14

I'd like to disable protected-mode on my production Redis. Regarding to the following error I got from my other Redis-Sentinel instance I could disable it live by connecting to Redis from the master machine it runs on.

DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions:

1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent.

2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server.

3) If you started the server manually just for testing, restart it with the '--protected-mode no' option.

4) Setup a bind address or an authentication password.

NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.

But as I connect and try to disable it I get the Error (error) ERR Unsupported CONFIG parameter: protected-mode.

There's no auth configured or anything else - all security is managed by firewall rules. The redis.conf is almost default.

Demo

root@svim-redis03 /etc/redis # redis-cli 127.0.0.1:6379> CONFIG GET protected* (empty list or set) 127.0.0.1:6379> CONFIG GET bind* 1) "bind" 2) "127.0.0.1" 127.0.0.1:6379> CONFIG SET protected-mode no (error) ERR Unsupported CONFIG parameter: protected-mode 127.0.0.1:6379> exit root@svim-redis03 /etc/redis # redis-server --version Redis server v=3.2.9 sha=00000000:0 malloc=jemalloc-4.0.3 bits=64 build=86450d2ba8219c1e

Is there anything I need to check or change before? I couldn't find any hint in the documentation or in GitHub issues.

Update 01

It's not even possible to change the bind-address or any other config parameter. Do I need to enable config changes first?

127.0.0.1:6379> config set bind "127.0.0.1 11.12.13.14" (error) ERR Unsupported CONFIG parameter: bind
Improve this question

3 Answers 3

Reset to default
10

Turns out that the current server running isn't the same version as the binary I've installed.

How to reproduce this?

Simply connect via redis-cli to your redis instance and type INFO server which returns a bunch of informations.

127.0.0.1:6379> INFO server # Server redis_version:3.0.7 redis_git_sha1:00000000 redis_git_dirty:0 redis_build_id:869e89100d5ea8c2 redis_mode:standalone os:Linux 4.2.0-35-generic x86_64 arch_bits:64 multiplexing_api:epoll gcc_version:4.8.4 process_id:26720 run_id:6645270dd2ac6a7f96caa054f9dbba9e66566755 tcp_port:6379 uptime_in_seconds:10971777 uptime_in_days:126 hz:10 lru_clock:6676576 config_file:/etc/redis/redis.conf

As you can see this redis-instance runs almost 127 days and uses redis_version:3.0.7.

How to fix this?

Restart your server and be sure that you realy restarted it! For example with most Linux distros you can do so by hitting the following commands.

root@svim-redis03 ~ # service redis-server stop Stopping redis-server: redis-server.

Check if it's really offline by trying to connect with redis-cli. If you still can connect the instance is still running. Check this by searching for active redis processes.

root@svim-redis03 ~ # ps -efl |grep redis 1 S redis 12418 1 0 80 0 - 10673 ep_pol 2016 ? 05:33:17 /usr/bin/redis-server 127.0.0.1:6381 1 S redis 12442 1 0 80 0 - 11697 ep_pol 2016 ? 05:33:46 /usr/bin/redis-server 127.0.0.1:6382 1 S redis 12453 1 0 80 0 - 10673 ep_pol 2016 ? 05:40:17 /usr/bin/redis-server 127.0.0.1:6383 4 S root 16570 16386 0 80 0 - 2489 wait_w 10:42 pts/7 00:00:00 tail -f /var/log/redis/redis-server-6379.log 0 S root 17064 12637 0 80 0 - 3617 pipe_w 10:47 pts/1 00:00:00 grep --color=auto redis 1 S redis 26720 1 0 80 0 - 453041 ep_pol Mar07 ? 08:37:01 /usr/bin/redis-server 127.0.0.1:6379

As you can see there's still the instance (process id: 26720) running. Quit it with the following command.

kill 26720

After you've killed the process check again with ps -efl |grep redis if the instance is really down.

Finally start it again with

root@svim-redis03 ~ # service redis-server start Starting redis-server: redis-server.

Now check if the instance is running with the correct version.

root@svim-redis03 ~ # redis-cli 127.0.0.1:6379> INFO server # Server redis_version:3.2.9 redis_git_sha1:00000000 redis_git_dirty:0 redis_build_id:86450d2ba8219c1e redis_mode:standalone os:Linux 4.2.0-35-generic x86_64 arch_bits:64 multiplexing_api:epoll gcc_version:4.8.4 process_id:17135 run_id:40d6fa2e2b25e8f5b97a3c97ec1bddb8edda0014 tcp_port:6379 uptime_in_seconds:11 uptime_in_days:0 hz:10 lru_clock:6677102 executable:/usr/bin/redis-server config_file:/etc/redis/redis.conf
Improve this answer
1
  • 1
    I can't believe it, but I had exactly the same issue: 2 different servers were running on the box. 😳Mind blowing! Thank you for an answer... but why...why?! 😱 Commented Feb 18, 2019 at 6:26
0

I blame the error message for being vague. Let me elaborate, if it may help others. (I realize Thomas has answered his question himself, indicating that he was his mistakenly connecting to the wrong server.)

First, I'm finding also that I get this Unsupported CONFIG parameter error when trying to do config set bind (which Thomas mentioned having tried also, in his the update to the question).

It seems the problem there is that bind is a parameter that it seems cannot be changed via config set. I confirmed things on multiple servers, getting that very error (and nothing more).

As for when he tried to set protected-mode and got the same error (because it was not supported), a clue about that was when he did CONFIG GET protected* and it returned:

(empty list or set)

If the redis version did support it, it would have returned the current value (as yes or no). I confirmed getting that same error above when doing config set protected-mode on a version 3 implementation of Redis I still had.

Bottom line, that Unsupported CONFIG parameter error is quite vague, applying to at least two different situations: it can mean:

  • "the parameter is not defined in this redis version" (and a get will help confirm that) or
  • "the parameter is valid but cannot be changed via this command" (but I don't find any docs or feature that can help us know which parameters that applies to.)

Hope that may help someone else searching for help on this error.

Improve this answer
0

Redis Reinstallation Process

  1. Remove the Existing Redis Installation Run the following command to completely remove Redis along with its dependencies:
 sudo apt-get purge --auto-remove redis-server redis
  1. Terminate All Redis Processes Use the command below to list and kill all Redis processes:
 ps aux | grep redis
  1. Configure the Bind Address Edit the Redis configuration file to specify the IP addresses you want Redis to listen on:
 sudo nano /etc/redis/redis.conf

Add the following lines, replacing 127.0.0.1 and 0.0.0.0 with your actual IP addresses:

 bind 127.0.0.1 bind 0.0.0.0
  1. Install Redis Tools To install additional Redis tools, run:
 sudo apt install redis-tools
  1. Restart the Redis Service Finally, restart the Redis service to apply the changes:
 sudo systemctl restart redis

This should help clarify the steps involved in the Redis reinstallation process!

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.