Valkey : SSL/TLS Setting2024/11/15 |
Configure SSL/TLS Setting on Valkey. |
|
[1] | Create self-signed certificate. If you use valid certificate like Let's Encrypt or others, skip this section. |
[root@dlp ~]# cd /etc/pki/tls/certs [root@dlp certs]# openssl req -x509 -nodes -newkey rsa:2048 -keyout valkey.pem -out valkey.pem -days 3650 Generating a RSA private key ..+++++ .............+++++ writing new private key to 'valkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP # country code State or Province Name (full name) []:Hiroshima # State Locality Name (eg, city) [Default City]:Hiroshima # city Organization Name (eg, company) [Default Company Ltd]:GTS # company Organizational Unit Name (eg, section) []:Server World # department Common Name (eg, your name or your server's hostname) []:dlp.srv.world # server's FQDN Email Address []:root@srv.world # admin's email[root@dlp certs]# chmod 600 valkey.pem [root@dlp certs]# chown valkey:valkey valkey.pem |
[2] | Configure Valkey. |
[root@dlp ~]#
vi /etc/valkey/valkey.conf # line 139 : change : disable it with [0] port 0
# line 194: uncomment tls-port 6379 # line 200, 201 : uncomment and specify certificate tls-cert-file /etc/pki/tls/certs/valkey.pem tls-key-file /etc/pki/tls/certs/valkey.pem
# line 245 : uncomment tls-auth-clients no systemctl restart valkey |
[3] | Connect to Valkey with SSL/TLS from clients. If connect from other Hosts, it needs to transfer certificate to them. |
[root@node01 ~]# ll /etc/pki/tls/certs total 4 lrwxrwxrwx. 1 root root 49 Sep 23 09:00 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem lrwxrwxrwx. 1 root root 55 Sep 23 09:00 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt -rw-------. 1 valkey valkey 3160 Nov 15 09:55 valkey.pem # specify [tls] option and certificate [root@node01 ~]# valkey-cli -h dlp.srv.world --tls \ --cert /etc/pki/tls/certs/valkey.pem \ --key /etc/pki/tls/certs/valkey.pem \ --cacert /etc/pki/tls/certs/valkey.pem dlp.srv.world:6379> auth password OK dlp.srv.world:6379> info # Server redis_version:7.2.4 server_name:valkey valkey_version:8.0.1 redis_git_sha1:00000000 redis_git_dirty:0 redis_build_id:480577b1fe2c407e server_mode:standalone os:Linux 6.11.5-300.fc41.x86_64 x86_64 arch_bits:64 monotonic_clock:POSIX clock_gettime multiplexing_api:epoll gcc_version:14.2.1 process_id:1561 process_supervised:systemd run_id:7200b4d0f9f0b4bd156101e63f6111127e18fe3e tcp_port:6379 ..... ..... |
Sponsored Link |
|