Skip to content

Commit a656b9a

Browse files
committed
First commit with code
1 parent 85de974 commit a656b9a

File tree

3 files changed

+144
-0
lines changed

3 files changed

+144
-0
lines changed

README.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,23 @@
11
# stunredis
2+
23
No-configuration connections for redis-cli to Redis TLS services
4+
5+
## Use
6+
7+
To run stunredis.sh:
8+
9+
* Download the files.
10+
* `chmod u+x stunredis.sh` to make it executable.
11+
* Get a connection string for your Redis database.
12+
* Run `./stunredis.sh <connection string>`
13+
14+
## Notes on lechain.pem
15+
16+
The lechain.pem file is a sample of the verification chain for Lets Encrypt. Do not use for production if you are concerned about correctness.
17+
18+
You can be create your own version of lechain.pem by downloading and combining the contents of the [Let's Encrypt X3 Cross-signed PEM file](https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt) and the [IdenTrust Root for X3](https://www.identrust.com/certificates/trustid/root-download-x3.html). (The latter link's content will need to be wrapped in the same -----BEGIN CERTIFICATE-----/-----END CERTIFICATE----- lines that the first links content is wrapped in). Consult lechain.pem for an example of how it should look.
19+
20+
For simplicity, it is located in the same directory as the stunredis.sh script.
21+
22+
23+

lechain.pem

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
3+
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
4+
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
5+
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
6+
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
7+
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
8+
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
9+
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
10+
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
11+
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
12+
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
13+
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
14+
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
15+
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
16+
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
17+
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
18+
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
19+
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
20+
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
21+
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
22+
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
23+
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
24+
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
25+
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
26+
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
27+
-----END CERTIFICATE-----
28+
-----BEGIN CERTIFICATE-----
29+
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
30+
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
31+
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
32+
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
33+
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
34+
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
35+
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
36+
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
37+
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
38+
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
39+
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
40+
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
41+
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
42+
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
43+
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
44+
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
45+
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
46+
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
47+
-----END CERTIFICATE-----
48+
49+
50+

stunredis.sh

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
#!/bin/bash
2+
#
3+
# Stunredis.sh
4+
#
5+
# Copyright 2018 IBM Corp.
6+
#
7+
# Licensed under the Apache License, Version 2.0 (the "License");
8+
# you may not use this file except in compliance with the License.
9+
# You may obtain a copy of the License at
10+
#
11+
# http://www.apache.org/licenses/LICENSE-2.0
12+
#
13+
# Unless required by applicable law or agreed to in writing, software
14+
# distributed under the License is distributed on an "AS IS" BASIS,
15+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+
# See the License for the specific language governing permissions and
17+
# limitations under the License.
18+
19+
DATABASE_URL=$1
20+
LOCALPORT=${2:-6830}
21+
22+
# This is the location of the validation chain file
23+
lechain=./lechain.pem
24+
25+
# URL parsing based on https://stackoverflow.com/a/17287984
26+
# extract the protocol
27+
proto="`echo $DATABASE_URL | grep '://' | sed -e's,^\(.*://\).*,\1,g'`"
28+
# remove the protocol
29+
url=`echo $DATABASE_URL | sed -e s,$proto,,g`
30+
# extract the user and password (if any)
31+
userpass="`echo $url | grep @ | cut -d@ -f1`"
32+
pass=`echo $userpass | grep : | cut -d: -f2`
33+
if [ -n "$pass" ]; then
34+
user=`echo $userpass | grep : | cut -d: -f1`
35+
else
36+
user=$userpass
37+
fi
38+
hostport=`echo $url | sed -e s,$userpass@,,g | cut -d/ -f1`
39+
port=`echo $hostport | grep : | cut -d: -f2`
40+
if [ -n "$port" ]; then
41+
host=`echo $hostport | grep : | cut -d: -f1`
42+
else
43+
host=$hostport
44+
fi
45+
46+
# Now we create our configuration file as a variable
47+
stunnelconf=""
48+
stunnelconf+=$"foreground=yes\n"
49+
stunnelconf+=$"[redis-cli]\n"
50+
stunnelconf+=$"client=yes\n"
51+
stunnelconf+=$"accept=127.0.0.1:$LOCALPORT\n"
52+
stunnelconf+=$"verifyChain=yes\n"
53+
54+
stunnelconf+=$"checkHost=$host\n"
55+
stunnelconf+=$"CAfile=$lechain\n"
56+
stunnelconf+=$"connect=$hostport\n"
57+
58+
# We expand that out in echo and feed the result to stunnel
59+
# which is set to take its configuration from a file descriptor
60+
# in this case, 0, stdin.
61+
62+
echo -e $stunnelconf | stunnel -fd 0 &
63+
64+
# Grab the pid
65+
stunnelpid=$!
66+
# Sleep a moment to let the connection establish
67+
sleep 1
68+
# Now call redis-cli for the user to interact with
69+
redis-cli -p $LOCALPORT -a ${pass}
70+
# Once they leave that, kill the stunnel
71+
kill $stunnelpid
72+
73+

0 commit comments

Comments
 (0)