github.com/letsencrypt/boulder@v0.20251208.0/docs/redis.md

github.com/letsencrypt/boulder@v0.20251208.0/docs/redis.md (about)

     1  # Redis
     2  
     3  We use Redis for storing rate limit data. The Boulder dev environment stands up
     4  two nodes. We use the Ring client in the github.com/redis/go-redis package to
     5  consistently hash our reads and writes across these two nodes.
     6  
     7  ## Debugging
     8  
     9  Our main tool for interacting with Redis is `redis-cli`. You probably don't
    10  have redis-cli on your host, so we'll run it in a Docker container. We
    11  also need to pass some specific arguments for TLS and authentication. There's a
    12  script that handles all that for you: `test/redis-cli.sh`. First, make sure your
    13  redis is running:
    14  
    15  ```shell
    16  docker compose up boulder
    17  ```
    18  
    19  Then, in a different window, run the following to connect to `bredis_1`:
    20  
    21  ```shell
    22  ./test/redis-cli.sh -h 10.77.77.4
    23  ```
    24  
    25  Similarly, to connect to `bredis_2`:
    26  
    27  ```shell
    28  ./test/redis-cli.sh -h 10.77.77.5
    29  ```
    30  
    31  You can pass any IP address for the -h (host) parameter. The full list of IP
    32  addresses for Redis nodes is in `docker-compose.yml`. You can also pass other
    33  redis-cli commandline parameters. They'll get passed through.
    34  
    35  You may want to go a level deeper and communicate with a Redis node using the
    36  Redis protocol. Here's the command to do that (run from the Boulder root):
    37  
    38  ```shell
    39  openssl s_client -connect 10.77.77.4:4218 \
    40    -CAfile test/certs/ipki/minica.pem \
    41    -cert test/certs/ipki/localhost/cert.pem \
    42    -key test/certs/ipki/localhost/key.pem
    43  ```
    44  
    45  Then, first thing when you connect, run `AUTH <user> <password>`. You can get a
    46  list of usernames and passwords from test/redis-ratelimits.config.