Question Onyx Docker Redis Firewall Security

[Burak Özdemir]

hi, i am using trial version of PO. I installed a docker redis container and configured my drupal installation and it works like charm.

Docker IP and ports are as follows:
IP address for docker0: 172.17.0.1
Port mapping:
6379 to 32770

plesk mod_security with free comodo rules, plesk firewall and plesk fail2ban are all on through plesk ui with default settings. (i also installed mod_evasive manually from the ssh terminal, and I think that it is also activated )

Now I have some questions in mind.

Do I have to close ports 6379 and 32770 to incoming connections with a custom rule in Plesk firewall? Without any other configuration (with a default installation of docker redis official container), is redis accessible from outside world by default etc.?

If i have to configure plesk firewall to secure redis, how can I do it?

thanks,
burak

 

[virtubox]

Yes, that's one of the big security issue with redis container.
You can edit the container configuration with the redis.conf file available in the volume storage of your container, or use the firewall to block connections from outside.
But currently with the default configuration redis is accessible from outside, without any password.
You can also install redis-server on your server and use the redis.conf to bind it to 127.0.0.1

 

[Burak Özdemir]

use the firewall to block connections from outside

how can I do this with the given values for docker container:
Docker IP and ports are as follows:
IP address for docker0: 172.17.0.1
Port mapping:
6379 to 32770

PS: Although I am not a pro of the issue, I think that it won't be a good practice to install a server-wide redis instead of using redis docker container.

 

[virtubox]

Use the firewall to block access from outside the server.
Docker is still very young and to I was running it with docker at the beginning, but the stability was good enough. And running redis-server with Plesk is not a problem at all