docker:MISCONF Redis 配置为保存RDB 快照 [英] docker: MISCONF Redis is configured to save RDB snapshots
问题描述
有几个类似的问题,比如:
There are several issues similar to this one, such as:
Redis 配置为保存 RDB 快照,但目前无法在磁盘上持久化 - Ubuntu Server
MISCONFRedis 配置为保存 RDB 快照,但目前无法在磁盘上持久化.可能修改数据集的命令被禁用
但这些都不能解决我的问题.
but none of these solves my problem.
问题是我在 docker-compose 中运行我的 redis,只是无法理解如何在 docker-compose 启动时解决这个问题.
The problem is that I am running my redis in docker-compose, and just cannot understand how to fix this at docker-compose startup.
redis 文档 说这是解决办法:
echo 1 >/proc/sys/vm/overcommit_memory
echo 1 > /proc/sys/vm/overcommit_memory
这在 Redis 安装在 docker 之外时有效.但是如何使用 docker-compose 运行此命令?
And this works when Redis is installed outside of docker. But how do I run this command with docker-compose?
我尝试了以下方法:
services:
cache:
image: redis:5-alpine
command: ["echo", "1", ">", "/proc/sys/vm/overcommit_memory", "&&", "redis-server"]
ports:
- ${COMPOSE_CACHE_PORT:-6379}:6379
volumes:
- cache:/data
这不起作用:
docker-compose up
Recreating constructor_cache_1 ... done
Attaching to constructor_cache_1
cache_1 | 1 > /proc/sys/vm/overcommit_memory && redis-server
constructor_cache_1 exited with code 0
2) 挂载/proc/sys/vm/
目录.
这失败了:结果我无法挂载到/proc/目录.
2) Mounting /proc/sys/vm/
directory.
This failed: turns out I cannot mount to /proc/ directory.
custom-entrypoint.sh:
custom-entrypoint.sh:
#!/bin/sh
set -e
echo 1 > /proc/sys/vm/overcommit_memory
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- redis-server "$@"
fi
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
find . ! -user redis -exec chown redis '{}' +
exec su-exec redis "$0" "$@"
fi
exec "$@"
docker-compose.yml:
docker-compose.yml:
services:
cache:
image: redis:5-alpine
ports:
- ${COMPOSE_CACHE_PORT:-6379}:6379
volumes:
- cache:/data
- ./.cache/custom-entrypoint.sh:/usr/local/bin/custom-entrypoint.sh
entrypoint: /usr/local/bin/custom-entrypoint.sh
这也行不通.
如何解决这个问题?
推荐答案
TL;DR 你的 redis 不安全
TL;DR Your redis is not secure
更新:使用 expose 而不是 ports
以便服务仅适用于链接服务
UPDATE:
Use expose instead of ports
so the service is only available to linked services
公开端口而不将它们发布到主机 - 他们会只能访问链接的服务.只有内部端口可以指定的.
Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.
expose
- 6379
原始答案:
长答案:
这可能是由于不安全的 redis-server
实例造成的.docker 容器中的默认 redis 映像是不安全的.
This is possibly due to an unsecured redis-server
instance. The default redis image in a docker container is unsecured.
我能够仅使用 redis-cli -h <my-server-ip>
为了解决这个问题,我浏览了 这篇 DigitalOcean 文章 和许多其他文章,并且能够关闭端口.
To sort this out, I went through this DigitalOcean article and many others and was able to close the port.
- 您可以从此处
- 然后将您的 docker-compose
redis
部分更新为(相应地更新文件路径)
- You can pick a default redis.conf from here
- Then update your docker-compose
redis
section to(update file paths accordingly)
redis:
restart: unless-stopped
image: redis:6.0-alpine
command: redis-server /usr/local/etc/redis/redis.conf
env_file:
- app/.env
volumes:
- redis:/data
- ./app/conf/redis.conf:/usr/local/etc/redis/redis.conf
ports:
- "6379:6379"
command
和 volumes
中 redis.conf
的路径应该匹配
the path to redis.conf
in command
and volumes
should match
- 根据需要重新构建 redis 或所有服务
- 尝试使用
redis-cli -h <my-server-ip>
来验证(它对我不起作用)
- rebuild redis or all the services as required
- try to use
redis-cli -h <my-server-ip>
to verify (it stopped working for me)
这篇关于docker:MISCONF Redis 配置为保存RDB 快照的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!