The following configuration is a production-ready .conf file which:
Binds to 0.0.0.0
Disables default user
Forces use of a password
Prevents users from running configuration commands
Creates a app user named user with password password (change this according to the comments in the file)
# security configurations as documented at https://redis.io/topics/security
bind 0.0.0.0
rename-command CONFIG ""
# disable default user
requirepass password
user default off -@all
# setup app user
# to generate the password, run `printf -- 'password' | sha256sum | cut -f 1 -d ' '`
# the following password (after the '#' character) is the sha256 of "password" without the quotes
user user on ~* +ping +client +@read +@write +@set +@list #5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
Docker
Image
Compose
version: "3.7"
services:
redis: # access with `redis-cli -h 127.0.0.1 -p 6379` and use `auth user password` in the redis tty
# image reference: https://hub.docker.com/_/redis
image: library/redis:7.0.12-alpine
command:
- redis-server
- /usr/local/etc/redis/redis.conf
ports: ["6379:6379"]
network_mode: host
volumes: # [] # uncomment and comment below to remove persistence
- ./.data/redis/config/redis.conf:/usr/local/etc/redis/redis.conf
- ./.data/redis/data:/data