At Compose we offer three ways to connect to Redis deployments.
By default, a Redis deployment is provisioned with a basic TCP portal which enables traditional, unencrypted connections. This can be used when your drivers do not handle encryption and you are aware of the potential risks of unencrypted traffic. This is also the only connection that can be used with the
redis-cli, as it does not support encryption.
You can provision an SSL-supporting TCP portal which only accepts SSL encrypted Redis connections, backed by a Let's Encrypt certificate. Portal provisioning can be found in the Security panel of your deployment. The connection strings will have a
rediss:// prefix and most languages also have a driver that supports connecting your application with SSL/TLS. There is no SSL/TLS support baked into the open source Redis so the
redis-cli can not use this connection.
You can also provision an optional SSH portal which allows you to encrypt all your traffic between a database client and a server. This traffic tunnel allows applications to send unencrypted Redis traffic to the server with the tunnel managing the encryption. You can read about configuring Redis for SSH tunnels in Redis SSH Tunnels.
Your first stop is the Compose console for your Redis deployment. Bring up the Overview page and you will find the Connection Info panel which looks like this:
Connections available for a Redis deployment.
The TCP Connection String is a URI for connection to Redis. It can be used by some client libraries and contains all the information needed for other libraries to connect; specifically the host name and the port.
- An unencrypted connection will have a
redis://prefixed string. One of these connection strings is provided by default with your deployment.
- An encrypted connection will have a
rediss://prefixed string. These connections can be provisioned from the Security pane of your deployment.
Let's Encrypt vs self-signed certificates
If you see a self-signed certificate available in the Connection Info panel, then you will need a local copy of the certificate and supply a path to it to your driver when connecting.
If you do not see a self-signed certificate, then your deployment uses a Let's Encrypt certificate and your driver will use your (or its) certificate store.
The TCP Command Line is a pre-formatted command which will invoke
redis-cli with the correct parameters.
In both of these fields, there is a
[password] section. Redis uses an authentication string as a single password credential for all connections. That password can get obtained by selecting Show in the Credentials section. When the password is visible is showing it is also substituted into the fields, making them suitable to cut and paste.
If you have an SSH portal provisioned, the sections SSH Tunnel Configuration, SSH Connection String, and SSH Command Line will apper above the other connection information. Information about how to use these connections is on the Redis SSH Tunnels page.
You will usually be using the
redis-cli command to manually connect to the deployment - it's the most direct way to remotely work with your Redis installation. It comes as part of the Redis package, so you will need to have Redis installed locally to use it. On Mac OS X we recommend installing brew and then using
brew install redis to get up and running. On Linux, refer to your distributions package manager for the latest build or, if you are so inclined, download the source and build it yourself.
redis-cli and encryption
redis-cli will not work with SSL-enabled connections. In order to use it, you will need to have at least one HAProxy portal that is not SSL secured to connect the
redis-cli to your deployment.
Take the TCP Command Line and cut and paste it into your terminal like so:
$ redis-cli -h portal.brilliant-redis-41.compose-3.composedb.com -p 15639 -a secretpassword $ portal.brilliant-redis-41.compose-3.composedb.com:15639> set hello "world" > OK $ portal.brilliant-redis-41.compose-3.composedb.com:15639> get hello > "world"
You can test your connection by running some simple Redis commands as shown.
If this article didn't solve things, summon a human and get some help!