This page describes how to start Redis and Webdis in [Docker Compose](https://docs.docker.com/compose/), with secure connections between the two.
## Requirements
For this, we'll need:
1. Docker Compose (you should have it if you use [Docker Desktop](https://www.docker.com/products/docker-desktop))
2. Redis version 6 or newer (we'll use a Docker image)
3. Webdis version 0.1.18 or newer (also in a Docker image)
4. A client certificate and key
5. A CA certificate
6. The `openssl` command-line tool
7. Optionally, `curl` for downloading a few files
We'll keep all our files together in a `playground` directory:
```shell
mkdir playground
cd playground
```
## SSL configuration
Let's start by generating the files required to encrypt connections. These instructions are adapted from the `Makefile` on [this page](https://nishanths.svbtle.com/setting-up-redis-with-tls).
### CA certificate
First, the CA cert. Generate a key for it, and then the cert:
Let's start with a custom OpenSSL config file (change the path from `/etc/ssl` if your `openssl.cnf` is located elsewhere, e.g. at `/etc/pki/tls/openssl.cnf` on Fedora).
We should now have `ca.crt`, `redis.key`, and `redis.crt`. We'll need these 3 files to configure the encrypted connections between Webdis and Redis. The other files generated by `openssl` (`redis.csr` and `ca.key`) are not needed by Redis or Webdis.
## Docker Compose directory structure
Let's start with the config files needed by Redis and Webdis; we'll keep them all in a local directory that is mounted by the containers.
Then, edit `./config/redis.conf` and uncomment the following lines and set their values as listed:
-`tls-port 6380` (on line 145, this should initially say `# tls-port 6379`, make sure to change the port number)
-`tls-cert-file /config/redis.crt` (on line 151)
-`tls-key-file /config/redis.key` (on line 152)
-`tls-ca-cert-file /config/ca.crt` (on line 184)
Then change line 75 which starts with `bind`, so that it looks like this:
```
bind 0.0.0.0
```
You can also grab `redis.conf` from [this Gist](https://gist.github.com/nicolasff/513d3ebd9d6f4268d6deb1d979fa44b8) which contains a Redis 6.2.6 config file with the required changes.
## Docker Compose configuration
Create a new file named `docker-compose.yml` in your `playground` directory, with the following contents:
volumes: # mount volume containing the config files
- ./config:/config
networks:
- secure
expose: # make the TLS port from Redis visible to Webdis
- "6380"
networks:
secure:
```
This configures two services named `webdis` and `redis`, sharing a common network named `secure`. With the `expose` property Redis allows connections from Webdis on port 6380. Both containers mount the local `config` directory under `/config` and start their binaries using the configuration files we've just created and edited. Finally, Webdis also allows binds its (container) port 7379 to the hosts's loopback interface also on port 7379. This will let us run `curl` locally to connect to Webdis from the host.
**Note:** While the Webdis Docker image does bundle a Redis binary, it makes more sense to use multiple containers to demonstrate the use of SSL connections. This bundled Redis service does not run in this example, since we replace the Webdis command with one that only starts Webdis instead of starting Redis and Webdis together in the same container.
## Start the Docker Compose stack
From the `playground` directory, run:
```shell
docker-compose up
```
You should see both services logging to the console in different colors, with an output like:
```none
Creating playground_redis_1 ... done
Creating playground_webdis_1 ... done
Attaching to playground_redis_1, playground_webdis_1
redis_1 | 1:C 23 Oct 2021 01:42:49.704 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis_1 | 1:C 23 Oct 2021 01:42:49.705 # Redis version=6.2.6, bits=64, commit=00000000, modified=0, pid=1, just started
redis_1 | 1:C 23 Oct 2021 01:42:49.705 # Configuration loaded