diff options
author | Yossi Gottlieb <yossigo@gmail.com> | 2021-06-24 19:48:18 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-24 19:48:18 +0300 |
commit | f233c4c59d24828c77eb1118f837eaee14695f7f (patch) | |
tree | 169dc6e037647eb42d1b676f93b1e87b2c5b8309 /redis.conf | |
parent | d1a21e02926b9c4cb850c076a445644562800bf1 (diff) | |
download | redis-f233c4c59d24828c77eb1118f837eaee14695f7f.tar.gz |
Add bind-source-addr configuration argument. (#9142)
In the past, the first bind address that was explicitly specified was
also used to bind outgoing connections. This could result with some
problems. For example: on some systems using `bind 127.0.0.1` would
result with outgoing connections also binding to `127.0.0.1` and failing
to connect to remote addresses.
With the recent change to the way `bind` is handled, this presented
other issues:
* The default first bind address is '*' which is not a valid address.
* We make no distinction between user-supplied config that is identical
to the default, and the default config.
This commit addresses both these issues by introducing an explicit
configuration parameter to control the bind address on outgoing
connections.
Diffstat (limited to 'redis.conf')
-rw-r--r-- | redis.conf | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/redis.conf b/redis.conf index 9e72d9c45..b064f8515 100644 --- a/redis.conf +++ b/redis.conf @@ -83,6 +83,18 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ bind 127.0.0.1 -::1 +# By default, outgoing connections (from replica to master, from Sentinel to +# instances, cluster bus, etc.) are not bound to a specific local address. In +# most cases, this means the operating system will handle that based on routing +# and the interface through which the connection goes out. +# +# Using bind-source-addr it is possible to configure a specific address to bind +# to, which may also affect how the connection gets routed. +# +# Example: +# +# bind-source-addr 10.0.0.1 + # Protected mode is a layer of security protection, in order to avoid that # Redis instances left open on the internet are accessed and exploited. # |