Securing Node Redis

Question

I'm trying to secure the Node Redis IPC server to use a private/public key. I've followed this tutorial which uses stunnel which wraps the tunnel used by Redis under a SSL layer.

The example is not for Node, but it does secure the connection, and I only can connect to the server if I include the certification in my config file, otherwise the connection is reseted.

However, I cannot replicate this with NodeJS. On my server computer, I have:

var redis = require('redis'); 
var client = redis.createClient();

client.auth('myPassword');
client.publish('instances', 'start');

And my on my client computer I have:

var redis = require('redis');
var client = redis.createClient();

client.auth('myPassword');
client.subscribe('instances');
client.on('message', function (channel, message) {
  console.log("Got message " + message + " from channel " + channel);
})

But, the two devices communicate whether or not I include the certification in my stunnel config file. How can I secure this connection up?

Cheers

Answer 1

You can do this by passing in the tls configuration when creating the client like so

var redis = require("redis");

var client = redis.createClient(6380,'location.of.server', {auth_pass: 'password', tls: {servername: 'location.of.server'}});

Answer 2

I have also searched for this . But redis doesn't need any ssl since in runs only on verified private networks. The only way to provide security using stunnel. Since we can enable password by using AUTH command. In redis they have provided a password generator which is named as GPG key. Which generated a 2048 length key which will provide security. I think my answer is relevant.