Redis can bind to all interfaces with bind * -::*
configuration. But, Redis also enables protected-mode
by default in its configuration file. It will make bind * -::*
configuration ineffective because the protected-mode
requires both to explicitly state the binding interfaces and to define user authentication.
The unsecured way is to set protected-mode no
in the configuration. It will make our Redis server becomes accessible from any interfaces without authentication. It may be fine if we deploy our Redis server in a closed environment such as in a containerized one without exposing and pointing any port to the Redis service port. So that, the service can only be accessible from other services in the container's network.
The recommended way is to keep protected-mode yes
in the configuration. Then, we need to add a new user authentication configuration and limiting access for the default user. A default user is a user with no assigned name when the client tries to connect to the server. We can use the following configuration.
user myuser on +@all allkeys allchannels >mypassword
user default on nocommands resetkeys resetchannels nopass
We need to change myuser
and mypassword
with own user name and password respectively. The nocommands
parameter is an alias of -@all
that will disable all available commands for the user.
Comments
Post a Comment