Password for Redis

[NourdineMazali]

Hi,

I need to apply a password for Redis, as I am using Laradock for production environment, what's the best way to do so ?
Thank you.

[JimChenWYU]

1. The official redis.conf file, copy it to laradock/redis and deploy it by yourself.
2. Update the redis Dockerfile like this

FROM redis:latest

MAINTAINER Mahmoud Zalt <mahmoud@zalt.me>

## For security settings uncomment, make the dir, copy conf, and also start with the conf, to use it
RUN mkdir -p /usr/local/etc/redis
COPY redis.conf /usr/local/etc/redis/redis.conf

VOLUME /data

EXPOSE 6379

CMD ["redis-server", "/usr/local/etc/redis/redis.conf"]
#CMD ["redis-server"]

3. docker-compose build redis

[jasperf]

I saw they recommend adding

FROM redis
COPY redis.conf /usr/local/etc/redis/redis.conf
CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]

at Docker.

[ryancwalsh]

It took me awhile to understand Jim's post, but here were the commands I eventually ran:

cd /apps/laradock/redis && curl -o redis.conf http://download.redis.io/redis-stable/redis.conf
vim /apps/laradock/redis/Dockerfile
cd /apps/laradock/ && docker-compose down
docker-compose build --no-cache redis
cd /apps/laradock && docker-compose up -d nginx mysql redis php-worker

Thanks, @JimChenWYU ! Very helpful.

These edits are probably important to make too because of security: https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-redis-on-ubuntu-18-04

[jasperf]

Also make sure you do a docker-compose build --no-cache redis and not a docker build redis --no-cache post Dockerfile tweak as I did for some odd reason today. Also I used bind 0.0.0.0 instead of 127.0.0.1 so Horizon could load all my Redis queues properly.

[azaricstefan]

You just need to update redis.conf inside with the password you want.
Search for the block in redis.conf which is written like this:
# requirepass foobared
foobared should be the password you want.

Regarding binding addresses.

Don't use bind 0.0.0.0 in production!

Explanation:
127.0.0.1 is normally the IP address assigned to the "loopback" or local-only interface. This is a "fake" network adapter that can only communicate within the same host. It's often used when you want a network-capable application to only serve clients on the same host. A process that is listening on 127.0.0.1 for connections will only receive local connections on that socket.

"localhost" is normally the hostname for the 127.0.0.1 IP address. It's usually set in /etc/hosts (or the Windows equivalent named "hosts" somewhere under %WINDIR%). You can use it just like any other hostname - try "ping localhost" to see how it resolves to 127.0.0.1.

0.0.0.0 has a couple of different meanings, but in this context, when a server is told to listen on 0.0.0.0 that means "listen on every available network interface". The loopback adapter with IP address 127.0.0.1 from the perspective of the server process looks just like any other network adapter on the machine, so a server told to listen on 0.0.0.0 will accept connections on that interface too.

[jasperf]

Thanks a lot for the feedback @xlstefan . The way I understand it is that if you set 0.0.0.0 for Redis as an address you will let Redis listen on every network interface including 127.0.0.1 . What the other possible network interfaces would be I am not sure, but perhaps eth1 and docker0. And I would assume that this way Redis is opened up to access from other locations on the web. Is that correct?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

Hi again 👋 we would like to inform you that this issue has been automatically closed 🔒 because it had not recent activity during the stale period. We really really appreciate your contributions, and looking forward for more in the future 🎈.