Redis中protected-mode模式详解

报错情况

我搭建了一个Redis实例，并把protected-mode设置为了yes。

protected-modeyes;

我在其他机器连接这台Redis服务：

redis-cli -h 1.1.1.1 -p 6379

结果报错如下：

(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions:

1. Just disable protected mode sending the command ‘CONFIG SET protected-mode no’ from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent.
2. Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to ‘no’, and then restarting the server.
3. If you started the server manually just for testing, restart it with the ‘–protected-mode no’ option.
4. Setup a bind address or an authentication password.

NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.

我们想要其他机连接我们的Redis服务，有三种方式：

1. 想办法让Redis运行在protected-mode为no的模式。
2. 如果protected-mode为yes，那么我们可以在Redis服务上设置bind，也就是我们的一台机器有几个ip，指定我们的服务绑定监听本机的哪个ip。
3. 如果protected-mode为yes，除了设置bind外，亦可通过设置密码的形式，也即是设置参数requirepass，从而达到可以从其他机器访问的目标。

实践总结

我们在redis的配置文件中会遇到protected-mode，它直译为保护模式。

如果设置为yes，那么只允许我们在本机的回环连接，其他机器无法连接。

线上Redis服务，为了安全，我们建议将protected-mode设置为yes。

protected-mode设置为yes的情况下，为了我们的应用服务可以正常访问Redis，我们需要设置Redis的bind参数或者密码参数requirepass。