在配置文件redis.conf中,默认的bind 接口是127.0.0.1,也就是本地回环地址。
这样的话,访问redis服务只能通过本机的客户端连接,而无法通过远程连接,
这样可以避免将redis服务暴露于危险的网络环境中,防止一些不安全的人随随便便通过远程
连接到redis服务。
如果bind选项为空的话,那会接受所有来自于可用网络接口的连接。
例子:
比如有两台redis服务器,ip分别为:192.168.1.101和192.168.1.103,如何在101上通过redis-cli访问103上的redis呢?在远程连接103之前,先讲下redis-cli的几个关键参数:
用法:redis-cli [OPTIONS] [cmd [arg [arg ...]]]
-h <主机ip>,默认是127.0.0.1
-p <端口>,默认是6379
-a <密码>,如果redis加锁,需要传递密码
--help,显示帮助信息
当在101上通过redis-cli访问103上的redis时,首先要修改103上的redis.conf文件,在bind下加一行:bind 192.168.1.101
这样103上的redis服务就可以listen来自192.168.1.101的连接。
通过对rendis-cli用法介绍,在101上连接103应该很简单:
官方文档介绍:
Protected mode
Unfortunately many users fail to protect Redis instances from being accessed from external networks. Many instances are simply left exposed on the internet with public IPs. For this reasons since version 3.2.0, when Redis is executed with the default configuration (binding all the interfaces) and without any password in order to access it, it enters a special mode called proteced mode. In this mode Redis only replies to queries from the loopback interfaces, and reply to other clients connecting from other addresses with an error, explaining what is happening and how to configure Redis properly.
| (error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside. |