Skip to content

How to restrict external access to Redis instance installed in a docker image

Solved Configure
  • Hello, I’m receiving an email, about my server that has a docker image of redis installed and uses port 6379, saying that it is open to external connections.

    Redis listens for traffic from everywhere on port 6379, and you can validate this report by attempting to connect to your Redis on 6379 via a simple telnet command:

    telnet 111.111.111.111 6379 
    

    This is a part of the email, (I masked the IP to put the message here on the forum) I also did the test to see if the port is really open to external connections on the website, https://www.yougetsignal.com /tools/open-ports/ , and it actually shows that my server’s ip port 6379 is open. And the email says to do the following

    Remediation of this issue will take just a few minutes and is relatively straightforward. You will need to open /etc/redis/redis.conf and uncomment (remove the ā€œ#ā€) or modify the line beginning with:

    #bind 127.0.0.1 ::1  
    

    Afterwards, restart redis with:

    sudo systemctl restart redis  
    

    I would like to know if someone can help me, since I can’t access the redis.config file inside the server, because redis is in a docker image, or at least I don’t know how to access it. Is there any way to block external access to my redis installed by a docker image?

  • @phenomlab
    Sorry to delay in responding, yes as i mentioned above, i had to remove my redis from docker and reinstall a new image with this command

    docker run --name=redis -p 127.0.0.1:6379:6379 -d -t redis:alpine
    

    and now when i test my ip and port on
    https://www.yougetsignal.com/tools/open-ports/

    the status of my redis port is closed. I think which to configure firewall in droplet digital ocean is a good idea too, and i will configure soon.
    Thanks for the help!

  • Hello, I’m receiving an email, about my server that has a docker image of redis installed and uses port 6379, saying that it is open to external connections.

    Redis listens for traffic from everywhere on port 6379, and you can validate this report by attempting to connect to your Redis on 6379 via a simple telnet command:

    telnet 111.111.111.111 6379 
    

    This is a part of the email, (I masked the IP to put the message here on the forum) I also did the test to see if the port is really open to external connections on the website, https://www.yougetsignal.com /tools/open-ports/ , and it actually shows that my server’s ip port 6379 is open. And the email says to do the following

    Remediation of this issue will take just a few minutes and is relatively straightforward. You will need to open /etc/redis/redis.conf and uncomment (remove the ā€œ#ā€) or modify the line beginning with:

    #bind 127.0.0.1 ::1  
    

    Afterwards, restart redis with:

    sudo systemctl restart redis  
    

    I would like to know if someone can help me, since I can’t access the redis.config file inside the server, because redis is in a docker image, or at least I don’t know how to access it. Is there any way to block external access to my redis installed by a docker image?

    @WesleyMoura Hi, and welcome to Sudonix. Even with Redis installed in a docker image, you will still have a config file, and should still be able to reach it.

    Can you provide more detail about the docket image ? You are right - by default, Redis will listen on all addresses, and will be exposed to the internet. Another way around this is to block access at firewall level and only permit the hosts you actually want.

  • @WesleyMoura Hi, and welcome to Sudonix. Even with Redis installed in a docker image, you will still have a config file, and should still be able to reach it.

    Can you provide more detail about the docket image ? You are right - by default, Redis will listen on all addresses, and will be exposed to the internet. Another way around this is to block access at firewall level and only permit the hosts you actually want.

    @phenomlab Hello, i have installed my redis on docker with this comand,
    docker run --name redis -p 6379:6379 -d -t redis:alpine
    And i don’t know how to access the redis.conf on docker image to make this step cited in email.
    Do you know how to do?
    I’m trying to search on documentation but i still can’t find it.

  • @phenomlab Hello, i have installed my redis on docker with this comand,
    docker run --name redis -p 6379:6379 -d -t redis:alpine
    And i don’t know how to access the redis.conf on docker image to make this step cited in email.
    Do you know how to do?
    I’m trying to search on documentation but i still can’t find it.

    @WesleyMoura Is it located in /usr/local/etc/redis/redis.conf ?

    Also, have a look at this

    https://hub.docker.com/_/redis

  • 6a81d494-bcc6-404d-8f2a-bef1e530314d-image.png

    Hello Wesley, i am doing great thanks for asking.

    actually, i am using digital ocean droplet with Plesk + Redis with docker

    i followed this guide and it solved the issue https://talk.plesk.com/threads/plesk-docker-redis-plesk-firewall-open-port-issue.352324/

    we need to install Redis docker using Plesk store BUT should run it using a specific command that limits its access to the local host only. (in your case you will install redis using command)

    Start the docker with,

    docker run --name=redis -p 127.0.0.1:6379:6379 redis
    

    d488b58b-e427-4c4e-9003-55ee1e1b35f9-image.png

    not sure this helps you or not but play with above command šŸ˜„

  • @phenomlab Hello, i have installed my redis on docker with this comand,
    docker run --name redis -p 6379:6379 -d -t redis:alpine
    And i don’t know how to access the redis.conf on docker image to make this step cited in email.
    Do you know how to do?
    I’m trying to search on documentation but i still can’t find it.

    @WesleyMoura any update ?

  • 6a81d494-bcc6-404d-8f2a-bef1e530314d-image.png

    Hello Wesley, i am doing great thanks for asking.

    actually, i am using digital ocean droplet with Plesk + Redis with docker

    i followed this guide and it solved the issue https://talk.plesk.com/threads/plesk-docker-redis-plesk-firewall-open-port-issue.352324/

    we need to install Redis docker using Plesk store BUT should run it using a specific command that limits its access to the local host only. (in your case you will install redis using command)

    Start the docker with,

    docker run --name=redis -p 127.0.0.1:6379:6379 redis
    

    d488b58b-e427-4c4e-9003-55ee1e1b35f9-image.png

    not sure this helps you or not but play with above command šŸ˜„

    @Hari said in How to restrict external access to Redis instance installed in a docker image:

    Hello Hari, sorry my delay in responding, but i already solved this problem, using exactly this command that you mentioned, docker run --name=redis -p 127.0.0.1:6379:6379 -d -t redis:alpine, in my case. But as i already had one image of redis, i had to remove the current redis from my docker and reinstall using this comand. Now when i test the port on https://www.yougetsignal.com/tools/open-ports/ with my ip and port of redis, the status of port is closed now. And now i just have to configure my firewall wich i will soon.
    So thanks to answer me and sorry again to delay in responding.

  • @phenomlab
    Sorry to delay in responding, yes as i mentioned above, i had to remove my redis from docker and reinstall a new image with this command

    docker run --name=redis -p 127.0.0.1:6379:6379 -d -t redis:alpine
    

    and now when i test my ip and port on
    https://www.yougetsignal.com/tools/open-ports/

    the status of my redis port is closed. I think which to configure firewall in droplet digital ocean is a good idea too, and i will configure soon.
    Thanks for the help!

  • phenomlabundefined phenomlab has marked this topic as solved on

Did this solution help you?
Did you find the suggested solution useful? Why not buy me a coffee? It's a nice gesture, and a great way to show your appreciation šŸ’—

Related Topics
  • Mongodb or Redis

    General database mongodb redis
    29
    11 Votes
    29 Posts
    1k Views
    @Madchatthew still a great catch.
  • mongodb replica set

    Configure mongodb docker ansible
    11
    2 Votes
    11 Posts
    698 Views
    @veronikya said in mongodb replica set: The host’s local dns resolution is not configured. The problem of the host’s hosts being unable to be resolved in docker has been solved. Surprisingly Solution: Edit the /etc/resovel.conf file Add 127.0.0.53 One immediate issue I can think of here is that editing resolv.conf directly is no longer supported and not recommended (because the changes do not survive a reboot) - unless you install the resolvconf package?
  • 12 Votes
    8 Posts
    730 Views
    @crazycells good question. Gmail being provided by Google is going to be one of the more secure by default out of the box, although you have to bear in mind that you can have the best security in the world, but that is easily diluted by user decision. Obviously, it makes sense to secure all cloud based services with at least 2fa protection, or better still, biometric if available, but email still remains vastly unprotected (unless enforced in the sense of 2fa, which I know Sendgrid do) because of user choice (in the sense that users will always go for the path of least resistance when it comes to security to make their lives easier). The ultimate side effect of taking this route is being vulnerable to credentials theft via phishing attacks and social engineering. The same principle would easily apply to Proton Mail, who also (from memory) do not enforce 2fa. Based on this fact, neither product is more secure than the other without one form of additional authentication at least being imposed. In terms of direct attack on the servers holding mail accounts themselves, this is a far less common type of attack these days as tricking the user is so much simpler than brute forcing a server where you are very likely to be detected by perimeter security (IDS / IPS etc).
  • 4 Votes
    4 Posts
    420 Views
    @phenomlab said in TikTok fined Ā£12.7m for misusing children’s data: Just another reason not to use TikTok. Zero privacy, Zero respect for privacy, and Zero controls in place. https://news.sky.com/story/tiktok-fined-12-7m-for-data-protection-breaches-12849702 The quote from this article says it all TikTok should have known better. TikTok should have done better They should have, but didn’t. Clearly the same distinct lack of core values as Facebook. Profit first, privacy… well, maybe. Wow, that’s crazy! so glad I stayed away from it, rotten to the core.
  • 24 Votes
    29 Posts
    5k Views
    @DownPW it is the second post of this thread.
  • installing flarum with plesk

    Solved Configure flarum
    78
    26 Votes
    78 Posts
    8k Views
    @phenomlab thanks a lot, have a nice day
  • 1 Votes
    1 Posts
    314 Views
    No one has replied
  • 0 Votes
    1 Posts
    931 Views
    No one has replied