升級版本
3.0.2 版本升級到 redis-3.2.0 版本遠程無法訪問,比較配置文件有些變化,比如默認只能本地的機器才能訪問
3.0.2 版本
# By default Redis listens for connections from all the network interfaces
# available on the server. It is possible to listen to just one or multiple
# interfaces using the "bind" configuration directive, followed by one or
# more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1
redis-3.2.0版本
# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only into
# the IPv4 lookback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# bind 127.0.0.1
# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
# "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes
安全
##Redis 配置
http://redis.io/download
http://redis.io/documentation
######編譯包
yum update
yum -y install gcc gcc-c++ autoconf automake make
######下載編譯
wget http://download.redis.io/releases/redis-3.2.0.tar.gz
tar xzf redis-3.2.0.tar.gz
cd redis-3.2.0
make
######編譯測試
yum install tcl
make test
######注釋bind
# bind 127.0.0.1
######守護進程啟動
daemonize yes
#保護模式[無密碼模式設置為no]
protected-mode no
#設置密碼
requirepass test
######數據文件路徑
dir /opt/data/
######日志文件路徑
logfile "/opt/data/redis.log"
######緩存數據名稱
dbfilename dump.rdb
#查看防火牆關閉狀態
service iptables status
######關閉命令
service iptables stop
######永久關閉防火牆
chkconfig iptables off
######主從
配置一個從服務器非常簡單,只要在配置文件中增加以下的這一行就可以了:
slaveof 192.168.210.31 6379
SLAVEOF 192.168.210.31 6379
######啟動
src/redis-server /opt/redis-3.2.0/redis.conf
######測試
$ src/redis-cli
redis> set foo bar
OK
redis> get foo
"bar"
######查看進程
ps -ef | grep redis
######殺死進程
kill -9 25946
監控
監控是使用的Opserver,啟用了密碼后,官方也沒有相關配置的文檔,調試了代碼,強制設置了默認的密碼。
REFER:
請務必注意 Redis 安全配置,否則將導致輕松被入侵
https://ruby-china.org/topics/28094
記一次Redis被攻擊的事件
http://www.cnblogs.com/yangecnu/p/An-Production-Accidents-Caused-by-Redis-Attacked.html
Redis 未授權訪問缺陷可輕易導致系統被黑
http://www.oschina.net/news/67975/redis-defect
Redis3.0與3.2文件對比
https://carlosfu.iteye.com/blog/2303254