Building today Redis Service Cluster , Find yourself right all the time Redis in bind A misunderstanding of the understanding of .
Before today , I always thought Redis In the configuration file bind The role of ： To limit Redis Which servers are used to receive from （IP address ） Of Redis Connection request . Namely ：
Only in bind designated IP The address of the computer can access this Redis The server .（ It's not until today that I know that the above understanding is wrong ）
for example ：
bind 127.0.0.1 It is used to limit the connection of only the local computer redis Service connection
bind 0.0.0.0 Is used to allow any computer to connect redis Service connection .
be careful ： The above understanding is wrong . They are the exception , There's an illusion about us .
If you don't believe it, you can try it ：（ It's better to have a try ）
bind 10.0.0.1（ Or in addition to 127.0.0.1 and 0.0.0.0 Any other than IP address ）
Then restart redis, You'll find it doesn't start .
Why doesn't it start , You know bind After the real meaning of , You'll understand why it doesn't start .
about Redis in bind The correct understanding of ：
bind： Is native bound IP address ,（ Exactly ： Corresponding to the local network card IP address , Each network card has one IP address ）, instead of redis Allow from other computers IP address .
If specified bind, Only those from the specified network card are allowed Redis request . If not specified , It means that you can accept the Redis request .
for instance ： If redis The server （ This machine ） There are two network cards on , Each network card corresponds to one IP address , for example IP1 and IP2.（ Pay attention to this IP1 and IP2 It's all native IP address ）.
Our profile ：bind IP1.
Only we can pass IP1 To visit redis The server , Is allowed to connect Redis The server , If we pass IP2 To visit Redis The server , It won't connect Redis.
View the corresponding IP address ： use ifconfig command .
From the above, we have two network cards , That is, we can only use it ：127.0.0.1 and 172.18.235.206 the most bind Address of , Otherwise redis It doesn't start .
This illustrates the above example （bind 10.0.0.1） Why can't it start , Because we don't have the corresponding network card IP address
. That explains bind It's not a designation redis Which servers can accept requests from IP address .
It is ：bind For the local network card IP address .
note appended ：
bind 127.0.0.1 An explanation of ：（ Why is it that only the local computer can connect , The others cannot be connected ）
We start from ifconfig It can be seen that ：lo network card （ corresponding 127.0.0.1IP address ）： It's a loopback address （Local
Loopback）, In other words, only local users can access this loopback address , Other computers can only access their own loopback address .
So from this lo The computer of network card only has local computer , So only the local machine can access it , Other computers cannot access it .
172.18.235.206 The words of , Just through this network card address （172.18.235.206） Here we are Redis request , Can be accessed redis. Alicloud server I use . I asked on another server
redis-cli Alibaba cloud public network IP address Will connect to redis The server .
Because of the public address request ： It's all through this eth0 Network card address of （172.18.235.206）, To receive this redis request .
When you don't use that loopback address , Basically, all external computers can access the Redis The server .
If we want to restrict only specified hosts to redis in , We can only control it through the firewall , And can't pass redis Medium bind Parameters .
Use alicloud's security group , To restrict the specified host connections 6379 port .
redis Medium 【protected-mode】 Understanding of ：
redis It can't be limited by itself 【 Only specified hosts 】 connection to redis in , Like I said above ,bind The specification is only used to set the interface address （interfaces）.
1. If your bind Set to ：bind 127.0.0.1, It's very safe , Because only this host can connect to redis, Even if you don't have a password , It's also safe ,
Unless someone logs in to your server .
2. If your bind Set to ：bind 0.0.0.0, Indicates that all hosts can connect to redis.（ premise ： Your server must be open redis Port of
）. The password is set , There will be more protection , Only those who know the password can access it . That is, any host that knows the password can access your redis.
yes redis A security layer of itself , The role of this security layer ： It's just 【 This machine 】 Can be accessed redis, Nothing else is accessible redis. Three conditions must be met to open the security layer , Otherwise, the security layer is closed ：
（1）protected-mode yes（ On ）
（2） No, bind instructions . original text ：The server is not binding explicitly to a set of addresses
using the "bind" directive.
（3） No password set . original text ：No password is configured.
At this time redis The protection mechanism will open . After opening , Only local access redis. If any of the above three conditions are not satisfied , It won't open the protection mechanism .