gvsafronov/futriix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix branding

Browse Source 
Former-commit-id: b20803b7669b10804fb0f355e302898ddaa19906
This commit is contained in:
John Sully 2021-05-29 07:08:01 +00:00
parent bfd639d485
commit 7069fcc695
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
TLS.md
View File

@ -13,13 +13,13 @@ Run `make BUILD_TLS=yes`.
### Tests ### Tests
To run Redis test suite with TLS, you'll need TLS support for TCL (i.e. To run KeyDB test suite with TLS, you'll need TLS support for TCL (i.e.
`tcl-tls` package on Debian/Ubuntu). `tcl-tls` package on Debian/Ubuntu).
1. Run `./utils/gen-test-certs.sh` to generate a root CA and a server 1. Run `./utils/gen-test-certs.sh` to generate a root CA and a server
certificate. certificate.
2. Run `./runtest --tls` or `./runtest-cluster --tls` to run Redis and Redis 2. Run `./runtest --tls` or `./runtest-cluster --tls` to run KeyDB and KeyDB
Cluster tests in TLS mode. Cluster tests in TLS mode.
### Running manually ### Running manually
@ -27,23 +27,23 @@ To run Redis test suite with TLS, you'll need TLS support for TCL (i.e.
To manually run a Redis server with TLS mode (assuming `gen-test-certs.sh` was To manually run a Redis server with TLS mode (assuming `gen-test-certs.sh` was
invoked so sample certificates/keys are available): invoked so sample certificates/keys are available):
./src/redis-server --tls-port 6379 --port 0 \ ./src/keydb-server --tls-port 6379 --port 0 \
--tls-cert-file ./tests/tls/redis.crt \ --tls-cert-file ./tests/tls/keydb.crt \
--tls-key-file ./tests/tls/redis.key \ --tls-key-file ./tests/tls/keydb.key \
--tls-ca-cert-file ./tests/tls/ca.crt --tls-ca-cert-file ./tests/tls/ca.crt
To connect to this Redis server with `redis-cli`: To connect to this Redis server with `keydb-cli`:
./src/redis-cli --tls \ ./src/keydb-cli --tls \
--cert ./tests/tls/redis.crt \ --cert ./tests/tls/keydb.crt \
--key ./tests/tls/redis.key \ --key ./tests/tls/keydb.key \
--cacert ./tests/tls/ca.crt --cacert ./tests/tls/ca.crt
This will disable TCP and enable TLS on port 6379. It's also possible to have This will disable TCP and enable TLS on port 6379. It's also possible to have
both TCP and TLS available, but you'll need to assign different ports. both TCP and TLS available, but you'll need to assign different ports.
To make a Replica connect to the master using TLS, use `--tls-replication yes`, To make a Replica connect to the master using TLS, use `--tls-replication yes`,
and to make Redis Cluster use TLS across nodes use `--tls-cluster yes`. and to make KeyDB Cluster use TLS across nodes use `--tls-cluster yes`.
Connections Connections
----------- -----------
@ -56,18 +56,18 @@ Note that unlike Redis, KeyDB fully supports multithreading of TLS connections.
To-Do List To-Do List
---------- ----------
- [ ] redis-benchmark support. The current implementation is a mix of using - [ ] keydb-benchmark support. The current implementation is a mix of using
hiredis for parsing and basic networking (establishing connections), but hiredis for parsing and basic networking (establishing connections), but
directly manipulating sockets for most actions. This will need to be cleaned directly manipulating sockets for most actions. This will need to be cleaned
up for proper TLS support. The best approach is probably to migrate to hiredis up for proper TLS support. The best approach is probably to migrate to hiredis
async mode. async mode.
- [ ] redis-cli `--slave` and `--rdb` support. - [ ] keydb-cli `--slave` and `--rdb` support.
Multi-port Multi-port
---------- ----------
Consider the implications of allowing TLS to be configured on a separate port, Consider the implications of allowing TLS to be configured on a separate port,
making Redis listening on multiple ports: making KeyDB listening on multiple ports:
1. Startup banner port notification 1. Startup banner port notification
2. Proctitle 2. Proctitle