sql >> データベース >  >> NoSQL >> Redis

sslを使用してDockerredisコンテナを設定する方法

    新しいredisv6+ sslを使用するようにDockerコンテナーをセットアップする方法について、サンプルリポジトリを作成しました:

    • https://github.com/allen-munsch/docker-redis-ssl-example

    docker-compose.yml

    version: "3"
    
    volumes:
      redis:
    
    services:
      redis:
        image: "example/redis:v6.0.13"
        command: ["/app/docker-redis-entrypoint.sh"]
        container_name: redis
        ports:
          - 6379:6379
        volumes:
          - redis:/data
          - ./:/app
    

    Dockerfile:

    FROM redis:6.0.13 as base
    COPY ./redis/tls /tls
    

    entrypoint.sh

    
    #!/bin/sh
    set -e
    
    redis-server --tls-port 6379 --port 0 \
        --tls-cert-file /tls/redis.crt \
        --tls-key-file /tls/redis.key \
        --tls-ca-cert-file /tls/ca.crt
    

    gen-redi-certs.sh

    
    #!/bin/bash
    
    # COPIED/MODIFIED from the redis server gen-certs util
    
    # Generate some test certificates which are used by the regression test suite:
    #
    #   tls/ca.{crt,key}          Self signed CA certificate.
    #   tls/redis.{crt,key}       A certificate with no key usage/policy restrictions.
    #   tls/client.{crt,key}      A certificate restricted for SSL client usage.
    #   tls/server.{crt,key}      A certificate restricted for SSL server usage.
    #   tls/redis.dh              DH Params file.
    
    generate_cert() {
        local name=$1
        local cn="$2"
        local opts="$3"
    
        local keyfile=tls/${name}.key
        local certfile=tls/${name}.crt
    
        [ -f $keyfile ] || openssl genrsa -out $keyfile 2048
        openssl req \
            -new -sha256 \
            -subj "/O=Redis Test/CN=$cn" \
            -key $keyfile | \
            openssl x509 \
                -req -sha256 \
                -CA tls/ca.crt \
                -CAkey tls/ca.key \
                -CAserial tls/ca.txt \
                -CAcreateserial \
                -days 365 \
                $opts \
                -out $certfile
    }
    
    mkdir -p tls
    [ -f tls/ca.key ] || openssl genrsa -out tls/ca.key 4096
    openssl req \
        -x509 -new -nodes -sha256 \
        -key tls/ca.key \
        -days 3650 \
        -subj '/O=Redis Test/CN=Certificate Authority' \
        -out tls/ca.crt
    
    cat > tls/openssl.cnf <<_END_
    [ server_cert ]
    keyUsage = digitalSignature, keyEncipherment
    nsCertType = server
    [ client_cert ]
    keyUsage = digitalSignature, keyEncipherment
    nsCertType = client
    _END_
    
    generate_cert server "Server-only" "-extfile tls/openssl.cnf -extensions server_cert"
    generate_cert client "Client-only" "-extfile tls/openssl.cnf -extensions client_cert"
    generate_cert redis "Generic-cert"
    
    [ -f tls/redis.dh ] || openssl dhparam -out tls/redis.dh 2048
    


    1. 単一の結果を集約して取得することは可能ですか?

    2. MongoDBがシェルでデータベースを作成しない

    3. node.jsがモジュール'mongodb'を見つけることができません

    4. Mongoを使用した配列要素のクエリ