Redis 7 Cluster SSL/TLS Setup Guide

Set up a production-ready Redis 7 cluster with automatic sharding, SSL/TLS encryption, authentication, and comprehensive security hardening for high availability and data protection.

Prerequisites

Root or sudo access
At least 4GB RAM
6 available ports (7001-7006)
Basic Redis knowledge
Understanding of SSL/TLS concepts

What this solves

Redis cluster sharding with SSL/TLS provides automatic data distribution across multiple nodes while securing all client connections and inter-node communication. This setup ensures high availability, horizontal scalability, and enterprise-grade security for production workloads requiring both performance and data protection.

Prerequisites and SSL certificate setup

Update system packages

Start by updating your package manager to ensure you have the latest Redis and security packages.

sudo apt update && sudo apt upgrade -y
sudo apt install -y redis-server redis-tools openssl

sudo dnf update -y
sudo dnf install -y redis redis-cli openssl

Create SSL certificate authority

Generate a self-signed CA certificate for securing Redis cluster communications and client connections.

sudo mkdir -p /etc/redis/ssl
cd /etc/redis/ssl
sudo openssl genrsa -out ca-key.pem 4096
sudo openssl req -x509 -new -nodes -key ca-key.pem -sha256 -days 3650 -out ca-cert.pem -subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=Redis-CA"

Generate server certificates for each node

Create individual SSL certificates for each Redis cluster node to enable mutual TLS authentication.

for i in {1..6}; do
  sudo openssl genrsa -out redis-server-${i}-key.pem 2048
  sudo openssl req -new -key redis-server-${i}-key.pem -out redis-server-${i}.csr -subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=redis-node-${i}"
  sudo openssl x509 -req -in redis-server-${i}.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out redis-server-${i}-cert.pem -days 365 -sha256
  sudo rm redis-server-${i}.csr
done

Set certificate permissions

Configure secure file ownership and permissions for SSL certificates to prevent unauthorized access.

sudo chown -R redis:redis /etc/redis/ssl
sudo chmod 600 /etc/redis/ssl/*-key.pem
sudo chmod 644 /etc/redis/ssl/*-cert.pem /etc/redis/ssl/ca-cert.pem

Never use chmod 777. It gives every user on the system full access to your SSL private keys. Private keys must only be readable by the Redis user with chmod 600.

Configure Redis cluster nodes with sharding topology

Create cluster node directories

Set up separate data directories for each Redis cluster node with proper ownership and permissions.

for i in {1..6}; do
  sudo mkdir -p /var/lib/redis/cluster-${i}
  sudo mkdir -p /etc/redis/cluster-${i}
  sudo mkdir -p /var/log/redis/cluster-${i}
done
sudo chown -R redis:redis /var/lib/redis/cluster-*
sudo chown -R redis:redis /etc/redis/cluster-*
sudo chown -R redis:redis /var/log/redis/cluster-*

Configure first cluster node

Create the Redis configuration for the first master node with SSL, authentication, and cluster settings.

port 0
tls-port 7001
tls-cert-file /etc/redis/ssl/redis-server-1-cert.pem
tls-key-file /etc/redis/ssl/redis-server-1-key.pem
tls-ca-cert-file /etc/redis/ssl/ca-cert.pem
tls-dh-params-file /etc/redis/ssl/redis.dh
tls-protocols "TLSv1.2 TLSv1.3"
tls-ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
tls-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
tls-prefer-server-ciphers yes

bind 0.0.0.0
requirepass StrongRedisPassword2024!
masterauth StrongRedisPassword2024!

cluster-enabled yes
cluster-config-file /var/lib/redis/cluster-1/nodes.conf
cluster-node-timeout 15000
cluster-announce-hostname redis-node-1
cluster-announce-port 7001
cluster-announce-tls-port 7001
cluster-require-full-coverage no

dir /var/lib/redis/cluster-1/
logfile /var/log/redis/cluster-1/redis.log
loglevel notice

save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb

appendonly yes
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb

maxmemory-policy allkeys-lru
maxclients 10000
tcp-keepalive 300
timeout 0

protected-mode yes
tcp-backlog 511
databases 1

Generate Diffie-Hellman parameters

Create DH parameters for enhanced SSL security across all cluster nodes.

sudo openssl dhparam -out /etc/redis/ssl/redis.dh 2048
sudo chown redis:redis /etc/redis/ssl/redis.dh
sudo chmod 644 /etc/redis/ssl/redis.dh

Create remaining cluster node configurations

Generate Redis configurations for the remaining 5 cluster nodes with unique ports and certificates.

for i in {2..6}; do
  sudo cp /etc/redis/cluster-1/redis.conf /etc/redis/cluster-${i}/redis.conf
  sudo sed -i "s/tls-port 700[0-9]/tls-port 700${i}/g" /etc/redis/cluster-${i}/redis.conf
  sudo sed -i "s/redis-server-[0-9]-cert.pem/redis-server-${i}-cert.pem/g" /etc/redis/cluster-${i}/redis.conf
  sudo sed -i "s/redis-server-[0-9]-key.pem/redis-server-${i}-key.pem/g" /etc/redis/cluster-${i}/redis.conf
  sudo sed -i "s/cluster-[0-9]/cluster-${i}/g" /etc/redis/cluster-${i}/redis.conf
  sudo sed -i "s/redis-node-[0-9]/redis-node-${i}/g" /etc/redis/cluster-${i}/redis.conf
  sudo sed -i "s/announce-port 700[0-9]/announce-port 700${i}/g" /etc/redis/cluster-${i}/redis.conf
  sudo sed -i "s/announce-tls-port 700[0-9]/announce-tls-port 700${i}/g" /etc/redis/cluster-${i}/redis.conf
done

Create systemd service files

Configure systemd services for each Redis cluster node with proper isolation and security.

for i in {1..6}; do
sudo tee /etc/systemd/system/redis-cluster-${i}.service > /dev/null <Security settings
NoNewPrivileges=true
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=/var/lib/redis/cluster-${i} /var/log/redis/cluster-${i} /etc/redis/cluster-${i}
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictSUIDSGID=true
LockPersonality=true
RestrictNamespaces=true

[Install]
WantedBy=multi-user.target
EOF
done

Implement SSL/TLS encryption and authentication

Enable and start cluster nodes

Start all Redis cluster nodes with SSL/TLS encryption enabled and verify they're running properly.

sudo systemctl daemon-reload
for i in {1..6}; do
  sudo systemctl enable redis-cluster-${i}
  sudo systemctl start redis-cluster-${i}
done

Check all nodes are running
for i in {1..6}; do
  sudo systemctl status redis-cluster-${i} --no-pager -l
done

Configure cluster authentication

Set up Redis ACL users with specific permissions for cluster operations and client access.

# Connect to first node and configure ACL
redis-cli --tls \
  --cert /etc/redis/ssl/redis-server-1-cert.pem \
  --key /etc/redis/ssl/redis-server-1-key.pem \
  --cacert /etc/redis/ssl/ca-cert.pem \
  -p 7001 -a StrongRedisPassword2024! <ClusterAdminPass2024! allcommands allkeys
ACL SETUSER app-user ON >AppUserPass2024! +@read +@write +@keyspace +@string +@hash +@list +@set +@sortedset +@bitmap +@hyperloglog +@geo +@stream ~app:*
ACL SETUSER readonly-user ON >ReadOnlyPass2024! +@read ~*
ACL SAVE
EOF

Initialize Redis cluster

Create the Redis cluster with 3 master nodes and 3 replica nodes using SSL connections.

redis-cli --tls \
  --cert /etc/redis/ssl/redis-server-1-cert.pem \
  --key /etc/redis/ssl/redis-server-1-key.pem \
  --cacert /etc/redis/ssl/ca-cert.pem \
  --cluster create 127.0.0.1:7001 127.0.0.1:7002 127.0.0.1:7003 127.0.0.1:7004 127.0.0.1:7005 127.0.0.1:7006 \
  --cluster-replicas 1 -a StrongRedisPassword2024! --cluster-yes

Configure firewall rules

Open only the necessary ports for Redis cluster communication with specific source restrictions.

sudo ufw allow from 203.0.113.0/24 to any port 7001:7006 proto tcp comment 'Redis cluster SSL'
sudo ufw allow from 203.0.113.0/24 to any port 17001:17006 proto tcp comment 'Redis cluster bus'
sudo ufw reload

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="203.0.113.0/24" port protocol="tcp" port="7001-7006" accept'
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="203.0.113.0/24" port protocol="tcp" port="17001-17006" accept'
sudo firewall-cmd --reload

Test cluster operations and monitoring setup

Verify cluster status

Check that all cluster nodes are properly connected and the hash slots are distributed correctly.

redis-cli --tls \
  --cert /etc/redis/ssl/redis-server-1-cert.pem \
  --key /etc/redis/ssl/redis-server-1-key.pem \
  --cacert /etc/redis/ssl/ca-cert.pem \
  -p 7001 -a StrongRedisPassword2024! \
  cluster info

redis-cli --tls \
  --cert /etc/redis/ssl/redis-server-1-cert.pem \
  --key /etc/redis/ssl/redis-server-1-key.pem \
  --cacert /etc/redis/ssl/ca-cert.pem \
  -p 7001 -a StrongRedisPassword2024! \
  cluster nodes

Test data distribution

Verify that data is automatically sharded across cluster nodes using hash slot distribution.

# Test writing data to different keys
for i in {1..10}; do
  redis-cli --tls \
    --cert /etc/redis/ssl/redis-server-1-cert.pem \
    --key /etc/redis/ssl/redis-server-1-key.pem \
    --cacert /etc/redis/ssl/ca-cert.pem \
    -c -p 7001 -a StrongRedisPassword2024! \
    SET "test:key:${i}" "value${i}"
done

Verify data retrieval
for i in {1..10}; do
  redis-cli --tls \
    --cert /etc/redis/ssl/redis-server-1-cert.pem \
    --key /etc/redis/ssl/redis-server-1-key.pem \
    --cacert /etc/redis/ssl/ca-cert.pem \
    -c -p 7001 -a StrongRedisPassword2024! \
    GET "test:key:${i}"
done

Set up monitoring scripts

Create monitoring scripts to track cluster health, memory usage, and connection statistics.

#!/bin/bash
CERT_PATH="/etc/redis/ssl/redis-server-1-cert.pem"
KEY_PATH="/etc/redis/ssl/redis-server-1-key.pem"
CA_PATH="/etc/redis/ssl/ca-cert.pem"
PASSWORD="StrongRedisPassword2024!"
LOG_FILE="/var/log/redis/cluster-health.log"

echo "$(date): Starting Redis cluster health check" >> $LOG_FILE

for port in {7001..7006}; do
    echo "Checking node on port $port:"
    
    # Check if node is responding
    if redis-cli --tls --cert $CERT_PATH --key $KEY_PATH --cacert $CA_PATH -p $port -a $PASSWORD ping > /dev/null 2>&1; then
        echo "  Node $port: ONLINE"
        
        # Get memory info
        MEMORY=$(redis-cli --tls --cert $CERT_PATH --key $KEY_PATH --cacert $CA_PATH -p $port -a $PASSWORD info memory | grep used_memory_human | cut -d: -f2 | tr -d '\r')
        echo "  Memory usage: $MEMORY"
        
        # Get connection count
        CONNECTIONS=$(redis-cli --tls --cert $CERT_PATH --key $KEY_PATH --cacert $CA_PATH -p $port -a $PASSWORD info clients | grep connected_clients | cut -d: -f2 | tr -d '\r')
        echo "  Connections: $CONNECTIONS"
    else
        echo "  Node $port: OFFLINE" | tee -a $LOG_FILE
    fi
    echo
done

Check overall cluster status
CLUSTER_STATE=$(redis-cli --tls --cert $CERT_PATH --key $KEY_PATH --cacert $CA_PATH -p 7001 -a $PASSWORD cluster info | grep cluster_state | cut -d: -f2 | tr -d '\r')
echo "Cluster state: $CLUSTER_STATE"

if [ "$CLUSTER_STATE" != "ok" ]; then
    echo "$(date): ALERT - Cluster state is not OK: $CLUSTER_STATE" >> $LOG_FILE
fi

Make monitoring script executable and schedule

Set up automated cluster health monitoring with cron scheduling and proper logging.

sudo chmod 755 /usr/local/bin/redis-cluster-monitor.sh
sudo chown redis:redis /usr/local/bin/redis-cluster-monitor.sh

Create log directory
sudo mkdir -p /var/log/redis
sudo chown redis:redis /var/log/redis
sudo chmod 755 /var/log/redis

Add to crontab for redis user
sudo -u redis crontab -l 2>/dev/null | { cat; echo "/5    * /usr/local/bin/redis-cluster-monitor.sh"; } | sudo -u redis crontab -

Verify your setup

Run these commands to confirm your Redis cluster is properly configured with SSL/TLS and sharding.

# Check all cluster nodes are running
sudo systemctl status redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6

Verify SSL connectivity
redis-cli --tls --cert /etc/redis/ssl/redis-server-1-cert.pem --key /etc/redis/ssl/redis-server-1-key.pem --cacert /etc/redis/ssl/ca-cert.pem -p 7001 -a StrongRedisPassword2024! ping

Check cluster status
redis-cli --tls --cert /etc/redis/ssl/redis-server-1-cert.pem --key /etc/redis/ssl/redis-server-1-key.pem --cacert /etc/redis/ssl/ca-cert.pem -p 7001 -a StrongRedisPassword2024! cluster info | grep cluster_state

Test failover capability
redis-cli --tls --cert /etc/redis/ssl/redis-server-1-cert.pem --key /etc/redis/ssl/redis-server-1-key.pem --cacert /etc/redis/ssl/ca-cert.pem -p 7001 -a StrongRedisPassword2024! cluster nodes | grep master

Verify ACL users
redis-cli --tls --cert /etc/redis/ssl/redis-server-1-cert.pem --key /etc/redis/ssl/redis-server-1-key.pem --cacert /etc/redis/ssl/ca-cert.pem -p 7001 -a StrongRedisPassword2024! ACL LIST

Common issues

Symptom	Cause	Fix
Cluster creation fails	SSL certificate mismatch	Check certificate paths in config files and regenerate if needed
Node connection refused	Firewall blocking ports	Verify ports 7001-7006 and 17001-17006 are open for cluster bus
Authentication failures	Password mismatch or ACL issues	Check `requirepass` and `masterauth` settings match across nodes
SSL handshake errors	Certificate permissions	Ensure certificates are owned by redis user with correct permissions
Cluster state not OK	Missing hash slot coverage	Use `redis-cli --cluster fix` to repair slot assignments
High memory usage	No eviction policy set	Configure `maxmemory-policy` appropriate for workload

Next steps

Running this in production?

Want this handled for you? Running this at scale adds a second layer of work: capacity planning, failover drills, cost control, and on-call. Our managed platform covers monitoring, backups and 24/7 response by default.

Automated install script

Run this to automate the entire setup

install.sh

#!/usr/bin/env bash

set -euo pipefail

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

# Configuration
REDIS_PASSWORD="${REDIS_PASSWORD:-StrongRedisPassword2024!}"
CLUSTER_NODES=6

cleanup() {
    echo -e "${RED}[ERROR] Installation failed. Cleaning up...${NC}"
    systemctl stop redis-cluster-* 2>/dev/null || true
    rm -rf /etc/redis/cluster-* /var/lib/redis/cluster-* /var/log/redis/cluster-* 2>/dev/null || true
    exit 1
}

trap cleanup ERR

usage() {
    echo "Usage: $0 [PASSWORD]"
    echo "  PASSWORD: Redis cluster password (optional, defaults to StrongRedisPassword2024!)"
    exit 1
}

print_step() {
    echo -e "${GREEN}[$1] $2${NC}"
}

print_warning() {
    echo -e "${YELLOW}[WARNING] $1${NC}"
}

# Parse arguments
if [ $# -gt 1 ]; then
    usage
elif [ $# -eq 1 ]; then
    REDIS_PASSWORD="$1"
fi

# Check prerequisites
if [ "$EUID" -ne 0 ]; then
    echo -e "${RED}Error: This script must be run as root${NC}"
    exit 1
fi

print_step "1/10" "Detecting distribution and configuring package manager"

# Auto-detect distro
if [ -f /etc/os-release ]; then
    . /etc/os-release
    case "$ID" in
        ubuntu|debian)
            PKG_MGR="apt"
            PKG_UPDATE="apt update && apt upgrade -y"
            PKG_INSTALL="apt install -y"
            REDIS_USER="redis"
            REDIS_GROUP="redis"
            ;;
        almalinux|rocky|centos|rhel|ol|fedora)
            PKG_MGR="dnf"
            PKG_UPDATE="dnf update -y"
            PKG_INSTALL="dnf install -y"
            REDIS_USER="redis"
            REDIS_GROUP="redis"
            ;;
        amzn)
            PKG_MGR="yum"
            PKG_UPDATE="yum update -y"
            PKG_INSTALL="yum install -y"
            REDIS_USER="redis"
            REDIS_GROUP="redis"
            ;;
        *)
            echo -e "${RED}Unsupported distribution: $ID${NC}"
            exit 1
            ;;
    esac
else
    echo -e "${RED}Cannot detect distribution${NC}"
    exit 1
fi

print_step "2/10" "Updating system packages"
$PKG_UPDATE

print_step "3/10" "Installing Redis and dependencies"
if [ "$PKG_MGR" = "apt" ]; then
    $PKG_INSTALL redis-server redis-tools openssl
else
    $PKG_INSTALL redis redis openssl
fi

print_step "4/10" "Creating SSL certificates"
mkdir -p /etc/redis/ssl
cd /etc/redis/ssl

# Generate CA certificate
openssl genrsa -out ca-key.pem 4096
openssl req -x509 -new -nodes -key ca-key.pem -sha256 -days 3650 -out ca-cert.pem \
    -subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=Redis-CA"

# Generate DH parameters
openssl dhparam -out redis.dh 2048

# Generate server certificates for each node
for i in $(seq 1 $CLUSTER_NODES); do
    openssl genrsa -out redis-server-${i}-key.pem 2048
    openssl req -new -key redis-server-${i}-key.pem -out redis-server-${i}.csr \
        -subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=redis-node-${i}"
    openssl x509 -req -in redis-server-${i}.csr -CA ca-cert.pem -CAkey ca-key.pem \
        -CAcreateserial -out redis-server-${i}-cert.pem -days 365 -sha256
    rm redis-server-${i}.csr
done

# Set certificate permissions
chown -R $REDIS_USER:$REDIS_GROUP /etc/redis/ssl
chmod 600 /etc/redis/ssl/*-key.pem
chmod 644 /etc/redis/ssl/*-cert.pem /etc/redis/ssl/ca-cert.pem /etc/redis/ssl/redis.dh

print_step "5/10" "Creating cluster node directories"
for i in $(seq 1 $CLUSTER_NODES); do
    mkdir -p /var/lib/redis/cluster-${i}
    mkdir -p /etc/redis/cluster-${i}
    mkdir -p /var/log/redis/cluster-${i}
done

chown -R $REDIS_USER:$REDIS_GROUP /var/lib/redis/cluster-*
chown -R $REDIS_USER:$REDIS_GROUP /etc/redis/cluster-*
chown -R $REDIS_USER:$REDIS_GROUP /var/log/redis/cluster-*

print_step "6/10" "Generating Redis configuration files"
for i in $(seq 1 $CLUSTER_NODES); do
    port=$((7000 + i))
    cat > /etc/redis/cluster-${i}/redis.conf << EOF
port 0
tls-port ${port}
tls-cert-file /etc/redis/ssl/redis-server-${i}-cert.pem
tls-key-file /etc/redis/ssl/redis-server-${i}-key.pem
tls-ca-cert-file /etc/redis/ssl/ca-cert.pem
tls-dh-params-file /etc/redis/ssl/redis.dh
tls-protocols "TLSv1.2 TLSv1.3"
tls-ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
tls-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
tls-prefer-server-ciphers yes

bind 0.0.0.0
requirepass ${REDIS_PASSWORD}
masterauth ${REDIS_PASSWORD}

cluster-enabled yes
cluster-config-file /var/lib/redis/cluster-${i}/nodes.conf
cluster-node-timeout 15000
cluster-announce-hostname redis-node-${i}
cluster-announce-port ${port}
cluster-announce-tls-port ${port}
cluster-require-full-coverage no

dir /var/lib/redis/cluster-${i}/
logfile /var/log/redis/cluster-${i}/redis.log
loglevel notice

save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb

appendonly yes
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb

maxmemory-policy allkeys-lru
maxclients 10000
tcp-keepalive 300
timeout 0

protected-mode yes
tcp-backlog 511
databases 1
EOF
    chown $REDIS_USER:$REDIS_GROUP /etc/redis/cluster-${i}/redis.conf
    chmod 640 /etc/redis/cluster-${i}/redis.conf
done

print_step "7/10" "Creating systemd service files"
for i in $(seq 1 $CLUSTER_NODES); do
    cat > /etc/systemd/system/redis-cluster-${i}.service << EOF
[Unit]
Description=Redis Cluster Node ${i}
After=network.target

[Service]
Type=notify
ExecStart=/usr/bin/redis-server /etc/redis/cluster-${i}/redis.conf
TimeoutStopSec=0
Restart=always
User=${REDIS_USER}
Group=${REDIS_GROUP}
RuntimeDirectory=redis-cluster-${i}
RuntimeDirectoryMode=0755

[Install]
WantedBy=multi-user.target
EOF
done

systemctl daemon-reload

print_step "8/10" "Starting Redis cluster nodes"
for i in $(seq 1 $CLUSTER_NODES); do
    systemctl enable redis-cluster-${i}
    systemctl start redis-cluster-${i}
    sleep 2
done

print_step "9/10" "Configuring firewall"
if command -v ufw >/dev/null 2>&1; then
    for i in $(seq 1 $CLUSTER_NODES); do
        port=$((7000 + i))
        bus_port=$((17000 + i))
        ufw allow ${port}/tcp
        ufw allow ${bus_port}/tcp
    done
elif command -v firewall-cmd >/dev/null 2>&1; then
    for i in $(seq 1 $CLUSTER_NODES); do
        port=$((7000 + i))
        bus_port=$((17000 + i))
        firewall-cmd --permanent --add-port=${port}/tcp
        firewall-cmd --permanent --add-port=${bus_port}/tcp
    done
    firewall-cmd --reload
fi

print_step "10/10" "Initializing Redis cluster"
sleep 5

# Create cluster
CLUSTER_NODES_LIST=""
for i in $(seq 1 $CLUSTER_NODES); do
    port=$((7000 + i))
    CLUSTER_NODES_LIST="${CLUSTER_NODES_LIST} 127.0.0.1:${port}"
done

redis-cli --tls --cert /etc/redis/ssl/redis-server-1-cert.pem \
    --key /etc/redis/ssl/redis-server-1-key.pem \
    --cacert /etc/redis/ssl/ca-cert.pem \
    -a "${REDIS_PASSWORD}" \
    --cluster create ${CLUSTER_NODES_LIST} \
    --cluster-replicas 1 --cluster-yes

echo -e "${GREEN}Redis cluster installation completed successfully!${NC}"
echo -e "${YELLOW}Cluster nodes are running on ports 7001-7006${NC}"
echo -e "${YELLOW}SSL certificates are located in /etc/redis/ssl/${NC}"
echo -e "${YELLOW}To connect: redis-cli --tls --cert /etc/redis/ssl/redis-server-1-cert.pem --key /etc/redis/ssl/redis-server-1-key.pem --cacert /etc/redis/ssl/ca-cert.pem -p 7001 -a '${REDIS_PASSWORD}'${NC}"

# Verify cluster status
echo -e "${GREEN}Cluster Status:${NC}"
redis-cli --tls --cert /etc/redis/ssl/redis-server-1-cert.pem \
    --key /etc/redis/ssl/redis-server-1-key.pem \
    --cacert /etc/redis/ssl/ca-cert.pem \
    -p 7001 -a "${REDIS_PASSWORD}" \
    cluster info

Review the script before running. Execute with: bash install.sh

#redis #cluster #sharding #ssl #tls #authentication #security #high-availability

Configure Redis 7 cluster sharding with SSL/TLS authentication and security hardening

Prerequisites

What this solves

Prerequisites and SSL certificate setup

Update system packages

Create SSL certificate authority

Generate server certificates for each node

Set certificate permissions

Configure Redis cluster nodes with sharding topology

Create cluster node directories

Configure first cluster node

Generate Diffie-Hellman parameters

Create remaining cluster node configurations

Create systemd service files

Implement SSL/TLS encryption and authentication

Enable and start cluster nodes

Check all nodes are running

Configure cluster authentication

Initialize Redis cluster

Configure firewall rules

Test cluster operations and monitoring setup

Verify cluster status

Test data distribution

Verify data retrieval

Set up monitoring scripts

Check overall cluster status

Make monitoring script executable and schedule

Create log directory

Add to crontab for redis user

Verify your setup

Verify SSL connectivity

Check cluster status

Test failover capability

Verify ACL users

Common issues

Next steps

Running this in production?

Related tutorials

Implement MariaDB backup encryption with Mariabackup and automated restoration

Configure MariaDB Galera cluster for multi-master replication with automatic failover

Configure Elasticsearch 8 snapshot and restore policies with automated backup strategies

Don't want to manage this yourself?