{"id":7745,"date":"2018-10-04T08:46:04","date_gmt":"2018-10-04T00:46:04","guid":{"rendered":"http:\/\/rmohan.com\/?p=7745"},"modified":"2018-10-04T08:46:10","modified_gmt":"2018-10-04T00:46:10","slug":"how-to-fix-redis-cli-error-connection-reset-by-peer","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7745","title":{"rendered":"How to Fix Redis CLI Error Connection Reset by Peer"},"content":{"rendered":"

Overview<\/h3>\n

Recently we faced an issue with an\u00a0AWS ElastiCache Redis<\/strong>\u00a0instance when trying to test the connections from\u00a0EC2<\/strong>\u00a0Instance<\/strong>\u00a0using\u00a0Redis CLI<\/strong>, we faced the following error<\/p>\n

$ .\/redis-cli -c -h my<\/span>-redis-server -p 6379<\/span> my<\/span>-redis-server:6379<\/span>> set a “hello”<\/span> Error: Connection reset<\/span> by peer<\/p>\n

 <\/p>\n

 <\/p>\n

Problem<\/h3>\n

On investigation, we found that the\u00a0ElastiCache Redis<\/strong>\u00a0Instance is using\u00a0Encryption in-transit<\/strong>\u00a0and\u00a0Encryption at-rest<\/strong>\u00a0and by design,\u00a0the Redis CLI is not compatible with the encryption.<\/strong><\/p>\n

 <\/p>\n

 <\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Solution<\/h3>\n

The solution to test the connectivity and to use the\u00a0Redis CL<\/strong>I with ElastiCache In-Transit encryption,\u00a0 we needed to configure \u2018stunnel<\/a>\u2019<\/p>\n

Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs\u2019 code<\/p><\/blockquote>\n

With stunnel\u00a0client would create a SSL tunnel to the Redis nodes and use redis-cli to connect through the tunnel to access data from encrypted redis nodes.<\/p>\n

Here is how to setup everything, we are using Amazon Linux in this example but same steps should work on Redhat Linux<\/p>\n

1. Install stunnel<\/p>\n

\r\n$<\/span>\u00a0sudo yum install stunnel\u00a0 -y<\/span>\r\n<\/code><\/pre>\n
2. Configure SSL tunnel for redis-cli<\/p>\n
\r\n$<\/span> sudo vi \/etc\/stunnel\/redis-cli.conf<\/span>\r\n<\/code> Set the following properties in redis-cli.conf file \r\nfips<\/span> = no<\/span>\r\nsetuid<\/span> = root\r\nsetgid<\/span> = root\r\npid<\/span> = \/var\/run\/stunnel.pid\r\ndebug<\/span> = 7<\/span>\r\noptions<\/span> = NO_SSLv2\r\noptions<\/span> = NO_SSLv3\r\n[redis-cli]<\/span>\r\nclient<\/span> = yes<\/span>\r\naccept<\/span> = 127.0<\/span>.0.1<\/span>:6379<\/span>\r\nconnect<\/span> = my-redis-server:6379<\/span>\r\n<\/code><\/pre>\n
3. Start Stunnel<\/p>\n
\r\n$<\/span> sudo stunnel \/etc\/stunnel\/redis-cli.conf<\/span>\r\n<\/code><\/pre>\n
4.\u00a0Verify the tunnel is running<\/p>\n
\r\n$<\/span> sudo netstat -tulnp | grep -i stunnel<\/span>\r\n<\/code> You might see following output from the above command \r\ntcp<\/span> 0 0 127.0<\/span>.0<\/span>.1<\/span>:6379<\/span> 0.0<\/span>.0<\/span>.0<\/span>:* LISTEN<\/span> 1314 stunnel<\/span>\r\n<\/code><\/pre>\n
5. Last is to connect to Redis cluster using Redis CLI using SSL tunnel (Yes it is connecting using localhost tunnel)<\/p>\n
\r\nredis-cli -h localhost -p 6379\r\n<\/code><\/pre>\n
Note: To install Redis CLI on Linux check\u00a0this AWS documentation<\/a><\/p>\n
6. Run few Redis commands to see if it works<\/p>\n
\r\n\r\n$ .\/redis-cli -h localhost -p 6379\r\nlocalhost:6379> set a hello<\/span>\r\nOK\r\nlocalhost:6379> get a<\/span>\r\n\"hello\"<\/span>\r\nlocalhost:6379><\/span>\r\n\r\n<\/span><\/code><\/pre>\n
Hope you find this post useful, please leave a comment and let us know what topics you would like to see.<\/p>\n","protected":false},"excerpt":{"rendered":"
Overview <\/p>\n
Recently we faced an issue with an AWS ElastiCache Redis instance when trying to test the connections from EC2 Instance using Redis CLI, we faced the following error<\/p>\n
$ .\/redis-cli -c -h my-redis-server -p 6379 my-redis-server:6379> set a “hello” Error: Connection reset by peer<\/p>\n
 <\/p>\n
 <\/p>\n
 Problem <\/p>\n
On investigation, we found that the ElastiCache […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7745"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7745"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7745\/revisions"}],"predecessor-version":[{"id":7747,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7745\/revisions\/7747"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}