Catatan
-
Menggunakan Ghostunnel untuk Elasticache tidak disarankan untuk production use
-
Ghostunnel performanya lebih baik dari Stunnel dari hasil redis-benchmark yang saya lakukan
How To
Setup Ghostunnel untuk Node Based Elasticache
- Download latest ghostunnel
wget https://github.com/ghostunnel/ghostunnel/releases/download/v1.8.4/ghostunnel-linux-amd64
sudo cp ghostunnel-linux-amd64 /usr/local/bin/ghostunnel
-
Buat file systemd
sudo vim /etc/systemd/system/ghostunnel.service -
Isi dengan
[Unit]
Description=Ghostunnel Redis Proxy to ElastiCache
After=network.target
Wants=network-online.target
[Service]
Type=simple
User=ghostunnel
Group=ghostunnel
# Ghostunnel command
ExecStart=/usr/local/bin/ghostunnel client \
--listen 0.0.0.0:6379 \
--target clustercfg.xxx.xxx.apse3.cache.amazonaws.com:12390 \
--disable-authentication \
--connect-timeout 60s \
--shutdown-timeout 30s \
--unsafe-listen \
--quiet=all \
--no-syslog
# Restart policy
Restart=always
RestartSec=5
StartLimitInterval=0
# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/log/ghostunnel
# Logging - Redirect to file instead of journal
StandardOutput=file:/var/log/ghostunnel/output-ghostunnel.log
StandardError=file:/var/log/ghostunnel/error-ghostunnel.log
# Remove SyslogIdentifier to avoid syslog capture
# SyslogIdentifier=ghostunnel
# Resource limits
LimitNOFILE=65536
LimitNPROC=infinity
LimitNPROCSoft=infinity
TasksMax=infinity
[Install]
WantedBy=multi-user.target
- Buat user khusus ghostunnel
useradd --system --no-create-home --shell /bin/false ghostunnel || true
mkdir -p /var/log/ghostunnel
chown ghostunnel:ghostunnel /var/log/ghostunnel
- Reload service baru
sudo systemctl daemon-reload
sudo systemctl enable ghostunnel.service
sudo systemctl start ghostunnel.service
- Coba koneksi ke Elasticache dengan
redis-cli -h IPghostunnel -p 6379