[英]Open Redis port for remote connections
I can ping pong Redis on the server:我可以在服务器上 ping pong Redis:
# redis-cli ping
PONG
But remotely, I got problems:但远程,我遇到了问题:
$ src/redis-cli -h REMOTE.IP ping
Could not connect to Redis at REMOTE.IP:6379: Connection refused
In config, I got the standard port:在配置中,我得到了标准端口:
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379
So maybe I should open port 6379 on the remote Ubuntu machine?所以也许我应该在远程 Ubuntu 机器上打开端口 6379? How do I do it?
我该怎么做?
Did you set the bind option to allow remote access on the redis server?您是否设置了绑定选项以允许远程访问 redis 服务器?
Before (file /etc/redis/redis.conf
)之前(文件
/etc/redis/redis.conf
)
bind 127.0.0.1
After之后
bind 0.0.0.0
and run sudo service redis-server restart
to restart the server.并运行
sudo service redis-server restart
重新启动服务器。 If that's not the problem, you might want to check any firewalls that might block the access.如果这不是问题,您可能需要检查任何可能阻止访问的防火墙。
Important: If you don't use a firewall (iptables, ufw..) to control who connects to the port in use, ANYONE can connect to this Redis instance.重要提示:如果您不使用防火墙(iptables、ufw..)来控制谁连接到正在使用的端口,则任何人都可以连接到此 Redis 实例。 Without using Redis'
AUTH
that means anyone can access/change/delete your data.不使用Redis 的
AUTH
这意味着任何人都可以访问/更改/删除您的数据。 Be safe!注意安全!
For me, I needed to do the following:对我来说,我需要做以下事情:
1- Comment out bind 127.0.0.1
1- 注释掉
bind 127.0.0.1
2- Change protected-mode
to no
2- 将
protected-mode
更改为no
3- Protect my server with iptables
( https://www.digitalocean.com/community/tutorials/how-to-implement-a-basic-firewall-template-with-iptables-on-ubuntu-14-04 ) 3- 用
iptables
保护我的服务器( https://www.digitalocean.com/community/tutorials/how-to-implement-a-basic-firewall-template-with-iptables-on-ubuntu-14-04 )
A quick note that doing this without further securing your Redis server is not a good idea as it can leave you open to attack.请注意,在不进一步保护 Redis 服务器的情况下执行此操作不是一个好主意,因为它可能会让您容易受到攻击。 Be sure to also implement AUTH or otherwise secure that.
一定要实现 AUTH 或以其他方式保护它。 See http://redis.io/topics/security for details.
有关详细信息,请参阅http://redis.io/topics/security 。
1- Comment out bind 127.0.0.1 1- 注释掉 bind 127.0.0.1
2- set requirepass yourpassword 2-设置requirepass yourpassword
then check if the firewall blocked your port然后检查防火墙是否阻止了您的端口
iptables -L -n iptables -L -n
service iptables stop服务 iptables 停止
Open $REDIS_HOME/redis.conf and uncomment requirepass -YOUR-PASSWORD-HERE-
and write down your password in the specified lines.打开 $REDIS_HOME/redis.conf 并取消注释
requirepass -YOUR-PASSWORD-HERE-
并在指定的行中记下您的密码。
Login to redis using redis-cli and verify your password in the database using auth -YOUR-PASSWORD-HERE-
command.使用 redis-cli 登录到 redis,并使用
auth -YOUR-PASSWORD-HERE-
命令在数据库中验证您的密码。
Disable protected mode by changing its string in $REDIS_HOME/redis.conf to protected-mode no
.通过将 $REDIS_HOME/redis.conf 中的字符串更改为
protected-mode no
来禁用保护模式。
Search for all bind ports values and comment all of them.搜索所有绑定端口值并注释所有这些值。 Just add
bind 0.0.0.0
to $REDIS_HOME/redis.conf file.只需将
bind 0.0.0.0
添加到 $REDIS_HOME/redis.conf 文件即可。
Disable your firewall or open redis port.禁用防火墙或打开 redis 端口。
Start redis using ./redis-server $REDIS_HOME/redis.conf
.使用
./redis-server $REDIS_HOME/redis.conf
启动 redis。
Check the configuration via ./redis-cli -h -YOUR-IP- -a -YOUR-PASSWORD-HERE-
.通过
./redis-cli -h -YOUR-IP- -a -YOUR-PASSWORD-HERE-
检查配置。
./redis-cli -h -YOUR-IP- ping
../redis-cli -h -YOUR-IP- ping
检查配置。A quick note that if you are using AWS ec2 instance then there is one more extra step that I believe is also mandatory.请注意,如果您使用的是 AWS ec2 实例,那么我认为还有一个额外的步骤也是强制性的。 I missed the step-3 and it took me whole day to figure out to add an inbound rule to security group
我错过了第 3 步,我花了一整天的时间才弄清楚将入站规则添加到安全组
Step 1(as previous): in your redis.conf change bind 127.0.0.1 to bind 0.0.0.0第 1 步(如前所述):在您的 redis.conf 中将 bind 127.0.0.1 更改为 bind 0.0.0.0
Step2(as previous): in your redis.conf change protected-mode yes to protected-mode no Step2(如前所述):在您的 redis.conf 中将 protected-mode yes 更改为 protected-mode no
Step3: In your current ec2 machine go to the security group.步骤 3:在您当前的 ec2 机器上转到安全组。 add an inbound rule for custom TCP with 6379 port and select option "use from anywhere".
为具有 6379 端口的自定义 TCP 添加入站规则并选择选项“从任何地方使用”。
Open the file at location /etc/redis.conf
在
/etc/redis.conf
位置打开文件
Comment out bind 127.0.0.1
注释掉
bind 127.0.0.1
Restart Redis:重启Redis:
sudo systemctl start redis.service
Disable Firewalld:禁用防火墙:
systemctl disable firewalld
Stop Firewalld:停止防火墙:
systemctl stop firewalld
Then try:然后尝试:
redis-cli -h 192.168.0.2(ip) -a redis(username)
In my case, I'm using redis-stable
就我而言,我使用的是 redis-stable
Go to redis-stable path
cd /home/ubuntu/software/redis-stable
Open the redis.conf
打开 redis.conf
vim redis.conf
Change the
bind 127.0.0.1
tobind 0.0.0.0
将
bind 127.0.0.1
更改为bind 0.0.0.0
change the
protected-mode yes
toprotected-mode no
改变
protected-mode yes
,以protected-mode no
Restart the redis-server:
重启 redis-server:
/etc/init.d/redis-server stop
redis-server redis.conf
Bind & protected-mode both are the essential steps.绑定和保护模式都是必不可少的步骤。 But if ufw is enabled then you will have to make redis port allow in ufw.
但是如果启用了ufw ,那么您必须在 ufw 中允许 redis 端口。
ufw status
if Status: active
then allow redis-port ufw allow 6379
ufw status
if Status: active
then allow redis-port ufw allow 6379
vi /etc/redis/redis.conf
bind 127.0.0.1
to bind 0.0.0.0
bind 127.0.0.1
更改为bind 0.0.0.0
protected-mode yes
to protected-mode no
protected-mode yes
,以protected-mode no
Another possibly helpful note.另一个可能有用的注释。
Redis can be bound to multiple IPs - that's very helpful when you don't want to open it to entire world ( 0.0.0.0
) but only make it accessible in local networks. Redis 可以绑定到多个 IP - 当您不想向整个世界 (
0.0.0.0
) 开放它而只想在本地网络中访问它时,这非常有用。
sudo nano /etc/redis/redis.conf
bind
setting:bind
设置的末尾: bind 127.0.0.1 10.0.0.1
sudo service redis-server restart
sudo service redis-server restart
Now you can easily access redis from other computers in same network, eg redis-cli -h 10.0.0.1
现在您可以轻松地从同一网络中的其他计算机访问 redis,例如
redis-cli -h 10.0.0.1
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.