Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
linux_wiki:redis [2018/09/17 22:06] billdozor created |
linux_wiki:redis [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 60: | Line 60: | ||
bind 192.168.1.100 | bind 192.168.1.100 | ||
</ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Security ===== | ||
+ | |||
+ | Redis was designed to be deployed on trusted networks. It is recommended to NOT expose Redis to the internet. | ||
+ | |||
+ | That being said, there are some protection measures that can be taken. | ||
+ | |||
+ | \\ | ||
+ | **Firewall** | ||
+ | * Use firewalld to only allow certain networks access to the Redis port< | ||
+ | firewall-cmd --zone=internal --add-source=192.168.1.0/ | ||
+ | |||
+ | # To the Redis port | ||
+ | firewall-cmd --zone=internal --add-port=6379/ | ||
+ | |||
+ | # Reload rules | ||
+ | firewall-cmd --reload</ | ||
+ | |||
+ | \\ | ||
+ | **Authentication (password) for clients** | ||
+ | * Clients must authenticate before sending commands< | ||
+ | * Recommended to use the hash of something to set a complicated password that can't be memorized if seen. Example< | ||
+ | c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2</ | ||
+ | |||
+ | \\ | ||
+ | **Disable Certain Commands** | ||
+ | * Certain commands can be disabled for clients by renaming them | ||
+ | * Renamed command for hard to guess CONFIG< | ||
+ | * Disabling the CONFIG command completely< | ||
+ | |||
+ | \\ | ||
+ | **Encryption Tunneling** | ||
+ | * Redis traffic can be piped through an encrypted tunnel using spiped | ||
+ | * FIXME - to do | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== General ===== | ||
+ | |||
+ | **Daemonize** | ||
+ | * Enable redis to run as a daemon< | ||
+ | |||
+ | **Supervisor Interaction** | ||
+ | * Enable redis to send signals to systemd< | ||
+ | |||
+ | **Append Log** | ||
+ | * Enable append only file< | ||
+ | |||
+ | **File Sync** | ||
+ | * Configure how often memory flushes to disk< | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Client: Install ====== | ||
+ | |||
+ | Install the Python Redis client< | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Client: Configure ====== | ||
+ | |||
+ | Import the Redis module and connect to the Redis server< | ||
+ | |||
+ | redis_db.keys() | ||
+ | |||
+ | redis_db = redis.StrictRedis(host=" | ||
+ | |||
+ | \\ | ||
+ | **Example Client Use** | ||
+ | * String | ||
+ | * List | ||
+ | * Hash | ||
---- | ---- | ||