Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set password for Redis?

Tags:

php

redis

I'm working with redis on my local machine so I dont really need to set up a password to connect to the server with my php client (I'm using predis as a client). However, I'm moving my app to a live server, so I want to set up a password to connect to my redis server.

I have few questions:

  • I checked all over the internet about how to set up the password and it looks like I need to add the password in the redis.conf. I couldnt find though what I should add exactly to the configuration file to set up the password.

  • also in predis how should I add the password. I'm using the following array of parameters to connect to the redis server

    $my_server = array('host' => '127.0.0.1','port' => 6379,'database' => 1);

should I add the password this way?

> $my_server = array('host'     => '127.0.0.1','port'     => > 6379,'database' => 1,'password'=>password); 
  • last question, I'm trying to stop my redis-server on the live server. Every time I enter the following command , I keep getting the same error message

    redis-server stop

    [23925] 23 Sep 20:23:03 # Fatal error, can't open config file 'stop'

    usually on my local machine I enter

    /etc/init.d/redis-server stop

to stop redis server but its not working on my live server since there is no process called redis-server in my /etc/init.d

like image 537
Don Gorgon Avatar asked Sep 24 '11 08:09

Don Gorgon


People also ask

Which one is correct command to set password in Redis?

If you are looking for a simple but temporary solution to set a password for your Redis server, you can use the config set command.

Does Redis have password?

Redis AUTH command is used to authenticate a password-protected server with a given password. If provided password matches the password in the configuration file, the server replies with the OK status code and starts accepting commands. Otherwise, an error is returned and the clients need to try a new password.

What is password-based authentication in Redis?

Password-based authentication is a basic but essential Redis security feature. When you create a Redis Cloud database, your database is given a randomly generated password. You can see this password on the View Database screen. Click the icon to see your password and copy it.

How to change the password for Redis-CLI?

find requirepass foobared word and remove # and change foobared to YOUR PASSWORD For that, you need to update the redis configuration file.By default, there is no any password for redis. find requirepass field under SECURITY section and uncomment that field.Then set your password instead of "foobared" Then restart redis and start redis-cli.

How do I Secure my Redis?

On versions prior to REDIS 6 , the only way to secure your REDIS is to open your redis.conf , uncomment the # requirepass line, and add in your password. However , the downside of this is that this is a global password shared by ALL connections.

Is it possible to Ping to Redis instance without password?

But I can still ping to Redis instance from CLI without proving any password. Later I checked my redis.conf for requirepass attribute, there I found it in default state, which means config set requirepass command failed to set the value of requirepass in my config that's the reason it was not working. Any guess/reason why it is not working?


2 Answers

To set the password, edit your redis.conf file, find this line

# requirepass foobared 

Then uncomment it and change foobared to your password. Make sure you choose something pretty long, 32 characters or so would probably be good, it's easy for an outside user to guess upwards of 150k passwords a second, as the notes in the config file mention.

To authenticate with your new password using predis, the syntax you have shown is correct. Just add password as one of the connection parameters.

To shut down redis... check in your config file for the pidfile setting, it will probably be

pidfile /var/run/redis.pid 

From the command line, run:

cat /var/run/redis.pid 

That will give you the process id of the running server, then just kill the process using that pid:

kill 3832 

Update

I also wanted to add, you could also make the /etc/init.d/redis-server stop you're used to work on your live server. All those files in /etc/init.d/ are just shell scripts, take the redis-server script off your local server, and copy it to the live server in the same location, and then just look what it does with vi or whatever you like to use, you may need to modify some paths and such, but it should be pretty simple.

like image 103
profitphp Avatar answered Oct 03 '22 04:10

profitphp


you can also use following command on client

cmd :: config set requirepass p@ss$12E45

above command will set p@ss$12E45 as a redis server password.

like image 25
Suhas Gaikwad Avatar answered Oct 03 '22 03:10

Suhas Gaikwad