148

I can ping pong Redis on the server:

# redis-cli ping
PONG

But remotely, I got problems:

$ src/redis-cli -h REMOTE.IP ping
Could not connect to Redis at REMOTE.IP:6379: Connection refused

In config, I got the standard port: 

# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379

So maybe I should open port 6379 on the remote Ubuntu machine? How do I do it?

Pang
  • 9,073
  • 146
  • 84
  • 117
Maxim Yefremov
  • 12,753
  • 25
  • 112
  • 158

10 Answers10

268

Did you set the bind option to allow remote access on the redis server?

Before (file /etc/redis/redis.conf)

bind 127.0.0.1

After

bind 0.0.0.0

and run sudo service redis-server restart to restart the server. If that's not the problem, you might want to check any firewalls that might block the access.

Important: If you don't use a firewall (iptables, ufw..) to control who connects to the port in use, ANYONE can connect to this Redis instance. Without using Redis' AUTH that means anyone can access/change/delete your data. Be safe!

MildlySerious
  • 8,112
  • 2
  • 27
  • 29
  • 2
    in config file I added string `bind 0.0.0.0` after string `bind 127.0.0.1`. Restarted redis. And now can connect remotly. – Maxim Yefremov Sep 30 '13 at 10:08
  • Is there any difference if we use `bind 0.0.0.0` alone vs `bind 127.0.0.1 0.0.0.0` – Nyxynyx Jun 25 '14 at 21:29
  • 1
    @Nyxynyx 0.0.0.0 binds to all adapters, so it's unnecessary. Shouldn't make a difference, though. – MildlySerious Jun 26 '14 at 20:39
  • 1
    Is it secure to open redis to any ip calls? How can we restricted accessing redis from only certain IPs? – brsbilgic Dec 04 '14 at 16:33
  • @brsbilgic That should probably be done using a firewall. Check out iptables or UFW. – MildlySerious Mar 06 '15 at 16:13
  • 1
    @MildlySerious thanks a lot. We have wasted almost 2 weeks figuring out whether firewall or network or some other issue. But this change worked like champ. – kinnu Mar 05 '20 at 18:03
26

For me, I needed to do the following:

1- Comment out bind 127.0.0.1

2- Change protected-mode to no

3- Protect my server with iptables (https://www.digitalocean.com/community/tutorials/how-to-implement-a-basic-firewall-template-with-iptables-on-ubuntu-14-04)

Abdo
  • 12,869
  • 9
  • 77
  • 97
  • 2
    I had to use bind 0.0.0.0. "bind 127.0.0.1" didn't work for me. I didn't need to set "protected-mode" to "no". Warning: Don't leave empty space before the "bind" or the server won't start. Note: I'm using the windows port of Redis – Josh Oct 26 '17 at 17:58
7

A quick note that doing this without further securing your Redis server is not a good idea as it can leave you open to attack. Be sure to also implement AUTH or otherwise secure that. See http://redis.io/topics/security for details.

backwardm
  • 309
  • 3
  • 6
7

Bind & protected-mode both are the essential steps. But if ufw is enabled then you will have to make redis port allow in ufw.

  1. Check ufw status ufw status if Status: active then allow redis-port ufw allow 6379
  2. vi /etc/redis/redis.conf
  3. Change the bind 127.0.0.1 to bind 0.0.0.0
  4. change the protected-mode yes to protected-mode no
Gaurav Tyagi
  • 471
  • 6
  • 5
4

1- Comment out bind 127.0.0.1

2- set requirepass yourpassword

then check if the firewall blocked your port

iptables -L -n

service iptables stop

tony qi
  • 95
  • 7
3

  1. Open the file at location /etc/redis.conf

  2. Comment out bind 127.0.0.1

  3. Restart Redis:

     sudo systemctl start redis.service

  4. Disable Firewalld:

     systemctl disable firewalld

  5. Stop Firewalld:

     systemctl stop firewalld

Then try:

redis-cli -h 192.168.0.2(ip) -a redis(username)
Tarick Welling
  • 2,909
  • 3
  • 16
  • 40
Rizwan Basheer
  • 127
  • 1
  • 5
3

A quick note that if you are using AWS ec2 instance then there is one more extra step that I believe is also mandatory. I missed the step-3 and it took me whole day to figure out to add an inbound rule to security group

Step 1(as previous): in your redis.conf change bind 127.0.0.1 to bind 0.0.0.0

Step2(as previous): in your redis.conf change protected-mode yes to protected-mode no

important for Amazon Ec2 Instance:

Step3: In your current ec2 machine go to the security group. add an inbound rule for custom TCP with 6379 port and select option "use from anywhere".

Nimish Bansal
  • 1,619
  • 3
  • 17
  • 34
2

  1. Open $REDIS_HOME/redis.conf and uncomment requirepass -YOUR-PASSWORD-HERE- and write down your password in the specified lines.

  2. Login to redis using redis-cli and verify your password in the database using auth -YOUR-PASSWORD-HERE- command.

  3. Disable protected mode by changing its string in $REDIS_HOME/redis.conf to protected-mode no.

  4. Search for all bind ports values and comment all of them. Just add bind 0.0.0.0 to $REDIS_HOME/redis.conf file.

  5. Disable your firewall or open redis port.

  6. Start redis using ./redis-server $REDIS_HOME/redis.conf.

  7. Check the configuration via ./redis-cli -h -YOUR-IP- -a -YOUR-PASSWORD-HERE-.

  8. Check the configuration via ./redis-cli -h -YOUR-IP- ping.
Vahid F
  • 325
  • 6
  • 16
2

Another possibly helpful note.

Redis can be bound to multiple IPs - that's very helpful when you don't want to open it to entire world (0.0.0.0) but only make it accessible in local networks.

  1. sudo nano /etc/redis/redis.conf
  2. add your local network IP to the end of bind setting:

bind 127.0.0.1 10.0.0.1

  1. restart the service: sudo service redis-server restart

Now you can easily access redis from other computers in same network, e.g. redis-cli -h 10.0.0.1

Stalinko
  • 2,787
  • 23
  • 24
1

In my case, I'm using redis-stable

Go to redis-stable path 
 cd /home/ubuntu/software/redis-stable

Open the redis.conf 

vim redis.conf

Change the bind 127.0.0.1 to bind 0.0.0.0

change the protected-mode yes to protected-mode no

Restart the redis-server:

/etc/init.d/redis-server stop
 redis-server redis.conf
Ramesh Ponnusamy
  • 1,031
  • 7
  • 16