@@ -32,10 +32,53 @@ echo "# Memory-optimized settings for small-scale deployments" >> /etc/valkey/va
3232echo " maxmemory ${MAXMEMORY_MB} mb" >> /etc/valkey/valkey.conf
3333echo " maxmemory-policy allkeys-lru" >> /etc/valkey/valkey.conf
3434echo " maxmemory-samples 10" >> /etc/valkey/valkey.conf
35+ msg_ok " Installed Valkey"
36+
37+ read -r -p " ${TAB3} Would you like to enable TLS for Valkey (Note: sentinel mode does not support TLS)? [y/N]: "
38+ if [[ ${prompt,,} =~ ^(y| yes)$ ]]; then
39+ read -r -p " ${TAB3} Would you like Valkey to listen only on TLS (disable TCP port 6379)? [y/N]: "
40+ msg_info " Configuring TLS for Valkey..."
41+ TLS_DIR=" /etc/valkey/tls"
42+ mkdir -p " $TLS_DIR "
43+ chown valkey:valkey " $TLS_DIR "
44+ chmod 750 " $TLS_DIR "
45+
46+ openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
47+ -subj " /CN=$( hostname) "
48+ -keyout " $TLS_DIR /valkey.key"
49+ -out " $TLS_DIR /valkey.crt"
50+ > /dev/null 2>&1
51+
52+ chown valkey:valkey " $TLS_DIR "
53+ chmod 640 " $TLS_DIR /valkey.crt"
54+ chmod 600 " $TLS_DIR /valkey.key"
55+
56+ if [[ ${tls_only,,} =~ ^(y| yes)$ ]]; then
57+ {
58+ echo " "
59+ echo " # TLS configuration generated by Proxmox VE Valkey helper-script"
60+ echo " port 0"
61+ echo " tls-port 6379"
62+ echo " tls-cert-file $TLS_DIR /valkey.crt"
63+ echo " tls-key-file $TLS_DIR /valkey.key"
64+ echo " tls-auth-clients no"
65+ } >> /etc/valkey/valkey.conf
66+ msg_ok " Enabled TLS-only mode on port 6379"
67+ else
68+ {
69+ echo " "
70+ echo " # TLS configuration generated by Proxmox VE Valkey helper-script"
71+ echo " tls-port 6380"
72+ echo " tls-cert-file $TLS_DIR /valkey.crt"
73+ echo " tls-key-file $TLS_DIR /valkey.key"
74+ echo " tls-auth-clients no"
75+ } >> /etc/valkey/valkey.conf
76+ msg_ok " Enabled TLS on port 6380 and TCP on 6379"
77+ fi
78+ fi
3579
3680systemctl enable -q --now valkey-server
3781systemctl restart valkey-server
38- msg_ok " Installed Valkey"
3982
4083motd_ssh
4184customize
0 commit comments