安装好redis后,启动redis,很多时候会发现远程客户端连接不上redis服务,这是什么原因呢?
我们需要对安装好后的redis的配置文件redis.conf做一些修改。
1、关闭保护模式
protected-mode yes
修改为
protected-mode no
当没有为redis显示指定bind且没有设置密码时,此时redis就认为是不安全的,当开启保护模式后,保护模式的作用是只允许本地回环地址127.0.0.1和::1(ipv6回环地址的表示形式)访问。
如果此时远程客户端连接redis的话,虽然能连接,但执行命令时会出现如下报错:
(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
2、注释掉bind
bind后面可以跟多个ip地址,这些ip地址是客户端的ip,只有在bind后面配置了客户端ip,该客户端才能远程连接上redis服务。如果bind后面没有本地回环地址,那么即使是本地客户端也连不上redis服务。
由于redis默认是没有密码的,如果将redis部署在互联网上并且所有客户端ip都可以访问的话那肯定是很危险的,因此redis默认只bind了127.0.0.1,也就是说只有本地客户端才能连接redis。
如果我们能确保redis的安全的话,那么可以将bind注释掉,任意客户端都能连接上了。
3、启动redis时显式指定redis.conf
执行src/redis-server 命令启动redis时,由于没有显式指定配置文件,其实redis默认读取的是内部的配置文件,而不是安装目录下的redis.conf。
因此可以执行src/redis-server redis.conf 命令显式指定配置文件来启动redis,这样就算出现问题也容易定位。