详细解释:https://www.cnblogs.com/kreo/p/4423362.html
1.bind 0.0.0.0
~~~ WARNING ~~~ If the computer running Redis is directly exposed to the # internet, binding to all the interfaces is dangerous and will expose the # instance to everybody on the internet. So by default we uncomment the # following bind directive, that will force Redis to listen only into # the IPv4 lookback interface address (this means Redis will be able to # accept connections only from clients running into the same computer it # is running). # # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES # JUST COMMENT THE FOLLOWING LINE. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # bind 127.0.0.1
如果这个电脑运行中的redis 是直接暴露在互联网上,绑定所有的接口是危险的。它对互联网中的每个人都是可见的。因此默认不开启bind指令。强制redis只能本机连接 。如果需要其他机器连接,只需配置bind即可
2.protected-mode yes
# Protected mode is a layer of security protection, in order to avoid that # Redis instances left open on the internet are accessed and exploited. # # When protected mode is on and if: # # 1) The server is not binding explicitly to a set of addresses using the # "bind" directive. # 2) No password is configured. # # The server only accepts connections from clients connecting from the # IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain # sockets. # # By default protected mode is enabled. You should disable it only if # you are sure you want clients from other hosts to connect to Redis # even if no authentication is configured, nor a specific set of interfaces # are explicitly listed using the "bind" directive. protected-mode yes
保护模式,用于安全保护,避免打开状态的redis直接暴露在互联网上被非法访问和利用。
当保护模式被打开而且
1)bind没有被启用
2)没有为redis配置用户名密码
此时,redis只接受本地的请求
保护模式默认打开。如果你想要禁用它,除非 你确定允许其他主机通过redis客户端访问即使没有配置登陆认证,也没有设置ip限制(即没有配置bind)保护模式打开时,在没有登陆认证而且没有配置bind情况下只允许本地访问
3.port
# Accept connections on the specified port, default is 6379 (IANA #815344). # If port 0 is specified Redis will not listen on a TCP socket. port 6379
tcp侦听端口,如果指定为0将拒绝tcp连接
4