通过外网访问Redis可能会遇到这个问题,Redis protected-mode 是3.2 之后加入的新特性,在redis.conf的注释中,我们可以了解到,他的具体作用和启用条件:
# Protected mode is a layer of security protection, in order to avoid that # Redis instances left open on the internet are accessed and exploited. # # When protected mode is on and if: # # 1) The server is not binding explicitly to a set of addresses using the # "bind" directive. # 2) No password is configured. # # The server only accepts connections from clients connecting from the # IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain # sockets. # # By default protected mode is enabled. You should disable it only if # you are sure you want clients from other hosts to connect to Redis # even if no authentication is configured, nor a specific set of interfaces # are explicitly listed using the "bind" directive. protected-mode yes可以看到 protected-mode 是为了禁止公网访问redis cache,加强redis安全的。它启用的条件,有两个:
1) 没有bind IP
2) 没有设置访问密码
如果启用了,则只能够通过lookback ip(127.0.0.1)访问Redis cache,如果从外网访问,则会返回相应的错误信息,就是上图中的信息。
因此在新的版本中,应该配置绑定IP和访问密码,这样的话才不会报错误,在Redis的一个论坛中,老外也探讨了这个问题,可以参考:https://www.reddit.com/r/redis/comments/3zv85m/new_security_feature_redis_protected_mode/
1、启动Redis,这里指定具体的配置文件
[root@localhost redis-3.2.1]# ./redis-server ../redis.conf2、查看Redis服务和进程
[root@localhost redis-3.2.1]# ps -ef | grep redis [root@localhost redis-3.2.1]# netstat -ano | grep 6379
3、访问客户端Cli
[root@localhost redis-3.2.1]# ./src/redis-cli如果设置密码,用参数 -a指定密码
[root@localhost redis-3.2.1]# ./src/redis-cli -a yourpassword注意:上述的操作过程中,始终是关闭了防火墙的,关闭的命令如下:
centos 7: systemctl stop firewalld.service #停止 systemctl disable firewalld.service #禁用 centos 7之前的版本: service iptables stop #停止 chkconfig iptables off #禁用如果只是想开启某一个端口,例如:6379的话,可以搜索一下具体的配置过程,这里不再累述。
下面关于Redis的文章您也可能喜欢,不妨参考下: