redis開啟ssl過程：

首先編譯安裝redis：

cd /usr/local/src wget https://download.redis.io/releases/redis-6.0.9.tar.gz tar xf redis-6.0.9.tar.gz -C /opt cd redis-6.0.9 make MALLOC=libc BUILD_TLS=yes make PREFIX=/opt/redis install mkdir /data/redis;echo "PATH=/opt/redis/bin:$PATH" >> /etc/profile source /etc/profile;mkdir /opt/redis/conf cp /usr/local/src/redis-6.0.9/redis.conf /opt/redis/conf/ sed -i "365s#./#/opt/redis/conf/#" /opt/redis/conf/redis.conf echo vm.overcommit_memory = 1 >> /etc/sysctl.conf;sysctl -p

生成證書

mkdir /opt/redis/zs openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -sha256 -key ca.key -days 3650 -subj "/O=Redis Test/CN=Certificate Authority" -out ca.crt openssl genrsa -out redis.key 2048 openssl req -new -sha256 -key redis.key -subj "/O=Redis Test/CN=Server" | openssl x509 -req -sha256 -CA ca.crt -CAkey ca.key -CAserial ca.txt -CAcreateserial -days 365 -out redis.crt openssl dhparam -out redis.dh 2048

啟動redis

cd /opt/redis ./bin/redis-server --tls-port 6379 --port 0 --tls-cert-file ./zs/redis.crt --tls-key-file ./zs/redis.key --tls-ca-cert-file ./zs/ca.crt

驗證tls

cd /opt/redis ./bin/redis-cli --tls --cert ./zs/redis.crt --key ./zs/redis.key --cacert ./zs/ca.crt