docker：MISCONF Redis配置为保存RDB快照 [英] docker: MISCONF Redis is configured to save RDB snapshots

问题描述

存在与此问题类似的几个问题，例如：

Redis已配置为保存RDB快照，但目前无法持久保存在磁盘上-Ubuntu Server

，但是这些都不能解决我的问题。

问题是我正在docker-compose中运行我的redis，只是无法理解如何在docker-compose启动时解决此问题。

redis文档说这是解决方法：

echo 1> / proc / sys / vm / overcommit_memory

这在Redis安装在docker外部时有效。但是如何使用docker-compose运行此命令？

我尝试了以下操作：

1）添加命令：

 服务：
缓存：
图片：redis：5-alpine 
命令：[ echo， 1，>， / proc / sys / vm / overcommit_memory，&&， redis-server] 
端口：
 -$ {COMPOSE_CACHE_PORT：-6379}：6379 
卷：
-缓存：/数据
  

这不起作用：

  docker-compose up 
重新创建builder_cache_1 ...完成
附加到builder_cache_1 
 cache_1 | 1> / proc / sys / vm / overcommit_memory&& redis-server 
 builder_cache_1退出，代码为0 
 
  

2）安装 / proc / sys / vm / 目录。

此操作失败：原来我无法安装到/ proc /目录。 / p>

3）覆盖入口点：

custom-entrypoint.sh：

  
＃！/ bin / sh 
 set -e 
 
 echo 1> / proc / sys / vm / overcommit_memory 
 
 
＃first arg是`-f`或`--some-option` 
＃或first arg是`something.conf` 
 if [ $ {1＃-}！= $ 1] || [ $ {1％.conf}！= $ 1];然后设置
-redis-server $ @ 
 fi 
 
＃如果[[$ 1 ='redis-server'-a $（id -u） ='0'];然后
 find。 \！ -user redis -exec chown redis'{}'+ 
 exec su-exec redis $ 0 $ @ 
 fi 
 
 
 exec $ @ 
 
  

docker-compose.yml：

 服务：
缓存：
映像：redis：5-alpine 
端口：
-$ {COMPOSE_CACHE_PORT：-6379} ：6379 
卷：
-缓存：/ data 
-./.cache/custom-entrypoint.sh:/usr/local/bin/custom-entrypoint.sh 
入口点：/usr/local/bin/custom-entrypoint.sh 
  

这也不起作用。 / p>

如何解决此问题？

解决方案

TL; DR 您的Redis不安全

更新：
使用公开，而不是端口，因此该服务仅可用于链接服务

暴露端口而不将其发布到主机chine-只有关联的服务才能访问
。只能指定内部端口
。

 暴露
-6379 
 
  

原始答案：

长答案：

这可能是由于不安全的 redis-server 实例造成的。 Docker容器中的默认Redis映像是不安全的。

我能够使用 redis-cli连接到Web服务器上的 redis - h< my-server-ip>

要解决此问题，我经历了此DigitalOcean文章和许多其他文章，并且可以关闭港口。

• 您可以从此处


• 然后更新docker-compose redis 部分至（相应地更新文件路径）

  redis：
重新启动：除非已停止
映像：redis：6.0-alpine 
命令：redis-server /usr/local/etc/redis/redis.conf 
 env_file：
-app / .env 
卷：
-redis：/数据
-./app/conf/redis.conf:/usr/local/etc/redis/redis.conf 
端口：
-  6379：6379 
  

redis.conf的路径命令和体积中的$ c>应该匹配

• 根据需要重建redis或所有服务


• 尝试使用 redis-cli -h< my-server-ip> 进行验证（它已停止为我工作）

There are several issues similar to this one, such as:

Redis is configured to save RDB snapshots, but it is currently not able to persist on disk - Ubuntu Server

MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk. Commands that may modify the data set are disabled

but none of these solves my problem.

The problem is that I am running my redis in docker-compose, and just cannot understand how to fix this at docker-compose startup.

The redis docs say this is the fix:

echo 1 > /proc/sys/vm/overcommit_memory

And this works when Redis is installed outside of docker. But how do I run this command with docker-compose?

I tried the following:

1) adding the command:

services:
  cache:
    image: redis:5-alpine
    command: ["echo", "1", ">", "/proc/sys/vm/overcommit_memory", "&&", "redis-server"]
    ports:
      - ${COMPOSE_CACHE_PORT:-6379}:6379
    volumes:
      - cache:/data

this doesn't work:

 docker-compose up
Recreating constructor_cache_1 ... done
Attaching to constructor_cache_1
cache_1  | 1 > /proc/sys/vm/overcommit_memory && redis-server
constructor_cache_1 exited with code 0

2) Mounting /proc/sys/vm/ directory.

This failed: turns out I cannot mount to /proc/ directory.

3) Overriding the entrypoint:

custom-entrypoint.sh:

#!/bin/sh
set -e

echo 1 > /proc/sys/vm/overcommit_memory


# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
    set -- redis-server "$@"
fi

# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
    find . \! -user redis -exec chown redis '{}' +
    exec su-exec redis "$0" "$@"
fi


exec "$@"

docker-compose.yml:

services:
  cache:
    image: redis:5-alpine
    ports:
      - ${COMPOSE_CACHE_PORT:-6379}:6379
    volumes:
      - cache:/data
      - ./.cache/custom-entrypoint.sh:/usr/local/bin/custom-entrypoint.sh
    entrypoint: /usr/local/bin/custom-entrypoint.sh

This doesn't work too.

How to fix this?

解决方案

TL;DR Your redis is not secure

UPDATE: Use expose instead of ports so the service is only available to linked services

Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.

expose
 - 6379

ORIGINAL ANSWER:

long answer:

This is possibly due to an unsecured redis-server instance. The default redis image in a docker container is unsecured.

I was able to connect to redis on my webserver using just redis-cli -h <my-server-ip>

To sort this out, I went through this DigitalOcean article and many others and was able to close the port.

• You can pick a default redis.conf from here
• Then update your docker-compose redis section to(update file paths accordingly)

redis:
    restart: unless-stopped
    image: redis:6.0-alpine
    command: redis-server /usr/local/etc/redis/redis.conf
    env_file:
      - app/.env
    volumes:
      - redis:/data
      - ./app/conf/redis.conf:/usr/local/etc/redis/redis.conf
    ports:
      - "6379:6379"

the path to redis.conf in command and volumes should match

• rebuild redis or all the services as required
• try to use redis-cli -h <my-server-ip> to verify (it stopped working for me)

这篇关于docker：MISCONF Redis配置为保存RDB快照的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！