DigitalOcean

Question

I received an warning email from DO stating my redis instance isnt secure and is accessible by any outsider

The advice I got from DO is the following:

" Remediation of this issue will take just a few minutes and is relatively straightforward. You will need to open /etc/redis/redis.conf and uncomment (remove the “#”) or modify the line beginning with:

    #bind 127.0.0.1 ::1

Afterwards, restart redis with:

    sudo systemctl restart redis

"

However, I did not install redis directly on the droplet itself. My droplet has docker installed and I use portainer to menage all my containers, so my redis, postgres, backend, pgadmin, redisinsight are all docker containers in the same network. So I am not sure how to secure my redis instance given that these instruction are for people who install redis directly in the droplet and not by containers.

Summary: How to protect my redis instance container from the outside world and only be accessible by localhost?

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
October 17, 2023

Hi there,

The most straightforward way of securing your instance without making any configuration changes would be to use a firewall. You could use a Cloud Firewall at no additional cost and just close down the Redis port:

https://docs.digitalocean.com/products/networking/firewalls/

If you don’t want to use a firewall there are a couple of other things that you could do but those would require some changes to the existing running container.

Given that you’re running Redis inside a Docker container, the security configuration differs slightly from a Redis instance installed directly on the host.

If your Redis container and other application containers (e.g., backend, pgadmin) are on the same Docker network, they can communicate with each other without exposing Redis to the outside world. So before making any of the following changes, make sure that your containers are in the same network.

Once that is done, here’s how you can secure your Redis container:

  1. Bind Redis to Localhost Inside the Container:

    Redis’ default configuration binds to all available network interfaces (0.0.0.0). You should change this so that Redis only binds to localhost (127.0.0.1) inside the container. This ensures that Redis can only be accessed from within the container itself.

    Modify your Docker run command or Docker Compose file to include the Redis configuration binding:

    • Using docker run:

      docker run ... redis redis-server --bind 127.0.0.1

    • Using docker-compose.yml:

      services:
  redis:
    image: redis
    command: redis-server --requirepass yourpassword
    ...

  2. Remove Ports Exposed to Host:

    If you’ve exposed Redis ports to the host (i.e., you’ve mapped them using -p with docker run or the ports directive in docker-compose.yml), you should remove this to prevent external access.

    If using docker-compose.yml, change:

    ports: - "6379:6379"

    to:

    expose: - "6379"

    The expose directive ensures that the port is available only to other containers in the same Docker network and not to the host or the outside world.

Hope that this helps!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Learn more

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Learn more

Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel
© 2024 DigitalOcean, LLC.Sitemap.