TLS support is enabled in the default build. To build without TLS, run make BUILD_TLS=no
.
To run KeyDB test suite with TLS, you'll need TLS support for TCL (i.e.
tcl-tls
package on Debian/Ubuntu).
Run ./utils/gen-test-certs.sh
to generate a root CA and a server
certificate.
Run ./runtest --tls
or ./runtest-cluster --tls
to run KeyDB and KeyDB
Cluster tests in TLS mode.
To manually run a Redis server with TLS mode (assuming gen-test-certs.sh
was
invoked so sample certificates/keys are available):
./src/keydb-server --tls-port 6379 --port 0 \
--tls-cert-file ./tests/tls/client.crt \
--tls-key-file ./tests/tls/client.key \
--tls-ca-cert-file ./tests/tls/ca.crt
To connect to this Redis server with keydb-cli
:
./src/keydb-cli --tls \
--cert ./tests/tls/keydb.crt \
--key ./tests/tls/keydb.key \
--cacert ./tests/tls/ca.crt
This will disable TCP and enable TLS on port 6379. It's also possible to have both TCP and TLS available, but you'll need to assign different ports.
To make a Replica connect to the master using TLS, use --tls-replication yes
,
and to make KeyDB Cluster use TLS across nodes use --tls-cluster yes
.
All socket operations now go through a connection abstraction layer that hides I/O and read/write event handling from the caller.
Note that unlike Redis, KeyDB fully supports multithreading of TLS connections.
--slave
and --rdb
support.Consider the implications of allowing TLS to be configured on a separate port, making KeyDB listening on multiple ports:
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。