Change Redis bind address
Foreword
This article explains how you can change the bind address of your Redis server. With this option, you can control from which IP addresses access to your Redis server should be possible.
Prerequisites
-
Redis Server
\
An active SSH session with the user root
is required for this article section.
Execution
Connect to your Redis server via SSH. The corresponding access data and all other connection information can be found in the respective password vault of your server in the customer center.
Once you have connected, use the following command to navigate to the directory of your Redis server:
cd /etc/redis/
Then edit the configuration file as follows:
nano redis.conf
Look for the corresponding line there to adjust the bind address:
bind 127.0.0.1 -::1
In the standard configuration, the Redis server only allows local connections via IPv4 and IPv6.
Change the default bind address according to your requirements, in the following example we use an IPv4 address from a VPC network so that the Redis server no longer responds to requests via IPv6!
We recommend that you use a VPC network for the Redis server, as this prevents arbitrary connections from the Internet! You can find out what VPC networks are and how you can use them in the following help center article: https://help.creoline.com/en/doc/vpc-netzwerke-C4kOcTCdIm
# Customization (VPC network)
bind 127.0.0.1 10.20.0.2
Save the modified configuration file and restart the Redis server:
systemctl restart redis-server.service
Then check whether your changes have had the desired effect:
netstat -tulpn
Output:
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 106 31634 4628/redis-server 1
tcp 0 0 10.20.0.2:6379 0.0.0.0:* LISTEN 209027/redis-server
The bind address was successfully adapted to the address 10.20.0.2 and the Redis server now only responds to requests from the corresponding network (10.20.0.0/24).