Redis单个服务器多实例和安全加固
单台机器多实例(生产环境中不建议多实例,有安全风险,为了省钱,服务器内存很大128GiB,每个Redis内存不建议特别大,32GiB即可,方便复制数据)
测试环境中经常使用多实例,需要指定不同实例的相应的端口,配置文件,日志文件等相关配置
范例: 以编译安装为例实现 redis 多实例
[root@ka1 ~]#ll /apps/redis/
总用量 28
drwxr-xr-x 2 redis redis 4096 10月 31 10:08 bin/
drwxr-xr-x 2 redis redis 4096 10月 31 10:08 data/
drwxr-xr-x 2 redis redis 4096 10月 31 10:08 etc/
drwxr-xr-x 2 redis redis 4096 10月 31 10:08 log/
drwxr-xr-x 2 redis redis 4096 10月 31 10:08 run/
其中二进制文件bin不用动,其他的四个都需要根据实例错开创建三实例
准备各实例配置文件
redis6379.conf
[root@ubuntu2004 ~]#cd /apps/redis/etc/
[root@ubuntu2004 etc]#ls
redis.conf
#第一个Redis实例的配置文件
[root@ubuntu2004 etc]#cp redis.conf redis6379.conf
#第二个Redis实例的配置文件
redis6380.conf
[root@ubuntu2004 etc]#sed 's/6379/6380/g' redis6379.conf > redis6380.conf
#第三个Redis实例的配置文件
redis6381.conf
[root@ubuntu2004 etc]#sed 's/6379/6381/g' redis6379.conf > redis6381.conf
更改所有者所属组
[root@ubuntu2004 etc]#chown -R redis.redis .
[root@ubuntu2004 etc]#ll
总用量 440
drwxr-xr-x 2 redis redis 4096 10月 31 10:45 ./
drwxr-xr-x 7 redis redis 4096 10月 31 10:08 ../
-rw-r--r-- 1 redis redis 106610 10月 31 10:41 redis6379.conf
-rw-r--r-- 1 redis redis 106610 10月 31 10:44 redis6380.conf
-rw-r--r-- 1 redis redis 106610 10月 31 10:45 redis6381.conf
-rw-r--r-- 1 redis redis 106610 10月 31 10:08 redis.conf准备各实例的service文件
#第一个Redis实例的service文件
[root@ubuntu2004 etc]#mv /lib/systemd/system/redis.service /lib/systemd/system/redis6379.service
把配置文件的redis.conf改成redis6379.conf
[Service]
ExecStart=/apps/redis/bin/redis-server /apps/redis/etc/redis6379.conf --supervised systemd
#第二个Redis实例的service文件
拷贝redis6379.conf配置文件改名6380并修改配置文件
[root@ubuntu2004 etc]#cp /lib/systemd/system/redis6379.service /lib/systemd/system/redis6380.service
修改service文件
[root@ubuntu2004 etc]#vim /lib/systemd/system/redis6380.service
[Service]
ExecStart=/apps/redis/bin/redis-server /apps/redis/etc/redis6380.conf --supervised systemd
#第三个Redis实例的service文件
拷贝redis6379.conf配置文件改名6381并修改配置文件
[root@ubuntu2004 etc]#cp /lib/systemd/system/redis6379.service /lib/systemd/system/redis6381.service
修改service文件
[root@ubuntu2004 etc]#vim /lib/systemd/system/redis6381.service
[Service]
ExecStart=/apps/redis/bin/redis-server /apps/redis/etc/redis6381.conf --supervised systemd启动三实例
由于原来的redis已启动,需要kill掉
[root@ubuntu2004 etc]#ps aux
[root@ubuntu2004 etc]#kill 21850
[root@ubuntu2004 etc]#systemctl daemon-reload
[root@ubuntu2004 etc]#systemctl enable --now redis6379.service redis6380.service redis6381.service
查看状态
[root@ubuntu2004 etc]#systemctl status redis63*.service远程连接测试是否正常
[root@ubuntu2004 ~]#redis-cli -h 10.0.0.103 -a 123456 -p 6379
[root@ubuntu2004 ~]#redis-cli -h 10.0.0.103 -a 123456 -p 6380
[root@ubuntu2004 ~]#redis-cli -h 10.0.0.103 -a 123456 -p 6381修改各实例conf文件,修改其数据存储文件名
[root@ubuntu2004 etc]#vim redis6379.conf
dbfilename dump6379.rdb
[root@ubuntu2004 etc]#vim redis6380.conf
dbfilename dump6380.rdb
[root@ubuntu2004 etc]#vim redis6381.conf
dbfilename dump6381.rdb
重启各实例
[root@ubuntu2004 ~]#systemctl restart redis63*Python程序连接Redis进行写入数据进行测试
[root@ubuntu2004 ~]#apt -y install python3-pip python3-redis
用python代码测试连接
[root@ubuntu2004 ~]#cat redis_test.py
#!/usr/bin/python3
import redis
pool = redis.ConnectionPool(host="127.0.0.1",port=6379,password="123456",decode_responses=True)
r = redis.Redis(connection_pool=pool)
for i in range(100000):
r.set("k%d" % i,"v%d" % i)
data=r.get("k%d" % i)
print(data)
可远程连接
执行
python3 redis_test.py
......
'v9994'
'v9995'
'v9996'
'v9997'
'v9998'
'v9999'
进入查看写入的数据
[root@ubuntu2004 ~]#redis-cli
127.0.0.1:6379> dbsize #查看数据的数量
(error) NOAUTH Authentication required.
127.0.0.1:6379> auth 123456 #密码验证
OK
127.0.0.1:6379> dbsize
(integer) 10000
127.0.0.1:6379> get k0 #查看某个数据的值
"v0"
127.0.0.1:6379> get k1
"v1"
127.0.0.1:6379> get k9999
"v9999"用密码连接不显示告警信息
[root@ubuntu2004 ~]#redis-cli -a 123456 --no-auth-warning
127.0.0.1:6379>图形工具连接(windows版)
RedisDesktopManagerRedis配置管理
如果redis没设置密码并把bind注释掉,会进入保护模式(防止谁都能连)
远程连接
[root@ubuntu2004 ~]#vim /etc/redis/redis.conf
bind 0.0.0.0
[root@ubuntu2004 ~]#systemctl restart redis
连接
[root@ubuntu2004 ~]#redis-cli -h 10.0.0.103 -a 123456
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
10.0.0.103:6379>
如果没有密码,还把bind删除了,会进入保护模式
[root@ubuntu2004 ~]#redis-cli -h 10.0.0.101
10.0.0.101:6379> info
DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
输出不了信息,并给出了解决办法
