Exposing a Local Redis Instance to the Public Internet via TCP Tunneling
1. Compile and Install Redis from Source
Navigate to the target directory and retrieve the source archive. This example uses /opt for third-party sofwtare management.
cd /opt
sudo curl -L https://github.com/redis/redis/archive/refs/tags/7.2.5.tar.gz -o redis-src.tar.gz
sudo tar -xzf redis-src.tar.gz
cd redis-7.2.5
Compile the source code and deploy the binaries to a dedicated path:
sudo make -j$(nproc)
sudo make install PREFIX=/opt/redis-instance
2. Configure Network Binding and Background Execution
Copy the default configuration file and apply modifications programmatically to enable remote connectivity and daemon mode. Since the dataabse will be accessible over the public internet, enforcing authentication is mandatory.
sudo cp redis.conf /opt/redis-instance/redis.conf
CONFIG_FILE="/opt/redis-instance/redis.conf"
# Enable background execution
sudo sed -i 's/^daemonize no/daemonize yes/' $CONFIG_FILE
# Allow connections from all network interfaces
sudo sed -i 's/^bind 127.0.0.1 -::1/bind 0.0.0.0/' $CONFIG_FILE
# Disable protected mode to permit external routing
sudo sed -i 's/^protected-mode yes/protected-mode no/' $CONFIG_FILE
# Set a strong access password
sudo sed -i 's/^# requirepass foobared/requirepass R3d1s_S3cur3_P@ss/' $CONFIG_FILE
Initialize the service using the updated configuration:
/opt/redis-instance/bin/redis-server $CONFIG_FILE
Verify the process is running in the background:
ps aux | grep redis-server
3. Establish a Public TCP Tunnel
A tunneling client routes traffic from a public endpoint to the local loopback interface. Install the client and register your authentication credentials.
curl -sL https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
cpolar authtoken <YOUR_DASHBOARD_TOKEN>
Register the client as a system service to ensure persistence across reboots, then start the daemon:
sudo systemctl enable cpolar
sudo systemctl start cpolar
Map the local Redis port to a public TCP address:
cpolar tcp 6379
The terminal will output a forwarding URL resembling tcp://x.tcp.cpolar.io:12345. Use this address along with the configured password in any Redis desktop manager or CLI client to verify connectivity.
4. Assign a Static Public Endpoint
Dynamic tunnel addresses rotate periodically. For production or long-term development workflows, reserve a static TCP port through the provider's web console.
- Access the tunneling dashboard and navigate to the Reserved section.
- Generate a fixed TCP address and note the assigned domain and port.
- Update the local tunnel configuration to bind to the reserved endpoint instead of requesting a dynamic one.
Define the mapping in the cpolar.yml configuration file to run it as a managed background service:
tunnels:
redis-public:
proto: tcp
addr: 6379
remote_addr: your-static-addr.tcp.cpolar.io:54321
Reload the service to apply the static routing:
sudo systemctl restart cpolar
