配置文件
优化redis配置文件定制
cat /nosql/redis/6379/redis.conf
daemonize yes
port 6379
logfile /nosql/redis/6379/redis.log
dir /nosql/redis/6379
dbfilename dump.rdb
解释:
daemonize yes #是否后台启动
port 6379 #启动端口
logfile /nosql/redis/6379/redis.log #日志路径
dir /nosql/redis/6379 #工作目录
dbfilename dump.rdb #持久化数据文件
redis启动
redis-server /nosql/redis/6379/redis.conf
[root@k8s-master1 6379]# netstat -lntup|grep 6379
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 16233/redis-server
tcp6 0 0 :::6379 :::* LISTEN 16233/redis-server
可以看到redis已经正常启动
redis基本使用
#进入redis界面:
[root@k8s-master1 6379]# redis-cli
127.0.0.1:6379>
#设置键值
127.0.0.1:6379> set name zhangsan
OK
#取出键值
127.0.0.1:6379> get name
"zhangsan"
redis安全配置[redis远程登录配置]
设置允许指定IP访问
#redis配置允许IP访问
#方法1:
redis默认不允许远程连接,只允许本地登录。如果需要允许远程连接则需要配置。
如: redis-cli -h 10.0.0.10 进入后直接get某个值,在没有配置规则前是不允许这样操作的,否则会提示如下:
10.0.0.63:6379> get name
(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
这个安全配置规则如下:
daemonize yes
port 6379
logfile /nosql/redis/6379/redis.log
dir /nosql/redis/6379
dbfilename dump.rdb
protected-mode yes #是否启用安全配置, yes是启用,如果启用,在其他服务器连接到这台机器的时候,get某个值就会报错,设置为no 就可以正常取值
#方法2: 使用bind来绑定指定IP访问 redis.conf中添加以下配置:
新增: bind 127.0.0.1 10.0.0.10 新增这行后意味着只有10.0.0.10 可以访问。
设置密码访问
#redis设置密码访问: redis.conf中添加以下配置:
requirepass 123
整体配置:
daemonize yes
port 6379
logfile /nosql/redis/6379/redis.log
dir /nosql/redis/6379
dbfilename dump.rdb
#protected-mode no
bind 10.0.0.63
requirepass 123 ##设置密码访问
登录验证的2中方法:
1. 登录后命令行输入 auth 进行验证密码
AUTH 123 #表示使用123进行密码认证
2. 登录时带密码进行直接验证:
[root@k8s-master1 6379]# redis-cli -h 10.0.0.63 -a 123 #使用密码进行访问
10.0.0.63:6379> get 1
(nil)
10.0.0.63:6379> exit
redis配置查看
redis可以通过进入命令行后使用 CONFIG GET * 查看所有配置
查看某一个配置:
10.0.0.63:6379> CONFIG GET bind #查看IP
1) "bind"
2) "10.0.0.63"
10.0.0.63:6379> CONFIG GET port #查看端口
1) "port"
2) "6379"
修改某一个配置:
如查看到连接密码:
10.0.0.63:6379> CONFIG GET requirepass
1) "requirepass"
2) "123"
重新设置redis连接密码:
10.0.0.63:6379> CONFIG GET requirepass
1) "requirepass"
2) "123"
10.0.0.63:6379> CONFIG SET requirepass 123456 #重新设置
OK
测试登录:
[root@k8s-master1 6379]# redis-cli -h 10.0.0.63 -a 123
10.0.0.63:6379> get a #使用错误的密码登录后 get值报错
(error) NOAUTH Authentication required.
10.0.0.63:6379> exit
[root@k8s-master1 6379]# redis-cli -h 10.0.0.63 -a 123456
10.0.0.63:6379> get a #使用新设置的密码登录后get值正常
(nil)