On this page we will discuss how to connect to your Redis, but first...
By default, all connections to Redis are unencrypted. This is because, to quote the Redis security page:
Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.
At Compose we allow you to expose your Redis deployment to the internet, unencrypted, but with the option of whitelisting IP addresses to limit your exposure or to take up the option of using SSH tunnels which encrypt your traffic between your servers and other systems and your Redis database. By default, the system is configured with an unencrypted TCP portal, so we'll start with how to connect to that and cover how to use the whitelist to control access.
You can read about configuring Redis for SSH tunnels in Redis SSH Tunnels.
You will usually be using the
redis-cli command to manually connect to the deployment - it's the most direct way to remotely work with your Redis installation. It comes as part of the Redis package, so you will need to have Redis installed locally to use it. On Mac OS X we recommend installing brew and then using
brew install redis to get up and running. On Linux, refer to your distributions package manager for the latest build or, if you are so inclined, download the source and build it yourself.
Your first stop is the Compose console for your Redis deployment. Bring up the Overview page and you will find the Connection Info panel which looks like this:
The TCP Connection String is a URI for connection to Redis. It can be used by some client libraries and contains all the information needed for other libraries to connect; specifically the host name and the port.
The TCP Command Line is a preformatted command which will invoke
redis-cli with the correct parameters.
In both of these fields, there is a
[password] section. Redis uses an authentication string as a single password credential for all connections. That password can get obtained by selecting Show in the Credentials section. When the password is visible is showing it is also substituted into the fields, making them suitable to cut and paste.
Take the TCP Command Line and cut and paste it into your terminal like so:
$ redis-cli -h portal.brilliant-redis-41.compose-3.composedb.com -p 15639 -a secretpassword portal.brilliant-redis-41.compose-3.composedb.com:15639> set hello "world" OK portal.brilliant-redis-41.compose-3.composedb.com:15639> get hello "world" portal.brilliant-redis-41.compose-3.composedb.com:15639>
You can test your connection by running some simple Redis commands as shown.
There is no official Redis client library. There are numerous client libraries for many languages which are listed on the Redis site. You can see the full list here. Recommended clients are marked with a star and we recommend you use client libraries that have a star next to them. If you want to start quickly, here are a selection of recommended clients:
In the Security tab for your Compose Deployment are the details of how your deployment is configured to be accessed:
This is the default configuration of TCP access and SSH off. The Whitelist section controls access to the TCP portal. As soon as an IP address is added to it, all access from other IP addresses will be blocked. To add an IP address to the white list, click on Add IP which will open a form. You can enter a description of what your are whitelisting (for your reference) and an IP address or CIDR range if you want to whitelist a block. Below we are whitelisting just one address:
Once complete, click on Add IP and the portal will be reconfigured. Return to the Security tab and you will, if this is your first time with the whitelist see this:
Remember we said all IP addresses apart from the one given would be blocked. That would include Compose's own services such as the data browser. We make it easy for you to fix that. Just click Whitelist Compose Services and we'll add the appropriate addresses.
Now you have a level of access control to your Redis deployment, but remember that your connections to Redis are still unencrypted. Refer to Redis SSH Tunnels if you want encrypted connections.
If this article didn't solve things, summon a human and get some help!