I have a 3 nodes Redis primary/secondary setup. Secondary nodes are configured as a replicaof. My setup has been running great for couple of years and last week for some reasons my servers got restarted and our apps could not connect to the primary server. I could ssh to the box and use redis-cli but cannot connect to the server using redis-cli from different machine/remote. I had to change the bind property from bind 127.0.0.1 my.server.ip to bind 0.0.0.0. Can someone please help me figure out why ? Thanks!! My primary redis.conf looks like
bind 127.0.0.1 my.server.ip
requirepass foobared
protected-mode yes
Replicas redis.conf
bind 127.0.0.1
replicaof my.server.ip 6379
masterauth foobared
protected-mode yes
protected-mode yes
Disallows connections from public IPs and is detailed https://redis.io/topics/security
Related
I have set up elasticache with redis and the host is rechable which I can confirm with telnet, when Redis commands are issued it does not return any result, either with ubuntu#ip-10-0-2-8:~$ redis-cli -h master.xxxxxx-xxxx.xxxxx.xxxx.cache.amazonaws.com -p 6379 INFO or and very unfortunately AWS cant show you redis logs
The redis-cli client does not support SSL/TLS connections. To use the
redis-cli to access an ElastiCache for Redis node (cluster mode
disabled) with in-transit encryption, you can use the stunnel package
in your Linux-based clients. The stunnel command can create an SSL
tunnel to Redis nodes specified in the stunnel configuration. After
the tunnel is established, the redis-cli can be used to connect an
in-transit encryption enabled cluster node.
Source: https://aws.amazon.com/premiumsupport/
So you can either use stunnel or disabling in-transit encryption.
You need to add firewall rule to allow other machine to access your redis server. I meant you need to enable firewall rule to allow 6379 port accessible from outside. Following article will will help you to do this.
Also please make sure redis is running on port 6379 or some other port.
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/accessing-elasticache.html#access-from-outside-aws
Installed a redis in ubuntu 16.4 in digitalocean.
I've changed the default redis server 127.0.0.1:6379 into my own ip in digitalocean 178.xxx.xxx.xxx:6379 by editing editing vim /etc/redis/redis.conf
After that I tried redis-cli and redis-cli shutdown all responded this:
Could not connect to Redis at 127.0.0.1:6379: Connection refused
But if ps aux|grep redis
I get:
redis 11734 0.0 0.1 41852 3892 ? Ssl 15:45 0:11 /usr/local/bin/redis-server 178.xxx.xxx.xxx:6379
root 12735 0.0 0.0 12944 948 pts/0 S+ 19:11 0:00 grep --color=auto redis
Is this normal?Or what should I do?
What you should do depends on how you want it to work...
If you want to be able to connect to Redis via any network interface, comment out all the bind directives in your config file by putting a # at the start of the line beginning bind.
If you want to only be able to connect by specifying 178.xxx.xxx.xxx, then put the following in your config file:
bind 178.xxx.xxx.xxx
If you want to use 127.0.0.1 or 178.xxx.xxx.xxx, then put:
bind 178.xxx.xxx.xxx 127.0.0.1
I'm guessing you want this option, but see security note below.
In general though, it is not advisable from a security point of view, to expose your Redis server to the whole Internet - and all the options above do exactly that. You probably want to bind to 127.0.0.1 and set up an ssh tunnel from your 178.xxx.xxx.xxx public address to 127.0.0.1.
Whatever you put in there, restart Redis to make changes take effect.
I changed the port number from 6379 to 6380 but redis still tries to connect through the default port.
It says connection refused and couldn't connect through 127.0.0.1 6379. What can I do?
The command redis-cli -p 6380 will not start a Redis server that will listening to port 6380.
If you want to change the port you must firts kill the redis instance running on default port and then locate the redis.conf file.
Edit the lines:
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379
cluster-config-file nodes-6379.conf
with your new port.
Finally, start Redis with the edited config file:
./redis-server /path/to/redis/redis.conf
Check if there is a process already using 6379. On MacOS, run:
lsof -i :6380
Then kill whatever is using that port. Make sure you kill the redis instance running on 6379 and restart it on 6380 once you're sure that port is free.
My Redis instance is running at 192.168.1.101.
Redis version is 4.0.1
I want to to be able to connect this Redis instance from 192.168.1.103, but I can't.
I type redis-cli -h 192.168.1.101 -p 6379 -a myredisPasswordisHere while I'm at 192.168.1.103
It returns
Could not connect to Redis at 192.168.1.101:6379: Connection refused
Could not connect to Redis at 192.168.1.101:6379: Connection refused
Here's the related part of the Redis.conf, it's located in /usr/local/etc/redis.conf. I've installed it via Homebrew.
TL;DR
protected-mode yes
bind 192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104
requirepass myredisPasswordisHere
What's wrong here?
For the redis service to be available for other remote hosts to query it, You need to bind it publicly to serve using bind 0.0.0.0
As the other comments from #Itamar and #Mark clearly mention, bind isn't the list of IP addresses that can connect but rather the interface on the local machine. Once the service is publicly available and running with 0.0.0.0 for your requirement of only allowing specific hosts, you need some kind of a firewall with a whitelist of IP addresses that can access this host which you can achieve with iptables.
So i'm trying to create a cluster using the default redis guide.
but when running ruby /usr/share/doc/redis-tools/examples/redis-trib.rb create .... i get stuck forever in "Waiting for the cluster to join".
Each redis conf is bound to their respective static ip address (Not only 127)
My nodes are all located on an separate instance of ubuntu 16.04 in a Exsi envoirment without ANY firewall between them.
Each host is not created separatly, I just copied the first and changed hostnames + static iface for the other two, if that could cause something?
Master-slave replication works, so i doubt there is an connection issue?
Here is a print, if that can help in some way: http://i.imgur.com/LrNOrut.png
Any ideas?
UPDATE
I have checked all hosts from another physical interface and I have connected to them successfully with cluster-enabled no
Both 6379 and 16379 are accepting connections on both 127.0.0.1 and 192....
And all hosts can reach each other with telnet <host> <16379>
Try to keep only one IP in "bind " configuration directive in /etc/redis/redis.conf or even comment it out
I had same problem when there was following string in my config :
bind 127.0.0.1 172.19.2.10Х
Removed loopback interface on all the nodes and passed that obstacle.