How to restrict external access to Redis instance installed in a docker image
-
Hello, Iām receiving an email, about my server that has a docker image of redis installed and uses port 6379, saying that it is open to external connections.
Redis listens for traffic from everywhere on port 6379, and you can validate this report by attempting to connect to your Redis on 6379 via a simple telnet command:
telnet 111.111.111.111 6379This is a part of the email, (I masked the IP to put the message here on the forum) I also did the test to see if the port is really open to external connections on the website, https://www.yougetsignal.com /tools/open-ports/ , and it actually shows that my serverās ip port 6379 is open. And the email says to do the following
Remediation of this issue will take just a few minutes and is relatively straightforward. You will need to open /etc/redis/redis.conf and uncomment (remove the ā#ā) or modify the line beginning with:
#bind 127.0.0.1 ::1Afterwards, restart redis with:
sudo systemctl restart redisI would like to know if someone can help me, since I canāt access the redis.config file inside the server, because redis is in a docker image, or at least I donāt know how to access it. Is there any way to block external access to my redis installed by a docker image?
-
@WesleyMoura any update ?
@phenomlab
Sorry to delay in responding, yes as i mentioned above, i had to remove my redis from docker and reinstall a new image with this commanddocker run --name=redis -p 127.0.0.1:6379:6379 -d -t redis:alpineand now when i test my ip and port on
https://www.yougetsignal.com/tools/open-ports/the status of my redis port is closed. I think which to configure firewall in droplet digital ocean is a good idea too, and i will configure soon.
Thanks for the help! -
Hello, Iām receiving an email, about my server that has a docker image of redis installed and uses port 6379, saying that it is open to external connections.
Redis listens for traffic from everywhere on port 6379, and you can validate this report by attempting to connect to your Redis on 6379 via a simple telnet command:
telnet 111.111.111.111 6379This is a part of the email, (I masked the IP to put the message here on the forum) I also did the test to see if the port is really open to external connections on the website, https://www.yougetsignal.com /tools/open-ports/ , and it actually shows that my serverās ip port 6379 is open. And the email says to do the following
Remediation of this issue will take just a few minutes and is relatively straightforward. You will need to open /etc/redis/redis.conf and uncomment (remove the ā#ā) or modify the line beginning with:
#bind 127.0.0.1 ::1Afterwards, restart redis with:
sudo systemctl restart redisI would like to know if someone can help me, since I canāt access the redis.config file inside the server, because redis is in a docker image, or at least I donāt know how to access it. Is there any way to block external access to my redis installed by a docker image?
@WesleyMoura Hi, and welcome to Sudonix. Even with Redis installed in a docker image, you will still have a config file, and should still be able to reach it.
Can you provide more detail about the docket image ? You are right - by default, Redis will listen on all addresses, and will be exposed to the internet. Another way around this is to block access at firewall level and only permit the hosts you actually want.
Fractional CISO & CTO | Managing Director at Phenomlab Ltd
-
@WesleyMoura Hi, and welcome to Sudonix. Even with Redis installed in a docker image, you will still have a config file, and should still be able to reach it.
Can you provide more detail about the docket image ? You are right - by default, Redis will listen on all addresses, and will be exposed to the internet. Another way around this is to block access at firewall level and only permit the hosts you actually want.
@phenomlab Hello, i have installed my redis on docker with this comand,
docker run --name redis -p 6379:6379 -d -t redis:alpine
And i donāt know how to access the redis.conf on docker image to make this step cited in email.
Do you know how to do?
Iām trying to search on documentation but i still canāt find it. -
@phenomlab Hello, i have installed my redis on docker with this comand,
docker run --name redis -p 6379:6379 -d -t redis:alpine
And i donāt know how to access the redis.conf on docker image to make this step cited in email.
Do you know how to do?
Iām trying to search on documentation but i still canāt find it.@WesleyMoura Is it located in
/usr/local/etc/redis/redis.conf?Also, have a look at this
-
Hello Wesley, i am doing great thanks for asking.
actually, i am using digital ocean droplet with Plesk + Redis with docker
i followed this guide and it solved the issue https://talk.plesk.com/threads/plesk-docker-redis-plesk-firewall-open-port-issue.352324/
we need to install Redis docker using Plesk store BUT should run it using a specific command that limits its access to the local host only. (in your case you will install redis using command)
Start the docker with,
docker run --name=redis -p 127.0.0.1:6379:6379 redis
not sure this helps you or not but play with above command
-
@phenomlab Hello, i have installed my redis on docker with this comand,
docker run --name redis -p 6379:6379 -d -t redis:alpine
And i donāt know how to access the redis.conf on docker image to make this step cited in email.
Do you know how to do?
Iām trying to search on documentation but i still canāt find it. -
Hello Wesley, i am doing great thanks for asking.
actually, i am using digital ocean droplet with Plesk + Redis with docker
i followed this guide and it solved the issue https://talk.plesk.com/threads/plesk-docker-redis-plesk-firewall-open-port-issue.352324/
we need to install Redis docker using Plesk store BUT should run it using a specific command that limits its access to the local host only. (in your case you will install redis using command)
Start the docker with,
docker run --name=redis -p 127.0.0.1:6379:6379 redisnot sure this helps you or not but play with above command
@Hari said in How to restrict external access to Redis instance installed in a docker image:
Hello Hari, sorry my delay in responding, but i already solved this problem, using exactly this command that you mentioned, docker run --name=redis -p 127.0.0.1:6379:6379 -d -t redis:alpine, in my case. But as i already had one image of redis, i had to remove the current redis from my docker and reinstall using this comand. Now when i test the port on https://www.yougetsignal.com/tools/open-ports/ with my ip and port of redis, the status of port is closed now. And now i just have to configure my firewall wich i will soon.
So thanks to answer me and sorry again to delay in responding. -
@WesleyMoura any update ?
@phenomlab
Sorry to delay in responding, yes as i mentioned above, i had to remove my redis from docker and reinstall a new image with this commanddocker run --name=redis -p 127.0.0.1:6379:6379 -d -t redis:alpineand now when i test my ip and port on
https://www.yougetsignal.com/tools/open-ports/the status of my redis port is closed. I think which to configure firewall in droplet digital ocean is a good idea too, and i will configure soon.
Thanks for the help! -
undefined phenomlab has marked this topic as solved on
