无法在AWS EC2端口6379上连接redis服务器

时间:2016-12-27 10:00:42

标签: amazon-web-services networking amazon-ec2 redis amazon-vpc

我在EC2上有两台服务器。一个托管我的PHP应用程序和其他托管我的redis服务器。我在redis服务器上管理我的php会话和数据。所以在我的php服务器上,我将ip:port作为会话保存路径,并在stderr中发送错误FastCGI:" PHP消息:PHP致命错误:未捕获异常' RedisException'消息'连接已关闭'

我需要在我的redis实例上打开端口6379以获取入站流量。我通过在AWS安全组中设置自定义TCP设置来打开它,但该端口仍然关闭到外部世界。但我能够在redis服务器上侦听端口。我在这个过程中遗漏了什么?我是否需要在某处进行任何其他更改。请指导我这个。我是AWS管理的新手 在实例1:我使用的是php,Apache和phpredis 在实例2:使用Redis

但我在Instance 2上安装了Memcached,它通过端口11211连接而没有任何问题。我对Redis使用了相同的安全规则

1 个答案:

答案 0 :(得分:6)

默认情况下,redis仅侦听127.0.0.1,您需要明确告诉redis侦听其他接口或任何节点。根据您的发行版,这可能是/etc/redis.conf之类的地方。

最重要的是,如果你想让redis监听所有地址(0.0.0.0),你应该在redis.conf中设置proetected-mode no

配置redis时,请为上帝之爱确保在您的安全组设置中,您定义端口仅打开到IP或安全组 PHP服务器需要连接到redis,而不是整个世界。

供参考,这是redis.conf中有关绑定的配置部分:

# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
# 
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only into
# the IPv4 lookback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bind 127.0.0.1

# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
#    "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes
相关问题
最新问题