Question: How to set up Redis replication with TLS?

Answer

It's important for modern applications to secure data transmission, and this includes databases like Redis. With Redis, it's possible to use Transport Layer Security (TLS) for encrypted connections, including in a replication setup where data is copied from a master server to one or more replicas.

Setting up a Redis master-replica configuration with TLS involves a few steps:

1. Create TLS Certificates: You need to generate the necessary certificates for TLS. In production environments, you'd typically get these from a trusted Certificate Authority (CA). For testing, you can create self-signed certificates.

openssl genrsa -out redis.key 2048
openssl req -new -x509 -days 365 -key redis.key -out redis.crt

2. Configure the Master Redis Server: Edit your Redis configuration file (redis.conf) on the master server to enable TLS and specify your certificates and private key. You'll also need to set an encrypted port for clients to connect to.

tls-port 6380
tls-cert-file /path/to/redis.crt
tls-key-file /path/to/redis.key
tls-auth-clients no

The tls-auth-clients directive is set to no to specify that client authentication is not required.

3. Configure the Replica Redis Server(s): On each replica server, edit the redis.conf file to enable TLS and provide the certificate files as above, but also add a replicaof directive pointing to the master server.

tls-port 6380
tls-cert-file /path/to/redis.crt
tls-key-file /path/to/redis.key
tls-auth-clients no
replicaof <master-ip> 6380

4. Client Configuration: When connecting from a client, specify the TLS port and rediss:// protocol.

import redis

r = redis.Redis(
    host='localhost',
    port=6380,
    ssl=True,
)

Remember to replace 'localhost' with the real address of your Redis servers in production setup.

Please refer to Redis's official documentation for most up-to-date and detailed instructions.