Menu
I started using Redis 6.0 in docker container recently and faced with the following issue, suddenly: I see in logs that Redis container started to try writing to /var/spool/cron directory.
It is the second time I face the problem, first time It happened tonight (in several hours after launch). If I restart container, everything is fine again.
I have found link which stated that it happens so, because Redis container was hacked: The link
Is it true and how can I solve the issue?
My Dockerfile:
FROM redis:6.0-alpine
WORKDIR /usr/src/app
RUN apk add --no-cache tzdata
ENV TZ=Europe/Moscow
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
COPY redis.conf /usr/local/etc/redis/redis.conf
CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]
RUN chmod 0755 /usr/src/app/
RUN chmod 0755 /etc/crontabs/
RUN chmod 0755 /data/
Redis Config key points:
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
protected-mode no # I thought that if I have user protected-mode works by default
port 6379
dbfilename dump.rdb
dir ./
user someusername allcommands allkeys on >somelongpassword
I run docker conatainer the following way:
docker run -p 6379:6379 -v myvol:/usr/src/app --name redis -d --network mynet redis
I attached print screen of my terminal window.
973
Never expose unprotected Redis to the Internet!
In your case, although you set ACL for someusername, you didn't disable the default user. And with protected-mode set to no, you expose your Redis instance to everyone.
You need to set protected-mode to yes. Also you can disable the default user with the following config:
user default off
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
