preface
In the learning process, it is found that the Zset of redis can also be used to realize the lightweight delayed message queuing function. Although the reliability needs to be improved, it can be realized for some functions that require less data reliability. This paper mainly uses zadd, zrangebycore and zdel in Zset of redis to realize a small demo.
Prepare to install redis, redis go in advance
FastoRedis (fork of FastoNoSQL) - is a cross-platform open source Redis management tool (i.e. It put the same engine that powers Redis's redis-cli shell. Everything you can write in redis-cli shell - you can write in Fastoredis! Our program works on the most amount of Linux systems, also on Windows, Mac OS X, FreeBSD and Android platforms. Redis desktop/gui client. As of v1.0.28 RediNav for Linux/Windows is free! Download and enjoy! Linux (Ubuntu v18.04+) Windows (v10+) Also available at (c) Scavaline 2019 Bulgaria, 9000 Varna, 44 Rayko Zhinzifov Str.
Because the Mac OS is used
Because it is lazy, the objectid in bson is directly used to generate the unique ID of the task
The unique ID is not required, but if there is a practical application to carry, it is easy to find the corresponding task.
producer
10W tasks are generated through a for loop, each with a different time
The addjob function is in another package, which takes the randomly generated time in the previous function as the timestamp to be processed
consumer
The consumer processing process is divided into two steps:
Redis Gui Client Windows Free
- Gets tasks less than or equal to the current timestamp
- By deleting the current task to determine who has obtained the current task
This is because when obtaining tasks less than or equal to the current timestamp, multiple go routines may read the current task at the same time, and only one task can process the current task. Therefore, we need to use a scheme to determine who will handle the task (of course, if only one consumer can read it, it will be handled directly): at this time, it can be obtained through the deletion operation of redis, because only the successful operation will return non-zero when deleting the specified value, so we can think of the go that successfully deleted the current queue Routine got the current assignment.
Here is the code:
Redis part of the code, get the task and delete the task
That’s pretty much the code. Finally, after running, I can deal with 1W tasks every 3-4 seconds
The above is the whole content of this article, I hope to help you in your study, and I hope you can support developeppaer more.
In this article, I will explain how to secure your Redis databases using SSL (Secure Sockets Layer). In production, it is a good practice to use SSL to protect the data that are moving between various computers (client applications and Redis servers). Transport Level Security (TLS) guarantees that only allowed applications/computers are connected to the database, and also that data is not viewed or altered by a middle man process.
You can secure the connections between your client applications and Redis cluster using:
- One-Way SSL: the client (your application) get the certificate from the server (Redis cluster), validate it, and then all communications are encrypted
- Two-Way SSL: (aka mutual SSL) here both the client and the server authenticate each other and validate that both ends are trusted.
In this article, I will focus on the Two-Way SSL, and using Redis Enterprise.
Prerequisites:
- A Redis Enterprise 5.4.x database, (my database is protected by the password
secretdb01
, and listening on port12000
) redis-cli
to run basic commands- Python, Node, and Java installed if you want to test various languages.
Simple Test
Let’s make sure that the database is available:
This should print the Server information.
1- Get the Certificate from Redis Cluster
You have access to the Redis Enterprise Cluster, you go to one of the nodes to retrieve the certificate (that is a self-generated one by default).
The cluster certificate is located at: /etc/opt/redislabs/proxy_cert.pem
.
You have to copy it on each client machine; note that once it is done you can use this certificate to connect using “One-Way SSL”, but not the purpose of this article.
In my demonstration I am using Docker and copy the certificate using this command from my host:
2- Generate a New Client Certificate
Using the Two-Way SSL you need to have a certificate for the client that will be used by Redis database proxy to trust the client.
In this article I will use a self-signed certificate using OpenSSL, in this example, we are creating a certificate for an application named app_001
.
You can create as many certificates as you want, or reuse this one for all servers/applications.
Open a terminal and run the following commands:
This command generate a new client key (client_key_001.pem
) and certificate (client_cert_001.pem
) with no passphrase.
3- Configure the Redis Database
The next step is to take the certificate and add it to the database you want to protect.
Let’s copy the certificate and paste it into the Redis Enterprise Web Console.
Copy the certificate in your clipboard:
Mac:
Linux:
Windows:
Redis Client Macos
Go to the Redis Enterprise Admin Web Console and enable TLS on your database:
- Edit the database configuration
- Check TLS
- Select “Require TLS for All communications”
- Check “Enforce client authentication”
- Paste the certificate in the text area
- Click the Save button to save the certificate
- Click the Update button to save the configuration.
The database is now protected, and it is mandatory to use the SSL certificate to connect to it.
4- Connect to the Database using the Certificate
Install Redis Client On Mac
In all following examples, I am using a “self-signed” certificate, so I do not check the validity of the hostname.You should adapt the connections/TLS information based on your certificate configuration.
4.1 Using Redis-CLI
To connect to a SSL protected database using redis-cli
you have to use stunnel
.
Create a stunnel.conf
file with the following content:
Start stunnel using the command
This will start a process that listen to port 6380
and used as a proxy to the Redis Enterprise database on port 12000
.
4.2 Using Python
Using Python, you have to set the SSL connection parameters:
More information in the documentation “Using Redis with Python”.
Redis Client On Mac Os
4.3 Using Node.JS
For Node Redis, use the TLS library to configure the client connection:
More information in the documentation “Using Redis with Node.js”.
4.4 Using Java
In Java, to be able to connect using SSL, you have to install all the certificates in the Java environment using the keytool utility.
Create a keystore file that stores the key and certificate you have created earlier:
As you can see the keystore is used to store the credentials associated with you client; it will be used later with the -javax.net.ssl.keyStore
system property in the Java application.
In addition to the keys tore, you also have to create a trust store, that is used to store other credentials for example in our case the redis cluster certificate.
Create a trust store file and add the Redis cluster certificate to it
The trustore will be used later with the -javax.net.ssl.trustStore
system property in the Java application.
You can now run the Java application with the following environment variables:
For this example and simplicity, I will hard code these property in the Java code itself:
- line 8-12, the system environment variables are set to point to the keystore and trust store (this should be externalized)
- line 14, the Redis URL start with
rediss
with 2 s to indicate that the connection should be encrypted - line 17, set the database password
Redis Client On Mac Catalina
More information in the documentation “Using Redis with Java”.
Conclusion
In this article, you have learned how to:
- retrieve the Redis Server certificate
- generate a client certificate
- protect your database to enforce transport level security (TLS) with 2 ways authentication
- connect to the database from
redis-cli
, Python, Node and Java