使用Docker部署Redis時使用的是預設配置檔案不帶鑑權
需要鑑權可以把設定寫到配置檔案後透過Dockerfile生成新的映象
- redis配置檔案
# cat redis.conf
bind 0.0.0.0
port 6379
timeout 0
tcp-keepalive 300
daemonize no
databases 16
save 900 1
save 300 10
save 60 10000
# 是否壓縮
rdbcompression yes
# 匯入時是否檢查
rdbchecksum yes
dir /data
dbfilename dump.rdb
# 密碼
requirepass password
- Dockerfile檔案
# cat Dockerfile
FROM redis:7.2.4
COPY redis.conf /usr/local/etc/redis/redis.conf
CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]
- 透過Dockerfile建立新映象
tag設定為password
# docker build -t redis:password .
[+] Building 0.4s (7/7) FINISHED docker:default
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 212B 0.0s
=> [internal] load metadata for docker.io/library/redis:7.2.4 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 330B 0.0s
=> [1/2] FROM docker.io/library/redis:7.2.4 0.0s
=> CACHED [2/2] COPY redis.conf /usr/local/etc/redis/redis.conf 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:1e1e4ec7910f5e789e966c149f447335cfec87296e18adb12f0606dee2ac7696 0.0s
=> => naming to docker.io/library/redis:password 0.0s
- 使用新映象啟動
# docker run -d -p 6379:6379 -v /opt/redis-data/:/data redis:password
- 驗證鑑權和持久化
使用密碼連線redis
如果密碼錯誤會出現認證失敗提示
AUTH failed: WRONGPASS invalid username-password pair or user is disabled.
# redis-cli -h 127.0.0.1 -a 'password'
# 設定a為2並儲存
# 127.0.0.1:6379> set a 2
OK
127.0.0.1:6379> save
OK
掛載目錄有持久化資料
# ls -lah /opt/redis-data/dump.rdb
-rw-------. 1 systemd-coredump input 98 3月 14 09:38 /opt/redis-data/dump.rdb