docker:MISCONF Redis配置为保存RDB快照 [英] docker: MISCONF Redis is configured to save RDB snapshots
问题描述
存在与此问题类似的几个问题,例如:
Redis已配置为保存RDB快照,但目前无法持久保存在磁盘上-Ubuntu Server
,但是这些都不能解决我的问题。
问题是我正在docker-compose中运行我的redis,只是无法理解如何在docker-compose启动时解决此问题。
redis文档说这是解决方法:
echo 1> / proc / sys / vm / overcommit_memory
这在Redis安装在docker外部时有效。但是如何使用docker-compose运行此命令?
我尝试了以下操作:
1)添加命令:
服务:
缓存:
图片:redis:5-alpine
命令:[ echo, 1,>, / proc / sys / vm / overcommit_memory,&&, redis-server]
端口:
-$ {COMPOSE_CACHE_PORT:-6379}:6379
卷:
-缓存:/数据
这不起作用:
docker-compose up
重新创建builder_cache_1 ...完成
附加到builder_cache_1
cache_1 | 1> / proc / sys / vm / overcommit_memory&& redis-server
builder_cache_1退出,代码为0
2)安装 / proc / sys / vm /
目录。
此操作失败:原来我无法安装到/ proc /目录。 / p>
3)覆盖入口点:
custom-entrypoint.sh:
#!/ bin / sh
set -e
echo 1> / proc / sys / vm / overcommit_memory
#first arg是`-f`或`--some-option`
#或first arg是`something.conf`
if [ $ {1#-}!= $ 1] || [ $ {1%.conf}!= $ 1];然后设置
-redis-server $ @
fi
#如果[[$ 1 ='redis-server'-a $(id -u) ='0'];然后
find。 \! -user redis -exec chown redis'{}'+
exec su-exec redis $ 0 $ @
fi
exec $ @
docker-compose.yml:
服务:
缓存:
映像:redis:5-alpine
端口:
-$ {COMPOSE_CACHE_PORT:-6379} :6379
卷:
-缓存:/ data
-./.cache/custom-entrypoint.sh:/usr/local/bin/custom-entrypoint.sh
入口点:/usr/local/bin/custom-entrypoint.sh
这也不起作用。 / p>
如何解决此问题?
TL; DR 您的Redis不安全
更新:
使用公开,而不是端口
,因此该服务仅可用于链接服务
暴露端口而不将其发布到主机chine-只有关联的服务才能访问
。只能指定内部端口
。暴露
-6379
原始答案:
长答案:
这可能是由于不安全的 redis-server
实例造成的。 Docker容器中的默认Redis映像是不安全的。
我能够使用 redis-cli连接到Web服务器上的
redis
- h< my-server-ip>
要解决此问题,我经历了此DigitalOcean文章和许多其他文章,并且可以关闭港口。
- 您可以从此处
- 然后更新docker-compose
redis
部分至(相应地更新文件路径)
redis:
重新启动:除非已停止
映像:redis:6.0-alpine
命令:redis-server /usr/local/etc/redis/redis.conf
env_file:
-app / .env
卷:
-redis:/数据
-./app/conf/redis.conf:/usr/local/etc/redis/redis.conf
端口:
- 6379:6379
redis.conf的路径$ c
命令
和体积
中的$ c>应该匹配
- 根据需要重建redis或所有服务
- 尝试使用
redis-cli -h< my-server-ip>
进行验证(它已停止为我工作)
There are several issues similar to this one, such as:
but none of these solves my problem.
The problem is that I am running my redis in docker-compose, and just cannot understand how to fix this at docker-compose startup.
The redis docs say this is the fix:
echo 1 > /proc/sys/vm/overcommit_memory
And this works when Redis is installed outside of docker. But how do I run this command with docker-compose?
I tried the following:
1) adding the command:
services:
cache:
image: redis:5-alpine
command: ["echo", "1", ">", "/proc/sys/vm/overcommit_memory", "&&", "redis-server"]
ports:
- ${COMPOSE_CACHE_PORT:-6379}:6379
volumes:
- cache:/data
this doesn't work:
docker-compose up
Recreating constructor_cache_1 ... done
Attaching to constructor_cache_1
cache_1 | 1 > /proc/sys/vm/overcommit_memory && redis-server
constructor_cache_1 exited with code 0
2) Mounting /proc/sys/vm/
directory.
This failed: turns out I cannot mount to /proc/ directory.
3) Overriding the entrypoint:
custom-entrypoint.sh:
#!/bin/sh
set -e
echo 1 > /proc/sys/vm/overcommit_memory
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- redis-server "$@"
fi
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
find . \! -user redis -exec chown redis '{}' +
exec su-exec redis "$0" "$@"
fi
exec "$@"
docker-compose.yml:
services:
cache:
image: redis:5-alpine
ports:
- ${COMPOSE_CACHE_PORT:-6379}:6379
volumes:
- cache:/data
- ./.cache/custom-entrypoint.sh:/usr/local/bin/custom-entrypoint.sh
entrypoint: /usr/local/bin/custom-entrypoint.sh
This doesn't work too.
How to fix this?
TL;DR Your redis is not secure
UPDATE:
Use expose instead of ports
so the service is only available to linked services
Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.
expose - 6379
ORIGINAL ANSWER:
long answer:
This is possibly due to an unsecured redis-server
instance. The default redis image in a docker container is unsecured.
I was able to connect to redis
on my webserver using just redis-cli -h <my-server-ip>
To sort this out, I went through this DigitalOcean article and many others and was able to close the port.
- You can pick a default redis.conf from here
- Then update your docker-compose
redis
section to(update file paths accordingly)
redis:
restart: unless-stopped
image: redis:6.0-alpine
command: redis-server /usr/local/etc/redis/redis.conf
env_file:
- app/.env
volumes:
- redis:/data
- ./app/conf/redis.conf:/usr/local/etc/redis/redis.conf
ports:
- "6379:6379"
the path to redis.conf
in command
and volumes
should match
- rebuild redis or all the services as required
- try to use
redis-cli -h <my-server-ip>
to verify (it stopped working for me)
这篇关于docker:MISCONF Redis配置为保存RDB快照的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!