问题描述
我无法使用Redis Desktop Manager(RDM)通过安全连接(基于SSL)连接到Redis容器.因此,我已经一起部署了两个容器:
I am not able to connect to Redis container through a secured connection (based on SSL) using Redis Desktop Manager (RDM).So, I have deployed two containers together:
- Redis容器暴露端口6379
- Nginx图像,它接受来自Redis客户端的SSL请求,并通过localhost连接将tcp请求传递给另一个Redis容器.
按照本教程操作: https ://docs.microsoft.com/zh-CN/azure/container-instances/container-instances-container-group-ssl
并使用生成的自签名证书SSL.
And using a generated self-signed certificate SSL.
这是Nginx.conf文件:
Here is the Nginx.conf file:
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
pid /var/run/nginx.pid;
stream {
server {
listen [::]:443 ssl;
listen 443 ssl;
proxy_pass 127.0.0.1:6379;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
ssl_session_timeout 24h;
ssl_certificate /etc/nginx/ssl.crt;
ssl_certificate_key /etc/nginx/ssl.key;
}
}
这是容器部署Yaml文件:
Here is the container deployment Yaml file:
api-version: 2018-10-01
location: eastus
name: rediscontainer-int
properties:
containers:
- name: nginx-with-ssl
properties:
image: nginx
ports:
- port: 443
protocol: TCP
resources:
requests:
cpu: 2
memoryInGB: 3
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx
- name: my-app
properties:
image: redislabs/rebloom:latest
ports:
- port: 6379
protocol: TCP
resources:
requests:
cpu: 2
memoryInGB: 3
volumes:
- secret:
ssl.crt: <Enter contents of base64-ssl.crt here>
ssl.key: <Enter contents of base64-ssl.key here>
nginx.conf: <Enter contents of base64-nginx.conf here>
name: nginx-config
ipAddress:
ports:
- port: 443
protocol: TCP
type: Public
dnsNameLabel: rediscontainer-int
osType: Linux
tags: null
type: Microsoft.ContainerInstance/containerGroups
通过RDM与指定的容器公共IP连接,例如:
Connecting through RDM with specifying container public IP, be like:
指定SSL:
推荐答案
关键点在于您使用的是自签名证书,默认情况下系统不信任该证书.因此,您需要将其添加到受信任的证书存储中.
The key point is that you use a self-signed certificate, which is not trusted by your system by default. So you need to add it to trusted certificate store.
这是我成功的经验:
请确认您已为证书设置正确的CN.
Please confirm that you have set right CN for your certificate.
然后为其添加DNS记录:(为进行测试,您可以修改主机文件以将主机名映射到您的容器IP)
And then add DNS record for it: (For testing, you can modify your hosts file to map the hostname to you container IP)
重要!,然后将您的自签名证书添加到受信任的存储区:
Important! Then add your self-signed certificate to trusted store:
然后,您需要通过主机名连接到Redis:
And then, you need to connect to your redis via hostname:
如果一切正常,那么您可以秘密连接到Redis:
If everything is OK, then you can seccussfully connect to Redis:
这篇关于使用RDM使用SSL通过Ngnix安全连接到Redis容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!