安装后一定要看安全问题
关于部署redis后的一些安全问题
参考 redis未授权访问
一、安装redis
第一步:下载redis安装包
wget http://download.redis.io/releases/redis-4.0.6.tar.gz
注:根据实际选择最新的版本!本人实际用 5.0.5 版本
[root@xx local]# wget http://download.redis.io/releases/redis-4.0.6.tar.gz
--2017-12-13 12:35:12-- http://download.redis.io/releases/redis-4.0.6.tar.gz
Resolving download.redis.io (download.redis.io)... 109.74.203.151
Connecting to download.redis.io (download.redis.io)|109.74.203.151|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1723533 (1.6M) [application/x-gzip]
Saving to: ‘redis-4.0.6.tar.gz’
100%[==========================================================================================================>] 1,723,533 608KB/s in 2.8s
2017-12-13 12:35:15 (608 KB/s) - ‘redis-4.0.6.tar.gz’ saved [1723533/1723533]
第二步:解压压缩包
tar -zxvf redis-4.0.6.tar.gz
[root@xx local]# tar -zxvf redis-4.0.6.tar.gz
第三步:yum安装gcc依赖
yum install gcc
[root@xx local]# yum install gcc
遇到选择,输入y即可
第四步:跳转到redis解压目录下
cd redis-4.0.6
[root@xx local]# cd redis-4.0.6
第五步:编译安装
make MALLOC=libc
[root@iZwz991stxdwj560bfmadtZ redis-4.0.6]# make MALLOC=libc
将/usr/local/redis-4.0.6/src目录下的文件加到/usr/local/bin目录
cd src && make install
[root@xx redis-4.0.6]# cd src && make install
CC Makefile.dep
Hint: It's a good idea to run 'make test' ;)
INSTALL install
INSTALL install
INSTALL install
INSTALL install
INSTALL install
二、启动redis的三种方式
先切换到redis src目录下
1、直接启动redis
./redis-server
[root@xx src]# ./redis-server
18685:C 13 Dec 12:56:12.507 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
18685:C 13 Dec 12:56:12.507 # Redis version=4.0.6, bits=64, commit=00000000, modified=0, pid=18685, just started
18685:C 13 Dec 12:56:12.507 # Warning: no config file specified, using the default config. In order to specify a config file use ./redis-server /path/to/redis.conf
_._
_.-``__ ''-._
_.-`` `. `_. ''-._ Redis 4.0.6 (00000000/0) 64 bit
.-`` .-```. ```\/ _.,_ ''-._
( ' , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
| `-._ `._ / _.-' | PID: 18685
`-._ `-._ `-./ _.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' | http://redis.io
`-._ `-._`-.__.-'_.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' |
`-._ `-._`-.__.-'_.-' _.-'
`-._ `-.__.-' _.-'
`-._ _.-'
`-.__.-'
18685:M 13 Dec 12:56:12.508 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
18685:M 13 Dec 12:56:12.508 # Server initialized
18685:M 13 Dec 12:56:12.508 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
18685:M 13 Dec 12:56:12.508 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
18685:M 13 Dec 12:56:12.508 * Ready to accept connections
如上图:redis启动成功,但是这种启动方式需要一直打开窗口,不能进行其他操作,不太方便。
按 ctrl + c可以关闭窗口。
2、以后台进程方式启动redis
第一步:修改redis.conf文件
返回目录 redis-4.0.6
将
daemonize no
修改为
daemonize yes
第二步:指定redis.conf文件启动
./redis-server /usr/local/redis-4.0.6/redis.conf
[root@xx src]# ./redis-server /usr/local/redis-4.0.6/redis.conf
18713:C 13 Dec 13:07:41.109 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
18713:C 13 Dec 13:07:41.109 # Redis version=4.0.6, bits=64, commit=00000000, modified=0, pid=18713, just started
18713:C 13 Dec 13:07:41.109 # Configuration loaded
第三步:关闭redis进程
首先使用ps -aux | grep redis查看redis进程
[root@xx src]# ps -aux | grep redis
root 18714 0.0 0.1 141752 2008 ? Ssl 13:07 0:00 ./redis-server 127.0.0.1:6379
root 18719 0.0 0.0 112644 968 pts/0 R+ 13:09 0:00 grep --color=auto redis
使用kill命令杀死进程
[root@xx src]# kill -9 18714
3、设置redis开机自启动
1、在/etc目录下新建redis目录
mkdir redis
[root@xx etc]# mkdir redis
2、将/usr/local/redis-4.0.6/redis.conf 文件复制一份到/etc/redis目录下,并命名为6379.conf
[root@xx redis]# cp /usr/local/redis-4.0.6/redis.conf /etc/redis/6379.conf
3、将redis的启动脚本复制一份放到/etc/init.d目录下
[root@xx init.d]# cp /usr/local/redis-4.0.6/utils/redis_init_script /etc/init.d/redisd
在redisd文件中,有个配置是CONF="/etc/redis/${REDISPORT}.conf"
,它指定了开启启动加载的配置文件,也即第2步配置的文件
4、设置redis开机自启动
先切换到/etc/init.d目录下
然后执行自启命令
[root@xx init.d]# chkconfig redisd on
service redisd does not support chkconfig
看结果是redisd不支持chkconfig
解决方法:
使用vim编辑redisd文件,在第一行加入如下两行注释,保存退出
# chkconfig: 2345 90 10
# description: Redis is a persistent key-value database
注释的意思是,redis服务必须在运行级2,3,4,5下被启动或关闭,启动的优先级是90,关闭的优先级是10。
再次执行开机自启命令,成功
[root@xx init.d]# chkconfig redisd on
现在可以直接已服务的形式启动和关闭redis了
启动:
service redisd start
[root@xx ~]# service redisd start
Starting Redis server...
2288:C 13 Dec 13:51:38.087 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
2288:C 13 Dec 13:51:38.087 # Redis version=4.0.6, bits=64, commit=00000000, modified=0, pid=2288, just started
2288:C 13 Dec 13:51:38.087 # Configuration loaded
关闭:
service redisd stop
[root@xx ~]# service redisd stop
Stopping ...
Redis stopped
三、配置可远程访问
修改 redis.conf 下面配置,注意,如果使用开机自启动的方式,要修改/etc/redis/6379.conf
这个文件
# 注释,不限制IP
#bind 127.0.0.1
protected-mode no
停止redis报如下
service redisd stop
Stopping ...
OK
(error) NOAUTH Authentication required.
Waiting for Redis to shutdown ...
Waiting for Redis to shutdown ...
Waiting for Redis to shutdown ...
Waiting for Redis to shutdown ...
Waiting for Redis to shutdown ...
Waiting for Redis to shutdown ...
Waiting for Redis to shutdown ...
Waiting for Redis to shutdown ...
解决方法:修改redis服务脚本,加入如下所示的信息即可
vi /etc/init.d/redisd
# 修改 添加 -a "password"
$CLIEXEC -a "123456" -p $REDISPORT shutdown
四、参考资料
1、http://blog.csdn.net/zc474235918/article/details/50974483
2、http://blog.csdn.net/gxw19874/article/details/51992125
如果出现如下问题:
可参考资料:http://blog.csdn.net/luozhonghua2014/article/details/54649295