Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon How do I set up TLS/SSL encryption for Redis connections in Laravel Sail


How do I set up TLS/SSL encryption for Redis connections in Laravel Sail


To set up TLS/SSL encryption for Redis connections in Laravel Sail, you can follow these steps:

1. Configure Redis in your `docker-compose.yml` file:

In the `services` section, add the Redis service with the necessary configuration:

yaml
   redis:
     image: 'redis:alpine'
     ports:
       - '${FORWARD_REDIS_PORT:-6379}:6379'
     volumes:
       - 'sailredis:/data'
     command: redis-server --requirepass ${REDIS_PASSWORD} --tls-port 6379 --tls-cert-file /data/tls/cert.pem --tls-key-file /data/tls/key.pem
     environment:
       - TLS_CERT_FILE=/data/tls/cert.pem
       - TLS_KEY_FILE=/data/tls/key.pem
   

This configuration sets up Redis to use TLS/SSL encryption with a password. It also specifies the paths for the SSL certificate and key files.

2. Generate SSL certificate and key:

You'll need to generate SSL certificate and key files that match the paths specified in the `docker-compose.yml` file. You can use OpenSSL or any other tool to generate these files.

For example, using OpenSSL:

bash
   openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
   

This command will generate `key.pem` and `cert.pem` files in the current directory.

3. Mount the SSL files in the Redis container:

In the `volumes` section of your `docker-compose.yml` file, add a volume to mount the SSL certificate and key files:

yaml
   volumes:
     - 'sailredis:/data'
     - './path/to/ssl:/data/tls'
   

Replace `'./path/to/ssl'` with the actual path to the directory containing your SSL files.

4. Configure Redis connection in Laravel:

Update your Redis configuration in `config/database.php` to use TLS/SSL encryption:

php
   'redis' => [
       'client' => env('REDIS_CLIENT', 'phpredis'),
       'options' => [
           'cluster' => env('REDIS_CLUSTER', 'redis'),
           'prefix' => env('REDIS_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_database_'),
           'scheme' => 'tls',
       ],
       'default' => [
           'url' => env('REDIS_URL'),
           'host' => env('REDIS_HOST', '127.0.0.1'),
           'password' => env('REDIS_PASSWORD'),
           'port' => env('REDIS_PORT', '6379'),
           'database' => env('REDIS_DB', '0'),
       ],
   ],
   

Add the `'scheme' => 'tls'` option to enable TLS/SSL encryption for Redis connections.

5. Set Redis environment variables:

In your `.env` file, set the Redis-related environment variables:


   REDIS_HOST=redis
   REDIS_PASSWORD=your-redis-password
   REDIS_PORT=6379
   

Replace `'your-redis-password'` with the actual password you want to use for Redis.

6. Start or restart your Sail environment:

bash
   sail up -d
   

This will start the Redis service with TLS/SSL encryption enabled.

By following these steps, you should have Redis configured to use TLS/SSL encryption in your Laravel Sail environment. Make sure the SSL certificate and key files are valid and match the paths specified in the `docker-compose.yml` file.

Citations:
[1] https://github.com/laravel/sail/issues/591
[2] https://github.com/laravel/sail/issues/589
[3] https://laravel.com/docs/11.x/redis
[4] https://stackoverflow.com/questions/67097278/add-new-service-using-laravel-sail
[5] https://laracasts.com/discuss/channels/guides/redis-horizon-with-sail