Reputation: 43
I can connect from outside but not from inside a redis container?
I am trying to start a Redis Server with tls and run it in a container that is connected to a docker network named site. After setting bind to bind * -::*, protected mode to off, and setting tls-auth-clients to no, the server began accepting connections from the host machine using redis-cli --tls -p 2999. However, upon a docker exec into the redis server container, I find that running redis-cli --tls -p 6379 returns
1:M 28 Feb 2025 01:17:38.495 - Accepted 127.0.0.1:47094
1:M 28 Feb 2025 01:17:38.498 # Error accepting a client connection: error:0A000418:SSL routines::tlsv1 alert unknown ca (addr= laddr=127.0.0.1:6379)
1:M 28 Feb 2025 01:17:42.880 . 0 clients connected (0 replicas), 946440 bytes in use
My question is what is different about these two connections and why does one succeed and one fail? My relevant docker-compose.yml
services:
redis:
image: redis
networks:
- site
ports:
- "2999:6379"
volumes:
- ./redis.conf:/etc/redis.conf
- ./redis.log:/etc/redis.log
- /etc/privkey.pem:/etc/privkey.pem:ro
- /etc/cert.pem:/etc/cert.pem:ro
- /etc/fullchain.pem:/etc/fullchain.pem:ro
- /etc/isrgrootx1.pem:/etc/ca.pem:ro
networks:
site:
external: true
Here is my redis.conf file.
bind * -::*
protected-mode no
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
port 0
tls-port 6379
tls-cert-file /etc/fullchain.pem
tls-key-file /etc/privkey.pem
tls-ca-cert-file /etc/ca.pem
tls-ca-cert-dir /etc/
tls-auth-clients no
daemonize no
pidfile /var/run/redis_6379.pid
loglevel debug
logfile "/etc/redis.log"
databases 16
always-show-logo no
set-proc-title yes
proc-title-template "{title} {listen-addr} {server-mode}"
locale-collate ""
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
rdb-del-sync-files no
dir ./
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync yes
repl-diskless-sync-delay 5
repl-diskless-sync-max-replicas 0
repl-diskless-load disabled
repl-disable-tcp-nodelay no
replica-priority 100
acllog-max-len 128
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
lazyfree-lazy-user-del no
lazyfree-lazy-user-flush no
oom-score-adj no
oom-score-adj-values 0 200 800
disable-thp yes
appendonly no
appendfilename "appendonly.aof"
appenddirname "appendonlydir"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
aof-timestamp-enabled no
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-listpack-entries 512
hash-max-listpack-value 64
list-max-listpack-size -2
list-compress-depth 0
set-max-intset-entries 512
set-max-listpack-entries 128
set-max-listpack-value 64
zset-max-listpack-entries 128
zset-max-listpack-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
dynamic-hz yes
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
jemalloc-bg-thread yes
I believe that there is something in the way I am handling the docker network, but I have no idea what. I am also using LetsEncrypt certificates and have mounted them as specified here .
Upvotes: 0
Views: 23
Answers (0)
Related Questions
- Copying files from Docker container to host
- How can I stop redis-server?
- Connecting to Postgresql in a docker container from outside
- How to copy files from host to Docker container?
- Using SSH keys inside docker container
- How to get the IP address of the docker host from inside a docker container
- Root password inside a Docker container
- How to modify maxmemory on Redis cloud
- Redis Master Slave Switch after Aof rewrite