博yu蘭2021-05-19 15:39:04redis開啟ssl過程:
首先編譯安裝redis:
cd /usr/local/src wget https://download。redis。io/releases/redis-6。0。9。tar。gz tar xf redis-6。0。9。tar。gz -C /opt cd redis-6。0。9 make MALLOC=libc BUILD_TLS=yes make PREFIX=/opt/redis install mkdir /data/redis;echo ‘PATH=/opt/redis/bin:$PATH’ >> /etc/profile source /etc/profile;mkdir /opt/redis/conf cp /usr/local/src/redis-6。0。9/redis。conf /opt/redis/conf/ sed -i “365s#。/#/opt/redis/conf/#” /opt/redis/conf/redis。conf echo vm。overcommit_memory = 1 >> /etc/sysctl。conf;sysctl -p
生成證書
mkdir /opt/redis/zs openssl genrsa -out ca。key 4096 openssl req -x509 -new -nodes -sha256 -key ca。key -days 3650 -subj ‘/O=Redis Test/CN=Certificate Authority’ -out ca。crt openssl genrsa -out redis。key 2048 openssl req -new -sha256 -key redis。key -subj ‘/O=Redis Test/CN=Server’ | openssl x509 -req -sha256 -CA ca。crt -CAkey ca。key -CAserial ca。txt -CAcreateserial -days 365 -out redis。crt openssl dhparam -out redis。dh 2048
啟動redis
cd /opt/redis 。/bin/redis-server ——tls-port 6379 ——port 0 ——tls-cert-file 。/zs/redis。crt ——tls-key-file 。/zs/redis。key ——tls-ca-cert-file 。/zs/ca。crt
驗證tls
cd /opt/redis 。/bin/redis-cli ——tls ——cert 。/zs/redis。crt ——key 。/zs/redis。key ——cacert 。/zs/ca。crt