文章内容
2018/12/6 18:07:02,作 者: 黄兵
如何让Redis允许远程连接,并设置密码
最近网站数据量过大,需要在数据库上层增加一个缓存层,所以采用了Redis作为数据库。但是Redis默认是不允许远程连接的,主要还是考虑到了安全问题。
但是如果需要远程连接,那该如何操作呢:
在/etc/redis/redis.conf文件里面修改如下配置文件,
################################## NETWORK ##################################### # By default, if no "bind" configuration directive is specified, Redis listens # for connections from all the network interfaces available on the server. # It is possible to listen to just one or multiple selected interfaces using # the "bind" configuration directive, followed by one or more IP addresses. # # Examples: # # bind 192.168.1.100 10.0.0.1 # bind 127.0.0.1 ::1 # # ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the # internet, binding to all the interfaces is dangerous and will expose the # instance to everybody on the internet. So by default we uncomment the # following bind directive, that will force Redis to listen only into # the IPv4 lookback interface address (this means Redis will be able to # accept connections only from clients running into the same computer it # is running). # # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES # JUST COMMENT THE FOLLOWING LINE. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ bind 127.0.0.1 ::1
将bind 127.0.0.1 ::1注释掉:
# bind 127.0.0.1 ::1
这样就可以远程连接了。
允许远程连接就带来了一个很大的问题,可以用过互联网破解Redis密码,所以需要设置Redis的密码。
redis的查询速度是非常快的,外部用户一秒内可以尝试多大150K个密码;所以密码要尽量长(对于DBA 没有必要必须记住密码);
所以需要设置一个很长的密码,防止破解。
找到刚才的配置文件,有如下内容:
################################## SECURITY ################################### # Require clients to issue AUTHbefore processing any other # commands. This might be useful in environments in which you do not trust # others with access to the host running redis-server. # # This should stay commented out for backward compatibility and because most # people do not need auth (e.g. they run their own servers). # # Warning: since Redis is pretty fast an outside user can try up to # 150k passwords per second against a good box. This means that you should # use a very strong password otherwise it will be very easy to break. # requirepass xxxxxxxxxxxx
修改requirepass 后面就是密码,密码设置的尽量长。
之后重启Redis,在真正的项目上,需要注意数据的持久化,否则重启数据会丢失。
如果是用apt-get或者yum install安装的redis,可以直接通过下面的命令停止/启动/重启redis
/etc/init.d/redis-server stop /etc/init.d/redis-server start /etc/init.d/redis-server restart
如果是通过源码安装的redis,则可以通过redis的客户端程序redis-cli的shutdown命令来重启redis
1、Redis关闭:
redis-cli -h 127.0.0.1 -p 6379 shutdown
2、Redis启动:
redis-server
参考资料:
黄兵个人博客原创。
转载请注明出处:黄兵个人博客 - 如何让Redis允许远程连接
评论列表