diff options
| author | antirez <antirez@gmail.com> | 2015-02-19 22:42:31 +0100 |
|---|---|---|
| committer | antirez <antirez@gmail.com> | 2015-02-19 22:42:31 +0100 |
| commit | 1024664247a0853569bcd8abe1127cd107a20fc8 (patch) | |
| tree | 17e534e15acbf1f42aaca752403f09ba57bb3a97 | |
| parent | cfe5eaaed6c136f34db8ada4a704dc81491e2742 (diff) | |
| download | redis-1024664247a0853569bcd8abe1127cd107a20fc8.tar.gz | |
Example redis.conf binds just to 127.0.0.1.
It's hard to pick a good approach here. A few arguments:
1) There are many exposed instances on the internet.
2) Changing the default when "bind" is not given is very dangerous,
after an upgrade the server changes a fundamental behavior.
3) Usually Redis, when used in a proper way, will be protected *and*
accessed often from other computers, so this new default is likely
not what most people want.
4) However if users end with this default, they are using the example
redis.conf: likely they are reading what is inside, and they'll see
the warning.
| -rw-r--r-- | redis.conf | 70 |
1 files changed, 42 insertions, 28 deletions
diff --git a/redis.conf b/redis.conf index 9e15769a9..eb67583c4 100644 --- a/redis.conf +++ b/redis.conf @@ -30,26 +30,27 @@ # include /path/to/local.conf # include /path/to/other.conf -################################ GENERAL ##################################### +################################## NETWORK ##################################### -# By default Redis does not run as a daemon. Use 'yes' if you need it. -# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. -daemonize no - -# If you run Redis from upstart or systemd, Redis can interact with your -# supervision tree. Options: -# supervised no - no supervision interaction -# supervised upstart - signal upstart by putting Redis into SIGSTOP mode -# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET -# supervised auto - detect upstart or systemd method based on -# UPSTART_JOB or NOTIFY_SOCKET environment variables -# Note: these supervision methods only signal "process is ready." -# They do not enable continuous liveness pings back to your supervisor. -supervised no - -# When running daemonized, Redis writes a pid file in /var/run/redis.pid by -# default. You can specify a custom pid file location here. -pidfile /var/run/redis.pid +# By default, if no "bind" configuration directive is specified, Redis listens +# for connections from all the network interfaces available on the server. +# It is possible to listen to just one or multiple selected interfaces using +# the "bind" configuration directive, followed by one or more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +# bind 127.0.0.1 ::1 +# +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the +# internet, binding to all the interfaces is dangerous and will expose the +# instance to everybody on the internet. So by default we uncomment the +# following bind directive, that will force Redis to listen only into +# the IPv4 lookback interface address (this means Redis will be able to +# accept connections only from clients running into the same computer it +# is running). +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +bind 127.0.0.1 # Accept connections on the specified port, default is 6379. # If port 0 is specified Redis will not listen on a TCP socket. @@ -64,16 +65,8 @@ port 6379 # in order to get the desired effect. tcp-backlog 511 -# By default Redis listens for connections from all the network interfaces -# available on the server. It is possible to listen to just one or multiple -# interfaces using the "bind" configuration directive, followed by one or -# more IP addresses. -# -# Examples: +# Unix socket. # -# bind 192.168.1.100 10.0.0.1 -# bind 127.0.0.1 - # Specify the path for the Unix socket that will be used to listen for # incoming connections. There is no default, so Redis will not listen # on a unix socket when not specified. @@ -100,6 +93,27 @@ timeout 0 # A reasonable value for this option is 60 seconds. tcp-keepalive 0 +################################# GENERAL ##################################### + +# By default Redis does not run as a daemon. Use 'yes' if you need it. +# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. +daemonize no + +# If you run Redis from upstart or systemd, Redis can interact with your +# supervision tree. Options: +# supervised no - no supervision interaction +# supervised upstart - signal upstart by putting Redis into SIGSTOP mode +# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET +# supervised auto - detect upstart or systemd method based on +# UPSTART_JOB or NOTIFY_SOCKET environment variables +# Note: these supervision methods only signal "process is ready." +# They do not enable continuous liveness pings back to your supervisor. +supervised no + +# When running daemonized, Redis writes a pid file in /var/run/redis.pid by +# default. You can specify a custom pid file location here. +pidfile /var/run/redis.pid + # Specify the server verbosity level. # This can be one of: # debug (a lot of information, useful for development/testing) |