Redis - Connect to Remote Server

ubuntu configuration redis

I've just install Redis succesfully using the instructions on the Quick Start guide on http://redis.io/topics/quickstart on my Ubuntu 10.10 server. I'm running the service as dameon (so it can be run by init.d)

The server is part of Rackspace Cluster with Internal and External IPs. The host is running on port 6379 (standard for Redis)

I've added a row in the iptables to allow incoming connections from port 6379 as shown below:

 ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:6379

In my PHP code on another server, I'm trying to connect to the new Redis server here:

$this->load->helper("iredis");

$hostname = "IP ADDRESS HERE";

$redis = new iRedis(array('hostname' => $hostname, 'port' => 6379));

Once I do this - I always get a connection refused. In my redis.conf file, I have the local bind command commented out, so it should be listening on more than the localhost IP. I can connect to the database on the local machine just not on another server. I've tried the external and internal IPs with no luck.

Any suggestions on getting this to work?

Are you able to connect using the Redis command line tool? redis-cli -h hostname

Server Fault has a canonical question about Connection Refused.

Orabîg

I've been stuck with the same issue, and the preceding answer did not help me (albeit well written).

The solution is here : check your /etc/redis/redis.conf, and make sure to change the default

bind 127.0.0.1

bind 0.0.0.0

Then restart your service (service redis-server restart)

You can then now check that redis is listening on non-local interface with

redis-cli -h 192.168.x.x ping

(replace 192.168.x.x with your IP adress)

Important note : as several users stated, it is not safe to set this on a server which is exposed to the Internet. You should be certain that you redis is protected with any means that fits your needs.

Same here, you should allow remote connections from the Redis server in the first place before thinking about the firewall settings or network issues. Thanks Orabig

This is the obvious correct answer. The one above has a lot of technical sysadmin "dark-arts" mumbo jumbo... but it's not helpful at all :)

This problem is not the same as the OP. The OP specifically stated they had already made the changes to the config file necessary. Since the OP made changes to the config file and you did. Not, they are two separate issues. The answer given addressed the problem provided. It was not to address all problems. Just the one asked. It isn't about admitting anything is wrong, it is about realizing your problem is different. It's like someone saying their car won't start but they have gas in it, and you telling them they need gas.

Would you also know how to specify IPv4 and IPv6 dual-stack? I tried the following: bind 0, ::, bind 0, [::], bind 0\nbind6 :: (where \n is a newline) and bind 0 [::] but the only thing that works is not having a bind line in the config at all. It defaults to listening on 0 (or 0.0.0.0/0) and [::] so there is no problem, but I would like to know the proper method should I once need it. It doesn't seem to be documented anywhere.

What this answer does is it makes your Redis server accessible to the world. That's a big security risk. If you do this, make sure you lock down your Redis server in other ways, such as adding an AUTH password in Redis and configuring your firewall (e.g. iptables) to block unauthorized clients.

The Real Bill

First I'd check to verify it is listening on the IPs you expect it to be:

netstat -nlpt | grep 6379

Depending on how you start/stop you may not have actually restarted the instance when you thought you had. The netstat will tell you if it is listening where you think it is. If not, restart it and be sure it restarts. If it restarts and still is not listening where you expect, check your config file just to be sure.

After establishing it is listening where you expect it to, from a remote node which should have access try:

redis-cli -h REMOTE.HOST ping

You could also try that from the local host but use the IP you expect it to be listening on instead of a hostname or localhost. You should see it PONG in response in both cases.

If not, your firewall(s) is/are blocking you. This would be either the local IPTables or possibly a firewall in between the nodes. You could add a logging statement to your IPtables configuration to log connections over 6379 to see what is happening. Also, trying he redis ping from local and non-local to the same IP should be illustrative. If it responds locally but not remotely, I'd lean toward an intervening firewall depending on the complexity of your on-node IP Tables rules.

SO, to be clear, you are downvoting an answer to the problem posted because you have a related (but clearly not identical) problem it doesn't address? Whilst I agree with posting your solution, downvoting a correct answer because your problem was different doesn't seem the proper thing to do. That said, your solution is not a good choice for the question because the OP has multiple IPs and may not want to listen on all of them, and the OP specifically referenced the bind section in the config file in the question. Thus your solution does not address the question asked.

Well, I read the question again, and it didn't seem so obvious for me that OP did set the correct conf for this 'bind' line. Also, I'm not sure that any firewall is involved in his case. Anyway, I can remove my -1 if you think it's rude. I just found that your answer was totally off-topic, and that it would not very helpful for the majority of users coming here with a very common issue... (the bind default parameter)

The OP did say he commented out the local bind rule, which tells redis to bind to all the addresses on the system. I wouldn't call the -1 rude, just inappropriate. The OP specifically stated he had IPtables rules in place, thus it is clear there are firewall rules in place in the question asked. Given the stated presence of a firewall and the removal of the local bind in the config, your answer is not correct or relevant for the question asked.

Yep, you're right, sorry. I'm not a native english, and mis-interpreted the "comment out" verb... I thought that OP had "removed" the comment. (unfortunatly, I cannot remove my -1, until you edit your post)

No worries, it happens. I've added some clarification regarding validating it is running where you want it to. Hope that helps clarify it for future readers.

zen

In addition to the excellent answer given by Orabîg:

I resolved this issue by removing the bind section entirely and setting protected-mode to no.

#bind 127.0.0.1
protected-mode no

Never use this method on publicly exposed servers.

To anyone who using not secured method: Please Protect your Redis Server!! or you will lose all your files :( My server have been compromised because I'm not securing Redis Server. The attacker want me to pay some amount of money ( big enough for me ). The attacker something like this: duo.com/blog/…

2 revs

I was struggling with the remote connection to Redis for some days. Finally I made it. Here is the full check list I put together to follow to get connected. Some of solutions are given in the answers above. Yet I wanted my answer to be a nano-wiki on the subject:) I added some useful links too.

If redis works locally:

$ redis-cli
127.0.0.1:6379>ping
PONG
127.0.0.1:6379>

If the password is not set

See /etc/redis/redis.conf config (this is default locaion for Ubuntu 18.04, you may have it in the different location):

# The following line should be commented
# requirepass <some pass if any>

If the protected mode is set to 'no' in the config:

# The following line should be uncommented
protected-mode no

if the IP binding is open for an access from internet in the config:

# The following line should be commented
# bind 127.0.0.1 ::1

If the Linux firewall allows connections

(here for Ubuntu 18.04) Check it allows for incoming internet traffic to go to port 6379 (the Redis default port)

# To check if it the port is open
$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
...
6379/tcp                   ALLOW       Anywhere
6379/tcp (v6)              ALLOW       Anywhere (v6)
...

# To open the port
$ sudo ufw allow 6379/tcp

Restart Redis service

Do not forget to restart the Redis service for changes to take effect and see it is running:

$ sudo systemctl restart redis.service
$ sudo systemctl status redis

Check if it works as a remote server

from your command line use redis-cli as if Redis server were on the remote server:

$ redis-cli -h <your-server-ip>
<your-server-ip>:6379> ping
PONG
<your-server-ip>:6379> exit
$

If you can ping-PONG your Redis server via your internet server connected as a remote server than the remote Redis connection works.

Security Warning

All the above makes your Redis data to be completely open to anybody from the internet.

To basically secure Redis use requirepass and protected-mode yes settings in Redis config (see above) and block the dangerous Redis commands (see the link above), for a deeper understanding see this article and Redis site security section ).

Useful links

Some links to help How to install and secure Redis on Ubuntu 18.04 and how to setup Ubuntu 18.04 firewall.

Hope it helps.

Michael Qin

Orabig is correct.

You can bind 10.0.2.15 in Ubuntu (VirtualBox) then do a port forwarding from host to guest Ubuntu.

in /etc/redis/redis.conf

bind 10.0.2.15

then, restart redis:

sudo systemctl restart redis

It shall work!

Robot70

if you downloaded redis yourself (not apt-get install redis-server) and then edited the redis.conf with the above suggestions, make sure your start redis with the config like so: ./src/redis-server redis.conf also side note i am including a screenshot of virtual box setting to connect to redis, if you are on windows and connecting to a virtualbox vm.

also side note i am including a screenshot of virtual box setting to connect to redis, if you are on windows and connecting to a virtualbox vm.

https://i.stack.imgur.com/tqe12.jpg

Saurabh

Setting tcp-keepalive to 60 (it was set to 0) in server's redis configuration helped me resolve this issue.

Redis - Connect to Remote Server

Follow WeChat

Want to stay one step ahead of the latest teleworks?

相似问题

Platform

Support

Contact US