At Compose we offer three ways to connect to Redis deployments.
By default, a Redis deployment is provisioned with a basic TCP portal which enables traditional, unencrypted connections. This can be used when your drivers do not handle encryption and you are aware of the potential risks of unencrypted traffic. This is also the connection that the
redis-cli can use natively, as it does not support encryption.
You can provision an SSL-supporting TCP portal which only accepts SSL encrypted Redis connections. Portal provisioning can be found in the Security panel of your deployment. The connection strings will have a "rediss:" prefix and most languages also have a driver that supports connecting your application with SSL/TLS. There is no SSL/TLS support baked into the open source Redis so the
redis-cli can only use this connection with additional configuration; such as setting up a utility like stunnel.
You can also provision an optional SSH portal which allows you to encrypt all your traffic between a database client and a server. This traffic tunnel allows applications to send unencrypted Redis traffic to the server with the tunnel managing the encryption. You can read about configuring Redis for SSH tunnels in Redis SSH Tunnels.
Your first stop is the Compose console for your Redis deployment. Bring up the Overview page and you will find the Connection Info panel which looks like this:
The TCP Connection String is a URI for connection to Redis. It can be used by some client libraries and contains all the information needed for other libraries to connect; specifically the host name and the port.
- An unencrypted connection will have a
redis://prefixed string. One of these connection strings is provided by default with your deployment.
- An encrypted connection will have a
rediss://prefixed string. These connections can be provisioned from the Security pane of your deployment.
Let's Encrypt vs self-signed certificates
If you see a self-signed certificate available in the Connection Info panel, then you will need a local copy of the certificate and supply a path to it to your driver when connecting.
If you do not see a self-signed certificate, then your deployment uses a Let's Encrypt certificate and your driver will use your (or its) certificate store.
The TCP Command Line is a pre-formatted command which will invoke
redis-cli with the correct parameters. More information about using the redis-cli and how to use it securely can be found on the [Redis-cli) page.
In both of these fields, there is a
[password] section. Redis uses an authentication string as a single password credential for all connections. That password can get obtained by selecting Show in the Credentials section. When the password is visible is showing it is also substituted into the fields, making them suitable to cut and paste.
If you have an SSH portal provisioned, the sections SSH Tunnel Configuration, SSH Connection String, and SSH Command Line will apper above the other connection information. Information about how to use these connections is on the Redis SSH Tunnels page.
If this article didn't solve things, summon a human and get some help!
Updated about a year ago