1 networking amazon-ec2 amazon-web-services redis amazon-vpc
我在EC2上有两台服务器.一个托管我的PHP应用程序和其他托管我的redis服务器.我在redis服务器上管理我的php会话和数据.所以在我的php服务器上,我将ip:port作为会话保存路径,并在stderr中发送错误FastCGI:"PHP消息:PHP致命错误:未捕获异常'RedisException',消息'Connection closed'
我需要在我的redis实例上打开端口6379以获取入站流量.我通过在AWS安全组中设置自定义TCP设置来打开它,但该端口仍然关闭到外部世界.但我能够在redis服务器上侦听端口.我在这个过程中遗漏了什么?我是否需要在某处进行任何其他更改.请指导我这个.我非常擅长AWS管理实例1:我正在使用php,Apache和phpredis On Instance 2:Using Redis
但我在Instance 2上安装了Memcached,它通过端口11211连接而没有任何问题.我对Redis使用了相同的安全规则
默认情况下,redis仅侦听127.0.0.1,您需要明确告诉redis侦听其他接口或任何节点.根据你的发行版,这可能是某种地方/etc/redis.conf.
最重要的是,如果你想让redis监听所有地址(0.0.0.0),你应该proetected-mode no在redis.conf中设置.
当你配置redis时,为了上帝的爱,请确保你的安全组设置,你定义端口只对 PHP服务器的IP或安全组开放,需要连接到redis,而不是整个世界.
作为参考,这里是redis.conf中有关绑定的配置部分:
# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only into
# the IPv4 lookback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bind 127.0.0.1
# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
# "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes