0

I am not able to connect to Redis container through a secured connection (based on SSL) using Redis Desktop Manager (RDM). So, I have deployed two containers together:

  1. Redis container expose port 6379
  2. Nginx image which accepts SSL requests from redis client and pass tcp requests to the other redis container through localhost connection.

Following this tutorial: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-group-ssl

And using a generated self-signed certificate SSL.

Here is the Nginx.conf file:


user nginx;

worker_processes auto;

events {
  worker_connections 1024;
}

pid        /var/run/nginx.pid;

stream  {
    server {
        listen [::]:443 ssl;
        listen 443 ssl;
        proxy_pass 127.0.0.1:6379;

        ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;

        ssl_ciphers                ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
        ssl_prefer_server_ciphers  on;

        ssl_session_cache    shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
        ssl_session_timeout  24h;

        ssl_certificate      /etc/nginx/ssl.crt;
        ssl_certificate_key  /etc/nginx/ssl.key;
    }
}

Here is the container deployment Yaml file:

api-version: 2018-10-01
location: eastus
name: rediscontainer-int
properties:
  containers:
  - name: nginx-with-ssl
    properties:
      image: nginx
      ports:
      - port: 443
        protocol: TCP
      resources:
        requests:
          cpu: 2
          memoryInGB: 3
      volumeMounts:
      - name: nginx-config
        mountPath: /etc/nginx
  - name: my-app
    properties:
      image: redislabs/rebloom:latest
      ports:
      - port: 6379
        protocol: TCP
      resources:
        requests:
          cpu: 2
          memoryInGB: 3
  volumes:
  - secret:
      ssl.crt: <Enter contents of base64-ssl.crt here>
      ssl.key: <Enter contents of base64-ssl.key here>
      nginx.conf: <Enter contents of base64-nginx.conf here>
    name: nginx-config
  ipAddress:
    ports:
    - port: 443
      protocol: TCP
    type: Public
    dnsNameLabel: rediscontainer-int
  osType: Linux
tags: null
type: Microsoft.ContainerInstance/containerGroups

Connecting through RDM with specifying container public IP, be like:

enter image description here

Specifying SSL:

enter image description here

mohsen
  • 93
  • 3
  • 14

1 Answers1

1

The key point is that you use a self-signed certificate, which is not trusted by your system by default. So you need to add it to trusted certificate store.

Here is my succesful experience:

Please confirm that you have set right CN for your certificate.

enter image description here

And then add DNS record for it: (For testing, you can modify your hosts file to map the hostname to you container IP)

enter image description here

Important! Then add your self-signed certificate to trusted store:

enter image description here

And then, you need to connect to your redis via hostname: enter image description here

If everything is OK, then you can seccussfully connect to Redis:

enter image description here

Jack Jia
  • 5,268
  • 1
  • 12
  • 14
  • Thanks Jack, it finally works, and as you said the issue that I thought I don't need to install the certificate as it is self-signed, but apparently not, and it works after doing that. – mohsen Nov 23 '19 at 00:32