Setup for icinga-redis for TLS and network connections

I just wanted to share some information about setting up redis for TLS and network connections

open /etc/icingadb-redis/icingadb-redis.conf
change the following:

from 
port 6380
to 
port 0

FROM:
bind 127.0.0.1 ::1
TO:
# bind 127.0.0.1 ::1

FROM:
protected-mode yes
TO:
protected-mode no

then add the following lines to /etc/icingadb-redis/icingadb-redis.conf
(since you are exposing redis to network connections, please assign a password)

requirepass Please_Dont_Hack_Me_Bro!
tls-port 6380 
tls-cert-file /etc/ssl/certs/redis.crt  
tls-key-file /etc/ssl/certs/redis.key   
tls-auth-clients no

save the file, restart icingadb-redis

To test the cert
echo | openssl s_client -connect $(hostname -f):6379

you now it is working when you use
Verify return code: 0 (ok)

Hope this is helpful (you will need to update the following configurations with the new redis information).

• /etc/icingadb/conf.yml
• /etc/icinga2/features-enabled/icingadb.conf
• /etc/icingaweb2/modules/icingadb/redis.ini

First, thanks a lot for your How-To and your input.

The icingadb-redis uses the non-default port 6380 instead of Redis’ default port 6379. Then, you might want to set the tls-port to 6380.

Furthermore, for TLS configuration I would suggest everyone to take a look at Mozilla SSL Configuration Generator’s output for Redis.

thanks for the feedback, I changed the tls-port 6380 and added a list of configurations files that use redis.