Azure, Docker

Connecting to Azure Redis Cache with Docker

3 min read

If you are a Windows user and you want to access your Redis cache, you probably have realized that getting the redis-cli for Windows is not as easy as 1,2,3. You probably also wandered around the internet trying to find a free GUI that does the job of access Redis in a secure way (that is that is supports SSL/TLS out of the box). You then realized again that they probably have limitations themselves and it’s also not easy as 1,2,3. Your last solution, use the redis-cli that comes with the redis server on a linux flavored distro.

Lucky for you, in Windows 10, you can install the Linux subsystem and then install redis which includes the redis-cli.

Great, but the redis-cli, out of the box, as a Redis client, does not support SSL/TLS out of the box.

You came to the right place as there’s a solution if you already have Docker installed on your machine. You can make use of it right away to leverage the translation from secure to non secure.

Introduction

You want to communicate to your Redis Cache instance securely. Redis by default does not support SSL/TLS and was designed to be used in a true private network. This means that if you don’t use a secure channel, everything you do will be in plain text, including your access key when you connect. Azure, as mentioned by Kloud1, to circumvent this limitation, put a reverse proxy in front of Redis. In order to connect using a secure channel, you need to tunnel your connection and to do that, you can use Socat. Socat is defined as

A command line based utility that establishes two bidirectional byte streams and transfers data between them. Because the streams can be constructed from a large set of different types of data sinks and sources (see address types), and because lots of address options may be applied to the streams, socat can be used for many different purposes.2

Setup

You first need to create yourself an image with socat. You can do so using the following Dockerfile. This will package socat along with the common certificate authorities required for public TLS certificate chain validation.

You can then build your docker image

Running redis-cli

You first need to create and run the socat container that will be used to tunnel your redis cache connections

TCP-LISTEN: tell socat to listen on the redis default port.
fork: After establishing a connection, handles its channel in a child process and keeps the parent process attempting to produce more connections, either by listening or by connecting in a loop
reuseaddr: Allows other sockets to bind to an address even if parts of it (e.g. the local port) are already in use by socat
openssl-connect: Create a TLS connect tunnel

Replace XXXXX with your redis cache server name.

Then you can run interactively a shell (sh) on a redis alpine image

Note that here, we are using --network=host which tells docker to use the Docker host network stack.

Once inside the container, you can then use the redis-cli

where KEYXXXXX is the key you can find in the Keys blade of your Redis Cache resource in Azure.

Once connected you can type the command PING to see if you can get a PONG back. If you do, you have successfully connected to your Redis Cache instance.

Conclusion

You can now happily access a secured Redis Cache on Azure using this technique.

As a side note, you probably have realized that when you create a Redis Cache on Azure, it doesn’t take a few minutes like a Web App or other products; it may take 15-25 minutes. If you want Microsoft to lower the provisioning time as one of their priorities, go vote on the feedback forum here. Every vote counts (yes I did vote ;-))

1Kudos to Kloud who made a great blog post on the subject.

2: http://www.dest-unreach.org/socat/doc/socat.html