Connect to Redis with SSL⚓︎
1 Operation Procedure⚓︎
1.1 Prepare the CA file for dababase⚓︎
- Prepare Redis ca file (Cloud service providers typically only provide the CA file)
mkdir -p /opt/jumpserver/config/certs/certs
cp redis_ca.crt /opt/jumpserver/config/certs/redis_ca.crt
- Test connecting to redis without error
# . /opt/jumpserver/config/config.txt
# redis-cli --tls --cacert /opt/jumpserver/config/certs/redis_ca.crt -h $REDIS_HOST -p $REDIS_PORT -a $REDIS_PASSWORD info
- Prepare ca file, private key and certificate(Self signed certificate) of Redis.
mkdir -p /opt/jumpserver/config/certs
cp redis_ca.crt /opt/jumpserver/config/certs/redis_ca.crt
cp redis_client.crt /opt/jumpserver/config/certs/redis_client.crt
cp redis_client.key /opt/jumpserver/config/certs/redis_client.key
- Test connecting to redis without error
# . /opt/jumpserver/config/config.txt
# redis-cli --tls --cacert /opt/jumpserver/config/certs/redis_ca.crt --cert /opt/jumpserver/config/certs/redis_client.crt --key /opt/jumpserver/config/certs/redis_client.key -h $REDIS_HOST -p $REDIS_PORT -a $REDIS_PASSWORD info
1.2 Edit configuration file⚓︎
- Open the configuration file
vi /opt/jumpserver/config/config.txt
- Update configuration file for Redis SSL
REDIS_USE_SSL=True
1.3 Restart JumpServer⚓︎
cd /opt/jumpserver-installer-v3.10.5
./jmsctl.sh down
./jmsctl.sh start
For JumpServer deployments using alternative methods, place the Redis SSL certificate in '/data/certs' and restart to complete the process.
- /opt/jumpserver/data/certs
- /opt/koko/data/certs
- /opt/lion/data/certs