我无法使用Redis Desktop Manager(RDM)通过安全连接(基于SSL)连接到Redis容器。 因此,我已经一起部署了两个容器:
- Redis容器暴露端口6379
- Nginx图像,该图像接受来自Redis客户端的SSL请求,并通过localhost连接将tcp请求传递给另一个Redis容器。
按照本教程操作:https://docs.microsoft.com/en-us/azure/container-instances/container-instances-container-group-ssl
并使用生成的自签名证书SSL。
这是Nginx.conf文件:
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
pid /var/run/nginx.pid;
stream {
server {
listen [::]:443 ssl;
listen 443 ssl;
proxy_pass 127.0.0.1:6379;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ecdhe-RSA-AES128-GCM-SHA256:ecdhe-ECDSA-AES128-GCM-SHA256:ecdhe-RSA-AES256-GCM-SHA384:ecdhe-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ecdhe-RSA-AES128-SHA256:ecdhe-ECDSA-AES128-SHA256:ecdhe-RSA-AES128-SHA:ecdhe-ECDSA-AES128-SHA:ecdhe-RSA-AES256-SHA384:ecdhe-ECDSA-AES256-SHA384:ecdhe-RSA-AES256-SHA:ecdhe-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ecdhe-RSA-RC4-SHA:ecdhe-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions,so we can hold 40000 sessions
ssl_session_timeout 24h;
ssl_certificate /etc/nginx/ssl.crt;
ssl_certificate_key /etc/nginx/ssl.key;
}
}
这是容器部署Yaml文件:
api-version: 2018-10-01
location: eastus
name: rediscontainer-int
properties:
containers:
- name: nginx-with-ssl
properties:
image: nginx
ports:
- port: 443
protocol: TCP
resources:
requests:
cpu: 2
memoryInGB: 3
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx
- name: my-app
properties:
image: redislabs/rebloom:latest
ports:
- port: 6379
protocol: TCP
resources:
requests:
cpu: 2
memoryInGB: 3
volumes:
- secret:
ssl.crt: <Enter contents of base64-ssl.crt here>
ssl.key: <Enter contents of base64-ssl.key here>
nginx.conf: <Enter contents of base64-nginx.conf here>
name: nginx-config
ipAddress:
ports:
- port: 443
protocol: TCP
type: Public
dnsnameLabel: rediscontainer-int
osType: Linux
tags: null
type: microsoft.ContainerInstance/containerGroups
通过RDM连接并指定容器公共IP,例如:
指定SSL: