Help Center > > User Guide> Accessing a DCS Redis Instance> Access an Instance Over Public Networks

Access an Instance Over Public Networks

Updated at: Sep 30, 2019 GMT+08:00

Accessing a DCS Redis instance over a public network helps R&D personnel to establish a local development or test environment, improving development efficiency. However, in the production environment (official environment), access a DCS Redis instance through a VPC to ensure efficient access.

This section describes how to access a DCS Redis instance using redis-cli in a local environment. You can adopt any of the following methods:

NOTE:

Currently, only DCS Redis 3.0 instances in password-protected mode support public access.

Prerequisites

Before using redis-cli to access a DCS Redis instance over a public network, ensure that:

  • A DCS Redis instance has been created in password-protected mode and is in the Running state.
  • Public access has been enabled for the DCS instance. For details, see Enabling Public Access to a DCS Redis Instance.
  • If a certificate is required for accessing the DCS instance, download the certificate from the DCS instance details page in advance. For details, see Viewing Details of a DCS Instance.

Public Access to a DCS Redis Instance Without SSL Encryption (Linux)

  1. Modify the security group rule, allowing public access through port 6379.

    When SSL encryption is disabled, the instance public access address can be accessed only if access through port 6379 is allowed. For details, see How to Select and Configure a Security Group?

  2. Obtain the public access address of the instance.

    For details, see Viewing Details of a DCS Instance.

  3. Log in to the local Linux device.
  4. Run the following command to download the source code package of your Redis client from http://download.redis.io/releases/redis-3.0.7.tar.gz:

    wget http://download.redis.io/releases/redis-3.0.7.tar.gz

    NOTE:

    You can also install the Redis client by running the following yum or apt command:

    • yum install redis
    • apt install redis-server

  5. Run the following command to decompress the source code package of your Redis client:

    tar -xzf redis-3.0.7.tar.gz

  6. Run the following commands to go to the redis-3.0.7 directory and compile the source code of your Redis client:

    cd redis-3.0.7

    make

  7. Run the following commands to access the chosen DCS Redis instance:

    cd src

    ./redis-cli -h {public access address} -p 6379

    Replace {public access address} with the address obtained in 2. For example:

    ./redis-cli -h 49.**.**.211 -p 6379

  8. Enter the password. You can read and write cached data only after the password is verified.

    auth <password>

    <password> indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

    You have successfully accessed the instance if the following command output is displayed:

    OK 
    49.**.**.211:6379>

Public Access to a DCS Redis Instance Without SSL Encryption (Windows)

  1. Modify the security group rule, allowing public access through port 6379.

    When SSL encryption is disabled, the instance public access address can be accessed only if access through port 6379 is allowed. For details, see How to Select and Configure a Security Group?

  2. Obtain the public access address of the instance.

    For details, see Viewing Details of a DCS Instance.

  3. Download the Redis client installation package to the local Windows device and decompress the package.

    Download the Windows Redis client installation package.

  4. Open the CLI tool cmd.exe and run commands to go to the directory where the decompressed Redis client installation package is saved.

    For example, to go to the D:\redis-64.3.0.503 directory, run the following commands:

    D:

    cd D:\redis-64.3.0.503

  5. Run the following command to access the chosen DCS Redis instance:

    redis-cli -p 6379 -a <password>

    <password> indicates the password used for logging in to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

    You have successfully accessed the instance if the following command output is displayed:

    49.**.**.211:6379>

    Enter info and the DCS instance information will be returned.

Public Access to a DCS Redis Instance With SSL Encryption (Linux)

  1. Modify the security group rule, allowing public access through port 36379.

    When SSL encryption is enabled, allow public access through port 36379 and install the Stunnel client. For details, see How to Select and Configure a Security Group?

  2. Obtain the public access address of the instance.

    For details, see Viewing Details of a DCS Instance.

  3. Log in to the local Linux device.
  4. Install the Stunnel client.

    Select either of the following methods to install Stunnel.

    NOTE:

    Installation methods apt and yum are recommended. Any common Linux OSs should support at least one of these installation methods.

    For details on how to install Stunnel in other common OSs, see How to Install a Stunnel Client on MacOS?

    • apt-get method:

      apt-get is used to manage DEB software packages and applicable to Debian OSs such as Ubuntu. Run the following command to install Stunnel:

      apt install stunnel or apt-get install stunnel

      If you cannot find Stunnel after running the command, run the apt update command to update the configuration and then install Stunnel again.

    • yum method:

      yum is used to manage RPM software packages and applicable to OSs such as Fedora, CentOS, and Red Hat. Run the following command to install Stunnel:

      yum install stunnel

  5. Open the Stunnel configuration file stunnel.conf.

    • If Stunnel is installed using apt-get, the configuration file is stored at the /etc/stunnel/stunnel.conf directory by default.

      If the /etc/stunnel/stunnel.conf directory does not exist or no configuration file exists in the directory, add a directory or configuration file.

    • If Stunnel is installed using yum, the configuration file is stored at the /usr/local/stunnel/stunnel.conf directory by default.

      If the /usr/local/stunnel/stunnel.conf directory does not exist or no configuration file exists in the directory, add a directory or configuration file.

    NOTE:
    • If you are not sure where to store the configuration file, enter the stunnel command after the installation to view the directory for storing the configuration file.
    • The configuration file can be stored in any directory. Specify this configuration file when starting Stunnel.

  6. Add the following content to the configuration file stunnel.conf, and then save and exit.

    debug = 4
    output = /var/log/stunnel.log
    sslVersion = all
    [redis-client]
    client = yes
    accept = 8000
    connect = {public access address}
    CAfile = /etc/stunnel/dcs-ca.cer
    In the configuration:
    • client: indicates Stunnel. The fixed value is yes.
    • CAfile: specifies a CA certificate, which is optional. If a CA certificate is required, download the certificate from the DCS instance details page. For details, see Viewing Details of a DCS Instance. If it is not required, delete this parameter.
    • accept: specifies the user-defined listening port number of Stunnel. Specify this parameter when accessing a DCS instance by using a Redis client.
    • connect: specifies the forwarding address and port number of Stunnel. Set this parameter to the instance public access address obtained in 2.

    The following is a configuration example:

    [redis-client]
    client = yes
    CAfile = D:\tmp\dcs\dcs-ca.cer
    accept = 8000
    connect = 49.**.**.211:36379

  7. Run the following commands to start Stunnel:

    stunnel /{customdir}/stunnel.conf

    In the preceding command, {customdir} indicates the customized storage directory for the stunnel.conf file described in 5. The following is a command example:

    stunnel /etc/stunnel/stunnel.conf

    NOTE:

    For the Ubuntu OS, run the /etc/init.d/stunnel4 start command to start Stunnel. The service or process name is stunnel4 for the Stunnel 4.x version.

    After starting the Stunnel client, run the ps -ef|grep stunnel command to check whether the process is running properly.

  8. Run the following command to check whether Stunnel is being listened:

    netstat -plunt |grep 8000|grep "LISTEN"

    8000 indicates the user-defined listening port number of Stunnel configured in the accept field in 6.

    If a line containing the port number 8000 is displayed in the returned result, Stunnel is running properly. When the Redis client connects to the address 127.0.0.1:8000, Stunnel will forward requests to the DCS Redis instance.

  9. Access the DCS Redis instance.

    1. Log in to the local Linux device.
    2. Download the source code package of your Redis client from http://download.redis.io/releases/redis-3.0.7.tar.gz.

      wget http://download.redis.io/releases/redis-3.0.7.tar.gz

      NOTE:

      You can also install the Redis client by running the following yum or apt command:

      • yum install redis
      • apt install redis-server
    3. Run the following command to decompress the source code package of your Redis client:

      tar -xzf redis-3.0.7.tar.gz

    4. Run the following commands to go to the redis-3.0.7 directory and compile the source code of your Redis client:

      cd redis-3.0.7

      make

    5. Run the following commands to access the chosen DCS Redis instance:

      cd src

      ./redis-cli -p 8000

      8000 indicates the user-defined listening port number of Stunnel configured in the accept field in 6.

    6. Enter the password. You can read and write cached data only after the password is verified.

      auth <password>

      <password> indicates the password used for login to the chosen DCS Redis instance. This password is defined during DCS Redis instance creation.

      You have successfully accessed the instance if the following command output is displayed:

      OK 
      127.0.0.1:8000>

Public Access to a DCS Redis Instance With SSL Encryption (Windows)

  1. Modify the security group rule, allowing public access through port 36379.

    When SSL encryption is enabled, allow public access through port 36379 and install the Stunnel client. For details, see How to Select and Configure a Security Group?

  2. Obtain the public access address of the instance.

    For details, see Viewing Details of a DCS Instance.

  3. Download the latest Windows Stunnel installation package (for example, stunnel-5.44-win32-installer.exe) from https://www.stunnel.org/downloads.html to the local Windows device.
  4. Run the Stunnel installation program and install the Stunnel client.
  5. Configure the Stunnel client: Right click on the taskbar and choose Edit Configuration. Add the following configuration and then save and exit.

    [redis-client]
    client = yes
    CAfile = D:\tmp\dcs\dcs-ca.cer
    accept = 8000
    connect = {public access address}
    In the configuration:
    • client: indicates Stunnel. The fixed value is yes.
    • CAfile: specifies a CA certificate, which is optional. If a CA certificate is required, download the certificate on the DCS instance details page by referring to Viewing Details of a DCS Instance. If it is not required, delete this parameter.
    • accept: specifies the user-defined listening port number of Stunnel. Specify this parameter when accessing a DCS instance by using a Redis client.
    • connect: specifies the service address and port number of Stunnel. Set this parameter to the instance public access address obtained in 2.

    When SSL encryption is enabled, the configuration is similar to the following:

    [redis-client]
    client = yes
    CAfile = D:\tmp\dcs\dcs-ca.cer
    accept = 8000
    connect = 49.**.**.211:36379

  6. Right-click on the taskbar and choose Reload Configuration.
  7. Open the CLI tool cmd.exe and run the following command to check whether port 127.0.0.1:8000 is being listened:

    netstat -an |find "8000"

    Assume that port 8000 is configured as the listening port on the client.

    If 127.0.0.1:8000 is displayed in the returned result and its status is LISTENING, the Stunnel client is running properly. When the Redis client connects to the address 127.0.0.1:8000, Stunnel will forward requests to the DCS Redis instance.

  8. Access the DCS Redis instance.

    1. Download the Redis client installation package to the local Windows device and decompress the package.

      Download the Windows Redis client installation package.

    2. Open the CLI tool cmd.exe and run commands to go to the directory where the decompressed Redis client installation package is saved.

      For example, to go to the D:\redis-64.3.0.503 directory, run the following commands:

      D:

      cd D:\redis-64.3.0.503

    3. Run the following command to access the chosen DCS Redis instance:

      redis-cli -p 8000 -a <password>

      8000 indicates the user-defined listening port number of the Stunnel client configured in the accept field in 5 and <password> indicates the password you define when creating the DCS instance. Specify an actual password before running the command.

      You have successfully accessed the instance if the following command output is displayed:

      127.0.0.1:8000>

      After you enter info, the DCS instance information is returned. If no information is returned or the connection is interrupted, right-click the Stunnel icon on the taskbar and choose Show Log Window from the shortcut menu to show logs of Stunnel for cause analysis.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel