Shulou(Shulou.com)06/01 Report--

Background

We know that redis does not configure a password by default, which makes it possible to log in to redis without verification as long as there is an IP+Port of redis. If your redis happens to be open on the public network, it is easy to be *, to gain access to your system, and is often hacked into a mining machine.

Of course, configuring a firewall is one way to secure redis, but it is also a good choice to configure a password for redis.

Environment

Redis:

192.168.1.227 (master)

192.168.1.227 6380 (slave)

192.168.1.227 6381 (slave)

Redis Sentinel:

192.168.1.227:26379

192.168.1.227:26380

192.168.1.227:26381

Operational configuration (the deployment of redis is not described here, but the installation and deployment of redis can be found in the article: https://blog.51cto.com/icenycmh/1792017)

Note: the redis and Sentinel configurations in this article are some of the configurations required for password authentication.

The password for redis is configured directly in the configuration file, as follows:

-192.168.1.227path/to/conf/6379.confrequirepass 6379 (redis Master) # vi / path/to/conf/6379.confrequirepass 123456-configure the redis Master password to 123456While Whitney 192.168.1.227path/to/conf/6379.confrequirepass 6381 (redis Slave) # vi / path/to/conf/6379.confrequirepass 123456-configure the redis Slave password to 123456masterauth 123456-because slave needs to interact with master Password authentication for master needs to be configured on slave

Enable redis:

# / path/to/redis/bin/redis-server / path/to/conf/6379.conf#/path/to/redis/bin/redis-server / path/to/conf/6380.conf#/path/to/redis/bin/redis-server / path/to/conf/6381.conf

Test password authentication

-do not provide password, connect to redis to view information, prompt to verify # / path/to/redis/bin/redis-cli-h 192.168.1.227-p 6379 info Replication NOAUTH Authentication required.---- to provide password, connect to redis to view information, normal display Slave connection is normal # / path/to/redis/bin/redis-cli-h 192.168.1.227-p 6379-a 123456 info Replication # Replicationrole:masterconnected_slaves:2slave0:ip=192.168.1.227,port=6380,state=online,offset=35215766,lag=1slave1:ip=192.168.1.227,port=6381,state=online,offset=35215780,lag=1master_repl_offset:35216203repl_backlog_active:1repl_backlog_size:1048576repl_backlog_first_byte_offset:34167628repl_backlog_histlen:1048576

Redis Sentinel

If the redis Sentinel cluster is used in the system, the original master may become slave when switching master, so you also need to configure masterauth on the original redis master:

# vi / path/to/conf/6379.confmasterauth 123456

In the configuration of the Sentinel, you also need to enter the obtained master password:

# vi / path/to/conf/sentinel.confsentinel auth-pass master 123456-master is your custom Sentinel cluster master string

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.