Twitter or LinkedIn.
Originally published at https://www.ibm.com on April 27, 2022.