Refactor redis core tests and start adding sentinel tests

2026-05-24 09:28:37 +00:00 · 2024-01-16 18:16:59 +00:00 · 2024-01-16 18:16:59 +00:00 · 36778f214c
commit 36778f214c
parent 5fcdc1c7b3
6 changed files with 341 additions and 90 deletions
--- a/tests/core/redis/Dockerfile.redis
+++ b/tests/core/redis/Dockerfile.redis
@ -1,9 +0,0 @@
-FROM redis:7-alpine@sha256:2d148c557c85309c7cf1bbf15ebc21d5fc370ab1cb913a6c19b74bd29d10801c
-
-RUN apk add --no-cache bash openssl
-
-COPY entrypoint.sh .
-
-RUN chmod +x entrypoint.sh
-
-ENTRYPOINT [ "./entrypoint.sh" ]
--- a/tests/core/redis/docker-compose.test.yml
+++ b/tests/core/redis/docker-compose.test.yml
@ -12,11 +12,17 @@ services:
      REDIS_PORT: "6379"
      REDIS_DATABASE: "0"
      REDIS_SSL: "no"
+      REDIS_USERNAME: ""
+      REDIS_PASSWORD: ""
+      REDIS_SENTINEL_HOSTS: ""
+      REDIS_SENTINEL_USERNAME: ""
+      REDIS_SENTINEL_PASSWORD: ""
+      REDIS_SENTINEL_MASTER: "bw-master"
    extra_hosts:
-      - "www.example.com:1.0.0.2"
+      - "www.example.com:1.0.0.254"
    networks:
      bw-services:
-        ipv4_address: 1.0.0.3
+        ipv4_address: 1.0.0.253

 networks:
  bw-services:
--- a/tests/core/redis/docker-compose.yml
+++ b/tests/core/redis/docker-compose.yml
@ -30,6 +30,12 @@ services:
      REDIS_PORT: "6379"
      REDIS_DATABASE: "0"
      REDIS_SSL: "no"
+      REDIS_USERNAME: ""
+      REDIS_PASSWORD: ""
+      REDIS_SENTINEL_HOSTS: ""
+      REDIS_SENTINEL_USERNAME: ""
+      REDIS_SENTINEL_PASSWORD: ""
+      REDIS_SENTINEL_MASTER: "bw-master"
      CUSTOM_CONF_SERVER_HTTP_ready: |
        location /ready {
          default_type 'text/plain';
@ -42,7 +48,7 @@ services:
    networks:
      bw-universe:
      bw-services:
-        ipv4_address: 1.0.0.2
+        ipv4_address: 1.0.0.254

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.5.5
@ -67,15 +73,128 @@ services:
      - bw-docker

  bw-redis:
-    build:
-      context: .
-      dockerfile: Dockerfile.redis
+    image: bitnami/redis:7.2
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
    environment:
-      REDIS_PORT: "6379"
-      REDIS_SSL: "no"
+      REDIS_PORT_NUMBER: "6379"
+      REDIS_TLS_PORT_NUMBER: "6379"
+      REDIS_ACLFILE: "/acl/redis.acl"
+      REDIS_TLS_ENABLED: "no"
+      REDIS_TLS_CERT_FILE: "/tls/redis.pem"
+      REDIS_TLS_KEY_FILE: "/tls/redis.key"
+      REDIS_TLS_CA_FILE: "/tls/ca.crt"
+      REDIS_TLS_AUTH_CLIENTS: "yes"
+      REDIS_REPLICATION_MODE: "master"
+      REDIS_MASTER_SET: "bw-master"
+      ALLOW_EMPTY_PASSWORD: "yes"
    networks:
-      bw-services:
-        ipv4_address: 1.0.0.4
+      - bw-services
+
+  bw-redis-slave:
+    image: bitnami/redis:7.2
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
+    environment:
+      REDIS_PORT_NUMBER: "6379"
+      REDIS_TLS_PORT_NUMBER: "6379"
+      REDIS_ACLFILE: "/acl/redis.acl"
+      REDIS_TLS_ENABLED: "no"
+      REDIS_TLS_CERT_FILE: "/tls/redis.pem"
+      REDIS_TLS_KEY_FILE: "/tls/redis.key"
+      REDIS_TLS_CA_FILE: "/tls/ca.crt"
+      REDIS_TLS_AUTH_CLIENTS: "yes"
+      REDIS_REPLICATION_MODE: "slave"
+      REDIS_MASTER_HOST: "bw-redis"
+      REDIS_MASTER_SET: "bw-master"
+      REDIS_MASTER_PORT_NUMBER: "6379"
+      REDIS_MASTER_PASSWORD: ""
+      ALLOW_EMPTY_PASSWORD: "yes"
+    depends_on:
+      - bw-redis
+    networks:
+      - bw-services
+    deploy:
+      replicas: 2
+
+  bw-redis-sentinel-1:
+    image: bitnami/redis-sentinel:7.2
+    command: /opt/bitnami/scripts/redis-sentinel/run.sh --aclfile /acl/sentinel.acl
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
+    environment:
+      REDIS_SENTINEL_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_TLS_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_TLS_ENABLED: "no"
+      REDIS_SENTINEL_TLS_CERT_FILE: "/tls/sentinel.pem"
+      REDIS_SENTINEL_TLS_KEY_FILE: "/tls/sentinel.key"
+      REDIS_SENTINEL_TLS_CA_FILE: "/tls/sentinel_ca.crt"
+      REDIS_SENTINEL_TLS_AUTH_CLIENTS: "no"
+      REDIS_MASTER_HOST: "bw-redis"
+      REDIS_MASTER_SET: "bw-master"
+      REDIS_MASTER_PORT_NUMBER: "6379"
+      REDIS_MASTER_PASSWORD: ""
+      ALLOW_EMPTY_PASSWORD: "yes"
+    depends_on:
+      - bw-redis
+      - bw-redis-slave
+    networks:
+      - bw-services
+
+  bw-redis-sentinel-2:
+    image: bitnami/redis-sentinel:7.2
+    command: /opt/bitnami/scripts/redis-sentinel/run.sh --aclfile /acl/sentinel.acl
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
+    environment:
+      REDIS_SENTINEL_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_TLS_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_ACLFILE: "/acl/sentinel.acl"
+      REDIS_SENTINEL_TLS_ENABLED: "no"
+      REDIS_SENTINEL_TLS_CERT_FILE: "/tls/sentinel.pem"
+      REDIS_SENTINEL_TLS_KEY_FILE: "/tls/sentinel.key"
+      REDIS_SENTINEL_TLS_CA_FILE: "/tls/sentinel_ca.crt"
+      REDIS_SENTINEL_TLS_AUTH_CLIENTS: "no"
+      REDIS_MASTER_HOST: "bw-redis"
+      REDIS_MASTER_SET: "bw-master"
+      REDIS_MASTER_PORT_NUMBER: "6379"
+      REDIS_MASTER_PASSWORD: ""
+      ALLOW_EMPTY_PASSWORD: "yes"
+    depends_on:
+      - bw-redis
+      - bw-redis-slave
+    networks:
+      - bw-services
+
+  bw-redis-sentinel-3:
+    image: bitnami/redis-sentinel:7.2
+    command: /opt/bitnami/scripts/redis-sentinel/run.sh --aclfile /acl/sentinel.acl
+    volumes:
+      - ./acl:/acl
+      - ./tls:/tls
+    environment:
+      REDIS_SENTINEL_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_TLS_PORT_NUMBER: "26379"
+      REDIS_SENTINEL_ACLFILE: "/acl/sentinel.acl"
+      REDIS_SENTINEL_TLS_ENABLED: "no"
+      REDIS_SENTINEL_TLS_CERT_FILE: "/tls/sentinel.pem"
+      REDIS_SENTINEL_TLS_KEY_FILE: "/tls/sentinel.key"
+      REDIS_SENTINEL_TLS_CA_FILE: "/tls/sentinel_ca.crt"
+      REDIS_SENTINEL_TLS_AUTH_CLIENTS: "no"
+      REDIS_MASTER_HOST: "bw-redis"
+      REDIS_MASTER_SET: "bw-master"
+      REDIS_MASTER_PORT_NUMBER: "6379"
+      REDIS_MASTER_PASSWORD: ""
+      ALLOW_EMPTY_PASSWORD: "yes"
+    depends_on:
+      - bw-redis
+      - bw-redis-slave
+    networks:
+      - bw-services

 networks:
  bw-universe:
--- a/tests/core/redis/entrypoint.sh
+++ b/tests/core/redis/entrypoint.sh
@ -1,31 +0,0 @@
-#!/bin/bash
-set -e
-
-command="redis-server"
-
-if [ "$REDIS_SSL" = "yes" ]; then
-  mkdir /tls
-
-  openssl genrsa -out /tls/ca.key 4096
-  openssl req \
-    -x509 -new -nodes -sha256 \
-    -key /tls/ca.key \
-    -days 365 \
-    -subj /CN=bw-redis/ \
-    -out /tls/ca.crt
-
-  openssl req \
-    -x509 -nodes -newkey rsa:4096 \
-    -keyout /tls/redis.key \
-    -out /tls/redis.pem \
-    -days 365 \
-    -subj /CN=bw-redis/
-
-  chmod -R 640 /tls
-
-  command+=" --tls-port ${REDIS_PORT:-6379} --port 0 --tls-cert-file /tls/redis.pem --tls-key-file /tls/redis.key --tls-ca-cert-file /tls/ca.crt --tls-auth-clients no"
-else
-  command+=" --port ${REDIS_PORT:-6379}"
-fi
-
-$command
--- a/tests/core/redis/main.py
+++ b/tests/core/redis/main.py
@ -1,7 +1,7 @@
 from fastapi import FastAPI
 from multiprocessing import Process
 from os import getenv
-from redis import Redis
+from redis import Redis, Sentinel
 from requests import get
 from selenium import webdriver
 from selenium.webdriver.firefox.options import Options
@ -14,7 +14,7 @@ from uvicorn import run

 fastapi_proc = None

-ip_to_check = "1.0.0.3" if getenv("TEST_TYPE", "docker") == "docker" else "127.0.0.1"
+ip_to_check = "1.0.0.253" if getenv("TEST_TYPE", "docker") == "docker" else "127.0.0.1"

 try:
    ready = False
@ -62,20 +62,52 @@ try:
    redis_db = int(redis_db)

    redis_ssl = getenv("REDIS_SSL", "no") == "yes"
+    sentinel_hosts = getenv("REDIS_SENTINEL_HOSTS", [])

-    print(
-        f"ℹ️ Trying to connect to Redis with the following parameters:\nhost: {redis_host}\nport: {redis_port}\ndb: {redis_db}\nssl: {redis_ssl}",
-        flush=True,
-    )
+    if isinstance(sentinel_hosts, str):
+        sentinel_hosts = [host.split(":") if ":" in host else host for host in sentinel_hosts.split(" ") if host]

-    redis_client = Redis(
-        host=redis_host,
-        port=redis_port,
-        db=redis_db,
-        ssl=redis_ssl,
-        socket_timeout=1,
-        ssl_cert_reqs=None,
-    )
+    if sentinel_hosts:
+        sentinel_username = getenv("REDIS_SENTINEL_USERNAME", None) or None
+        sentinel_password = getenv("REDIS_SENTINEL_PASSWORD", None) or None
+        sentinel_master = getenv("REDIS_SENTINEL_MASTER", "bw-master")
+
+        print(
+            f"ℹ️ Trying to connect to Redis Sentinel with the following parameters:\nhosts: {sentinel_hosts}\nmaster: {sentinel_master}\nssl: {redis_ssl}\nusername: {sentinel_username}\npassword: {sentinel_password}",
+            flush=True,
+        )
+        sentinel = Sentinel(sentinel_hosts, username=sentinel_username, password=sentinel_password, ssl=redis_ssl, socket_timeout=1)
+        sentinel.discover_slaves(sentinel_master)
+
+        print(
+            f"ℹ️ Trying to get a Redis Sentinel slave for master {sentinel_master} with the following parameters:\n"
+            + f"host: {redis_host}\nport: {redis_port}\ndb: {redis_db}\nssl: {redis_ssl}\nusername: {getenv('REDIS_USERNAME', None) or None}\npassword: {getenv('REDIS_PASSWORD', None) or None}",
+            flush=True,
+        )
+        redis_client = sentinel.slave_for(
+            sentinel_master,
+            db=redis_db,
+            username=getenv("REDIS_USERNAME", None) or None,
+            password=getenv("REDIS_PASSWORD", None) or None,
+            socket_timeout=1,
+        )
+    else:
+        print(
+            "ℹ️ Trying to connect to Redis with the following parameters:\n"
+            + f"host: {redis_host}\nport: {redis_port}\ndb: {redis_db}\nssl: {redis_ssl}\nusername: {getenv('REDIS_USERNAME', None) or None}\npassword: {getenv('REDIS_PASSWORD', None) or None}",
+            flush=True,
+        )
+
+        redis_client = Redis(
+            host=redis_host,
+            port=redis_port,
+            db=redis_db,
+            username=getenv("REDIS_USERNAME", None) or None,
+            password=getenv("REDIS_PASSWORD", None) or None,
+            ssl=redis_ssl,
+            socket_timeout=1,
+            ssl_cert_reqs="none",
+        )

    if not redis_client.ping():
        print("❌ Redis is not reachable, exiting ...", flush=True)
@ -84,7 +116,7 @@ try:
    use_reverse_scan = getenv("USE_REVERSE_SCAN", "no") == "yes"

    if use_reverse_scan:
-        if ip_to_check == "1.0.0.3":
+        if ip_to_check == "1.0.0.253":
            print("ℹ️ Testing Reverse Scan, starting FastAPI ...", flush=True)
            app = FastAPI()
            fastapi_proc = Process(target=run, args=(app,), kwargs=dict(host="0.0.0.0", port=8080))
@ -112,7 +144,7 @@ try:

        print("ℹ️ The request was blocked, checking Redis ...", flush=True)

-        port_to_check = "8080" if ip_to_check == "1.0.0.3" else "80"
+        port_to_check = "8080" if ip_to_check == "1.0.0.253" else "80"

        key_value = redis_client.get(f"plugin_reverse_scan_{ip_to_check}:{port_to_check}")

@ -368,7 +400,7 @@ try:
    #     flush=True,
    # )

-    # if ip_to_check == "1.0.0.3":
+    # if ip_to_check == "1.0.0.253":
    #     print(
    #         "ℹ️ Checking if the dnsbl keys were created ...",
    #         flush=True,
--- a/tests/core/redis/test.sh
+++ b/tests/core/redis/test.sh
@ -12,6 +12,52 @@ fi

 echo "🧰 Building redis stack for integration \"$integration\" ..."

+echo "🧰 Generating redis acl files ..."
+sudo rm -rf acl
+mkdir acl
+echo "user default on nopass +@all ~* &* +@all -@all +@all" > acl/redis.acl
+echo "user bunkerweb on >secret +@all ~* +@all -@all +@all" >> acl/redis.acl
+echo "user default on nopass +@all ~* &* +@all -@all +@all" > acl/sentinel.acl
+echo "user bunkerweb_sentinel on >sentinel_secret +@all ~* +@all -@all +@all" >> acl/sentinel.acl
+sudo chmod -R 777 acl
+echo "🧰 Redis acl files generated ✅"
+
+echo "🧰 Generating redis certs ..."
+sudo rm -rf tls
+mkdir tls
+openssl genrsa -out tls/ca.key 4096
+openssl req \
+    -x509 -new -nodes -sha256 \
+    -key tls/ca.key \
+    -days 365 \
+    -subj /CN=bw-redis/ \
+    -out tls/ca.crt
+
+openssl req \
+    -x509 -nodes -newkey rsa:4096 \
+    -keyout tls/redis.key \
+    -out tls/redis.pem \
+    -days 365 \
+    -subj /CN=bw-redis/
+
+openssl genrsa -out tls/sentinel_ca.key 4096
+openssl req \
+    -x509 -new -nodes -sha256 \
+    -key tls/sentinel_ca.key \
+    -days 365 \
+    -subj /CN=bw-redis-sentinel/ \
+    -out tls/sentinel_ca.crt
+
+openssl req \
+    -x509 -nodes -newkey rsa:4096 \
+    -keyout tls/sentinel.key \
+    -out tls/sentinel.pem \
+    -days 365 \
+    -subj /CN=bw-redis-sentinel/
+
+sudo chmod -R 777 tls
+echo "🧰 Certs generated ✅"
+
 # Starting stack
 if [ "$integration" == "docker" ] ; then
    docker compose pull bw-docker
@ -58,24 +104,6 @@ else
    fi
    echo "🧰 Redis installed ✅"

-    echo "🧰 Generating redis certs ..."
-    mkdir tls
-    openssl genrsa -out tls/ca.key 4096
-    openssl req \
-        -x509 -new -nodes -sha256 \
-        -key tls/ca.key \
-        -days 365 \
-        -subj /CN=bw-redis/ \
-        -out tls/ca.crt
-    openssl req \
-        -x509 -nodes -newkey rsa:4096 \
-        -keyout tls/redis.key \
-        -out tls/redis.pem \
-        -days 365 \
-        -subj /CN=bw-redis/
-    sudo chmod -R 777 tls
-    echo "🧰 Certs generated ✅"
-
    echo "USE_REDIS=yes" | sudo tee -a /etc/bunkerweb/variables.env
    echo "REDIS_HOST=127.0.0.1" | sudo tee -a /etc/bunkerweb/variables.env
    echo "REDIS_PORT=6379" | sudo tee -a /etc/bunkerweb/variables.env
@ -95,10 +123,22 @@ cleanup_stack () {
            find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
            find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6379"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT_NUMBER: "[0-9]*"@REDIS_PORT_NUMBER: "6379"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_MASTER_PORT_NUMBER: "[0-9]*"@REDIS_MASTER_PORT_NUMBER: "6379"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_PORT_NUMBER: "[0-9]*"@REDIS_SENTINEL_PORT_NUMBER: "26379"@' {} \;
            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "1"@REDIS_DATABASE: "0"@' {} \;
            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "yes"@REDIS_SSL: "no"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_ENABLED: "yes"@REDIS_TLS_ENABLED: "no"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_TLS_ENABLED: "yes"@REDIS_SENTINEL_TLS_ENABLED: "no"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_PORT_NUMBER: "[0-9]*"@REDIS_TLS_PORT_NUMBER: "6379"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_TLS_PORT_NUMBER: "[0-9]*"@REDIS_SENTINEL_TLS_PORT_NUMBER: "26379"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_AUTH_CLIENTS: "no"@REDIS_TLS_AUTH_CLIENTS: "yes"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PASSWORD: ".*"@REDIS_PASSWORD: ""@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_PASSWORD: ".*"@REDIS_SENTINEL_PASSWORD: ""@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_USERNAME: ".*"@REDIS_USERNAME: ""@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_USERNAME: ".*"@REDIS_SENTINEL_USERNAME: ""@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_HOSTS: ".*"@REDIS_SENTINEL_HOSTS: ""@' {} \;
        else
-            sudo rm -rf tls
            sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=no@' /etc/bunkerweb/variables.env
            sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=no@' /etc/bunkerweb/variables.env
            sudo sed -i 's@REDIS_PORT=.*$@REDIS_PORT=6379@' /etc/bunkerweb/variables.env
@ -111,6 +151,7 @@ cleanup_stack () {
            unset REDIS_SSL
            sudo killall redis-server
        fi
+        sudo rm -rf acl tls
        if [[ $end -eq 1 && $exit_code = 0 ]] ; then
            return
        fi
@ -137,7 +178,13 @@ cleanup_stack () {
 # Cleanup stack on exit
 trap cleanup_stack EXIT

-for test in "activated" "reverse_scan" "antibot" "tweaked"
+tests="activated reverse_scan antibot tweaked ssl"
+
+if [ "$integration" == "docker" ] ; then
+    tests="$tests sentinel sentinel_tweaked" # TODO sentinel_ssl
+fi
+
+for test in $tests
 do
    if [ "$test" = "activated" ] ; then
        echo "🧰 Running tests with redis with default values ..."
@ -153,6 +200,7 @@ do
        echo "🧰 Running tests with redis with antibot cookie activated ..."
        if [ "$integration" == "docker" ] ; then
            find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
+
            find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "no"@USE_ANTIBOT: "cookie"@' {} \;
        else
            sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=no@' /etc/bunkerweb/variables.env
@ -164,17 +212,65 @@ do
        echo "🧰 Running tests with redis' settings tweaked ..."
        if [ "$integration" == "docker" ] ; then
            find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
+
            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6380"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT_NUMBER: "[0-9]*"@REDIS_PORT_NUMBER: "6380"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_MASTER_PORT_NUMBER: "[0-9]*"@REDIS_MASTER_PORT_NUMBER: "6380"@' {} \;
            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "0"@REDIS_DATABASE: "1"@' {} \;
-            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "no"@REDIS_SSL: "yes"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PASSWORD: ".*"@REDIS_PASSWORD: "secret"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_USERNAME: ".*"@REDIS_USERNAME: "bunkerweb"@' {} \;
        else
            sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=no@' /etc/bunkerweb/variables.env
            sudo sed -i 's@REDIS_PORT=.*$@REDIS_PORT=6380@' /etc/bunkerweb/variables.env
            sudo sed -i 's@REDIS_DATABASE=.*$@REDIS_DATABASE=1@' /etc/bunkerweb/variables.env
-            sudo sed -i 's@REDIS_SSL=.*$@REDIS_SSL=yes@' /etc/bunkerweb/variables.env
+            sudo sed -i 's@REDIS_PASSWORD=.*$@REDIS_PASSWORD=secret@' /etc/bunkerweb/variables.env
+            sudo sed -i 's@REDIS_USERNAME=.*$@REDIS_USERNAME=bunkerweb@' /etc/bunkerweb/variables.env
            unset USE_ANTIBOT
            export REDIS_PORT="6380"
            export REDIS_DATABASE="1"
+            export REDIS_PASSWORD="secret"
+            export REDIS_USERNAME="bunkerweb"
+
+            echo "🧰 Stopping redis ..."
+            sudo killall redis-server
+            # shellcheck disable=SC2181
+            if [ $? -ne 0 ] ; then
+                echo "🧰 Redis stop failed ❌"
+                exit 1
+            fi
+            echo "🧰 Redis stopped ✅"
+            echo "🧰 Starting redis with tweaked settings ..."
+            redis-server --port 6380 --requirepass secret --aclfile /acl/redis.acl --daemonize yes
+            # shellcheck disable=SC2181
+            if [ $? -ne 0 ] ; then
+                echo "🧰 Redis start failed ❌"
+                exit 1
+            fi
+            echo "🧰 Redis started ✅"
+        fi
+    elif [ "$test" = "ssl" ] ; then
+        echo "🧰 Running tests with redis' ssl activated ..."
+        if [ "$integration" == "docker" ] ; then
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT_NUMBER: "[0-9]*"@REDIS_PORT_NUMBER: "6379"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_MASTER_PORT_NUMBER: "[0-9]*"@REDIS_MASTER_PORT_NUMBER: "6379"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "1"@REDIS_DATABASE: "0"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PASSWORD: ".*"@REDIS_PASSWORD: ""@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_USERNAME: ".*"@REDIS_USERNAME: ""@' {} \;
+
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "no"@REDIS_SSL: "yes"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_ENABLED: "no"@REDIS_TLS_ENABLED: "yes"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_PORT_NUMBER: "[0-9]*"@REDIS_TLS_PORT_NUMBER: "6380"@' {} \;
+            find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_AUTH_CLIENTS: "yes"@REDIS_TLS_AUTH_CLIENTS: "no"@' {} \;
+        else
+            sudo sed -i 's@REDIS_PORT=.*$@REDIS_PORT=6379@' /etc/bunkerweb/variables.env
+            sudo sed -i 's@REDIS_DATABASE=.*$@REDIS_DATABASE=0@' /etc/bunkerweb/variables.env
+            sudo sed -i 's@REDIS_PASSWORD=.*$@REDIS_PASSWORD=@' /etc/bunkerweb/variables.env
+            sudo sed -i 's@REDIS_USERNAME=.*$@REDIS_USERNAME=@' /etc/bunkerweb/variables.env
+            sudo sed -i 's@REDIS_SSL=.*$@REDIS_SSL=yes@' /etc/bunkerweb/variables.env
+            unset REDIS_PORT
+            unset REDIS_DATABASE
+            unset REDIS_PASSWORD
+            unset REDIS_USERNAME
            export REDIS_SSL="yes"

            echo "🧰 Stopping redis ..."
@ -186,7 +282,7 @@ do
            fi
            echo "🧰 Redis stopped ✅"
            echo "🧰 Starting redis with tweaked settings ..."
-            redis-server --tls-port 6380 --port 0 --tls-cert-file tls/redis.pem --tls-key-file tls/redis.key --tls-ca-cert-file tls/ca.crt --tls-auth-clients no --daemonize yes
+            redis-server --tls-port 6379 --port 0 --tls-cert-file tls/redis.pem --tls-key-file tls/redis.key --tls-ca-cert-file tls/ca.crt --tls-auth-clients no --daemonize yes
            # shellcheck disable=SC2181
            if [ $? -ne 0 ] ; then
                echo "🧰 Redis start failed ❌"
@ -194,6 +290,44 @@ do
            fi
            echo "🧰 Redis started ✅"
        fi
+    elif [ "$test" = "sentinel" ] ; then
+        echo "🧰 Running tests with redis' in sentinel mode ..."
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6379"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "yes"@REDIS_SSL: "no"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_ENABLED: "yes"@REDIS_TLS_ENABLED: "no"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_PORT_NUMBER: "[0-9]*"@REDIS_TLS_PORT_NUMBER: "6379"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_AUTH_CLIENTS: "no"@REDIS_TLS_AUTH_CLIENTS: "yes"@' {} \;
+
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_HOSTS: ".*"@REDIS_SENTINEL_HOSTS: "bw-redis-sentinel-1:26379 bw-redis-sentinel-2:26379 bw-redis-sentinel-3:26379"@' {} \;
+    elif [ "$test" = "sentinel_tweaked" ] ; then
+        echo "🧰 Running tests with redis' in sentinel mode with tweaked settings ..."
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6380"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT_NUMBER: "[0-9]*"@REDIS_PORT_NUMBER: "6380"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_MASTER_PORT_NUMBER: "[0-9]*"@REDIS_MASTER_PORT_NUMBER: "6380"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_PORT_NUMBER: "[0-9]*"@REDIS_SENTINEL_PORT_NUMBER: "26380"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "0"@REDIS_DATABASE: "1"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PASSWORD: ".*"@REDIS_PASSWORD: "secret"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_PASSWORD: ".*"@REDIS_SENTINEL_PASSWORD: "sentinel_secret"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_USERNAME: ".*"@REDIS_USERNAME: "bunkerweb"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_USERNAME: ".*"@REDIS_SENTINEL_USERNAME: "bunkerweb_sentinel"@' {} \;
+        find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_HOSTS: ".*"@REDIS_SENTINEL_HOSTS: "bw-redis-sentinel-1:26380 bw-redis-sentinel-2:26380 bw-redis-sentinel-3:26380"@' {} \;
+    # elif [ "$test" = "sentinel_ssl" ] ; then # TODO
+    #     echo "🧰 Running tests with redis' in sentinel mode with ssl activated ..."
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6379"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT_NUMBER: "[0-9]*"@REDIS_PORT_NUMBER: "6379"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_MASTER_PORT_NUMBER: "[0-9]*"@REDIS_MASTER_PORT_NUMBER: "6379"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "no"@REDIS_SSL: "yes"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "1"@REDIS_DATABASE: "0"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PASSWORD: ".*"@REDIS_PASSWORD: ""@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_USERNAME: ".*"@REDIS_USERNAME: ""@' {} \;
+
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "no"@REDIS_SSL: "yes"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_ENABLED: "no"@REDIS_TLS_ENABLED: "yes"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_TLS_ENABLED: "no"@REDIS_SENTINEL_TLS_ENABLED: "yes"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_PORT_NUMBER: "[0-9]*"@REDIS_TLS_PORT_NUMBER: "6380"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_TLS_PORT_NUMBER: "[0-9]*"@REDIS_SENTINEL_TLS_PORT_NUMBER: "26380"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_TLS_AUTH_CLIENTS: "yes"@REDIS_TLS_AUTH_CLIENTS: "no"@' {} \;
+    #     find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SENTINEL_TLS_AUTH_CLIENTS: "yes"@REDIS_SENTINEL_TLS_AUTH_CLIENTS: "no"@' {} \;
    fi

    echo "🧰 Starting stack ..."