Building today Redis Service Cluster , Find yourself right all the time Redis in bind A misunderstanding of the understanding of .

Before today , I always thought Redis In the configuration file bind The role of : To limit Redis Which servers are used to receive from (IP address ) Of Redis Connection request . Namely :
Only in bind designated IP The address of the computer can access this Redis The server .( It's not until today that I know that the above understanding is wrong )

for example :

bind 127.0.0.1      It is used to limit the connection of only the local computer redis Service connection

bind 0.0.0.0          Is used to allow any computer to connect redis Service connection .

be careful : The above understanding is wrong . They are the exception , There's an illusion about us .

If you don't believe it, you can try it :( It's better to have a try )

            bind 10.0.0.1( Or in addition to 127.0.0.1 and 0.0.0.0 Any other than IP address )

            Then restart redis, You'll find it doesn't start .

Why doesn't it start , You know bind After the real meaning of , You'll understand why it doesn't start .

 

  about Redis in bind The correct understanding of :

bind: Is native bound IP address ,( Exactly : Corresponding to the local network card IP address , Each network card has one IP address ), instead of redis Allow from other computers IP address .

If specified bind, Only those from the specified network card are allowed Redis request . If not specified , It means that you can accept the Redis request .

 

for instance : If redis The server ( This machine ) There are two network cards on , Each network card corresponds to one IP address , for example IP1 and IP2.( Pay attention to this IP1 and IP2 It's all native IP address ).

Our profile :bind IP1. 
Only we can pass IP1 To visit redis The server , Is allowed to connect Redis The server , If we pass IP2 To visit Redis The server , It won't connect Redis.

 

View the corresponding IP address : use ifconfig command .

From the above, we have two network cards , That is, we can only use it :127.0.0.1 and 172.18.235.206 the most bind Address of , Otherwise redis It doesn't start .

This illustrates the above example (bind 10.0.0.1) Why can't it start , Because we don't have the corresponding network card IP address
. That explains bind It's not a designation redis Which servers can accept requests from IP address .

It is :bind For the local network card IP address .

note appended :

bind 127.0.0.1 An explanation of :( Why is it that only the local computer can connect , The others cannot be connected )

We start from ifconfig It can be seen that :lo network card ( corresponding 127.0.0.1IP address ): It's a loopback address (Local
Loopback), In other words, only local users can access this loopback address , Other computers can only access their own loopback address .

So from this lo The computer of network card only has local computer , So only the local machine can access it , Other computers cannot access it .

 

bind
172.18.235.206 The words of , Just through this network card address (172.18.235.206) Here we are Redis request , Can be accessed redis. Alicloud server I use . I asked on another server  
            redis-cli Alibaba cloud public network IP address         Will connect to redis The server .

Because of the public address request : It's all through this eth0 Network card address of (172.18.235.206), To receive this redis request .

 

When you don't use that loopback address , Basically, all external computers can access the Redis The server .

 

If we want to restrict only specified hosts to redis in , We can only control it through the firewall , And can't pass redis Medium bind Parameters .

Use alicloud's security group , To restrict the specified host connections 6379 port .

 

redis Medium 【protected-mode】 Understanding of :

redis It can't be limited by itself 【 Only specified hosts 】 connection to redis in , Like I said above ,bind The specification is only used to set the interface address (interfaces).

         1. If your bind Set to :bind 127.0.0.1, It's very safe , Because only this host can connect to redis, Even if you don't have a password , It's also safe ,
Unless someone logs in to your server .

        2. If your bind Set to :bind 0.0.0.0, Indicates that all hosts can connect to redis.( premise : Your server must be open redis Port of
). The password is set , There will be more protection , Only those who know the password can access it . That is, any host that knows the password can access your redis.

protected-mode
yes redis A security layer of itself , The role of this security layer : It's just 【 This machine 】 Can be accessed redis, Nothing else is accessible redis. Three conditions must be met to open the security layer , Otherwise, the security layer is closed :

(1)protected-mode yes( On )

(2) No, bind instructions . original text :The server is not binding explicitly to a set of addresses
using the "bind" directive.

(3) No password set . original text :No password is configured.

At this time redis The protection mechanism will open . After opening , Only local access redis. If any of the above three conditions are not satisfied , It won't open the protection mechanism .

Technology
©2019-2020 Toolsou All rights reserved,
Non preemptive static priority scheduling algorithm for operating system (C language )Go Language learning notes (GUI programming )XCTF Attack and defense world web Advanced practice _ 2_lottery What's the difference between computer major and training background ?python realization vlookup_ Dry goods I : Why python It's inside vlookup Bubble sort primary springboot2 Separation of front and rear platforms ,token Put in header Pit for verification Python Case conversion of letters ( Two methods )javascript event ( Detailed explanation of zero basis )Unity2019 UIElement note ( ten ) Simple exercise 2