Save on your Redis with Compose


Here's a tip on how to save on your Redis costs on Compose and make your database more secure.

When we introduced Redis on Compose it had no TLS/SSL support. Instead, we offered and still offer, an optional, extra cost, SSH portal. By registering keys with it you could use it to create a secure SSH tunnel to the Redis HAProxy which then routed your connections to the master server and handled failover.

If you're using that SSH portal, you may want to consider switching it off and saving money every month. Let us explain:

TLS/SSL on Compose Redis

As you may know, we introduced TLS/SSL connections for Redis on Compose back in October 2017. This allows you to go straight to a TLS/SSL enabled Redis HAProxy with a secure connection. No need to register certificates or configure SSH tunnels on your desktop.

It's a lot simpler for clients to use this. Most Redis clients support it and even if you have an application that doesn't support it, then utilities like stunnel can let you tunnel a connection directly to the portal. All you have to do is add a TLS/SSL portal in the Security section of the Compose console.

If you follow the instructions in the launch article or consult the documentation you'll be connecting in no time. We've also got a script, stunredis, which you can use to create tunneled versions of the redis-cli on demand.

With the TLS/SSL portal configured, you can start migrating your apps and workflow across. Of course, you still have your SSH portal and older unencrypted HAProxy in place at this point.

Removing your SSH portal

You may be immediately tempted to turn off that unencrypted HAProxy portal. Don't. It's still routing your SSH portal's traffic for you and removing it will take the SSH portal offline.

Think of them as joined as a pair as far as configuring your Redis access. You will first want to migrate your connections away from the SSH portal to the TLS/SSL enabled portal. Once you are sure that you are exclusively using the TLS/SSL enabled portal, then you can remove the SSH portal and the unencrypted HAProxy portal.


Once you've configured your TLS/SSL portal and removed your SSH portal and unencrypted HAProxy portal, you'll have a Redis with only one encrypted point of entry and one less hop in your connections to the database. You'll also be paying less because you have fewer portals. Improved security and money saved, what could be better.

Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at We're happy to hear from you.

attribution Joel Filipe

Dj Walker-Morgan
Dj Walker-Morgan was Compose's resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Love this article? Head over to Dj Walker-Morgan’s author page to keep reading.

Conquer the Data Layer

Spend your time developing apps, not managing databases.