笙亿网络策划

DigitalOcean 怎么部署 Redis 数据库?安全加固配置怎么做?

约 15 分钟读完 26 阅
文章导读
在 DigitalOcean 上部署 Redis 主要有两种方式:一是使用托管数据库服务(Managed Databases),直接创建 Redis 集群,无需手动维护;二是购买 Droplet(云服务器)自行安装配置。安全加固方面,必须修改配置文件绑定本地地址(127.0.0.1),启用密码认证(requirepass 或 ACL),禁用危险命令(如 FLUSHALL),并通过防火墙(UFW 或
📋 目录
  1. How To Install and Secure Redis on Rocky Linux 8
  2. How To Install and Secure Redis on Ubuntu
  3. 、利用 Redis 缓存并在 Ubuntu (DigitalOcean) 和 Netlify 上部署应用
  4. 如何将 AdonisJS 应用和 Redis 部署到 Digital Ocean
  5. FAQ
A A

在 DigitalOcean 上部署 Redis 主要有两种方式:一是使用托管数据库服务(Managed Databases),直接创建 Redis 集群,无需手动维护;二是购买 Droplet(云服务器)自行安装配置。安全加固方面,必须修改配置文件绑定本地地址(127.0.0.1),启用密码认证(requirepass 或 ACL),禁用危险命令(如 FLUSHALL),并通过防火墙(UFW 或安全组)限制 6379 端口仅受信任 IP 访问。此外,建议升级至修复了 CVE-2025-49844 等漏洞的最新版本,并考虑使用 TLS 加密通信或通过 VPN/SSH 隧道访问,避免直接暴露于公网。

How To Install and Secure Redis on Rocky Linux 8

Security Notice (CVE-2025-49844 "redishell") A critical remote code execution vulnerability affecting Redis/Valkey and derivatives was disclosed recently. DigitalOcean classified this as CRR‑0 (critical) . If you are running Redis, upgrade immediately to a patched version and restrict exposure: Patched Redis versions: 6.2.20, 7.2.11, or 8.2.2 (or newer). Valkey (DO managed / self‑hosted): upgrade to the latest vendor‑patched image/build. Until you can upgrade, ensure Redis is bound to localhost or a private IP , enable AUTH , and block port 6379 from the public internet. Disable/rename dangerous commands and consider placing Redis behind a TLS proxy or VPN. This tutorial remains valid for hardening a standalone instance, but patching to a fixed version is mandatory . See Further Reading at the end for official documentation links. Introduction Redis is an open-source, in-memory key-value data store which excels at caching. Redis is a non-relational database known for its flexibility, performance, scalability, and wide language support. Redis was designed for use by trusted clients in a trusted environment, and has no robust security features of its own. Redis does, however, have a few security features like password authentication and the ability to rename or disable some commands. This tutorial provides instructions on how to install Redis and configure these security features. It also covers a few other settings that can boost the security of a standalone Redis installation on Rocky Linux 8. Note that this guide does not address situations where the Redis server and the client applications are on different hosts or in different data centers. Installations where Redis traffic has to traverse an insecure or untrusted network will require a different set of configurations, such as sett

How To Install and Secure Redis on Ubuntu

Redis is an in-memory key-value store used for caching, session storage, pub/sub, and real-time data. In this tutorial you install Redis on Ubuntu, confirm it works with a quick test, then lock it down: bind to localhost only, require a password, and rename or disable dangerous commands so a mistake or an attacker can't wipe or reconfigure your instance. The guide works on Ubuntu 22.04 and later LTS releases. When you're ready, log in to your Ubuntu server as your sudo user and continue below. Key Takeaways Install Redis from Ubuntu repositories and set supervised systemd in redis.conf for proper systemd process management. Bind Redis to 127.0.0.1 ::1 to restrict access to the local machine and prevent internet exposure. Configure a strong requirepass (or use ACLs in Redis 6+) in redis.conf to require client authentication. Rename or disable potentially dangerous commands like FLUSHALL , CONFIG , and SHUTDOWN to minimize risk from accidents or attacks. After each change, verify Redis is running and accessible using redis-cli ping , key tests, and systemctl status redis . Prerequisites Before you begin, ensure you have: An Ubuntu server (any currently supported release). A non-root user with sudo privileges. A basic firewall, such as UFW, enabled and configured. If you haven't set this up yet, follow the Initial Server Setup guide for Ubuntu (works for Ubuntu 22.04 LTS and later). Once complete, log in as your non-root user to continue. Why Secure Redis? Redis assumes trusted clients on a trusted network. It has no authentication or access control by default. If port 6379 is reachable from the internet, anyone can connect and run any command: wipe all data with FLUSHALL , change config with CONFIG SET , or (in older setups) abuse CONFIG SET dir and dbfilename to write files to disk and potentially gain shell access. Binding to local

、利用 Redis 缓存并在 Ubuntu (DigitalOcean) 和 Netlify 上部署应用

本文将详细介绍如何使用 FARM 栈构建数据可视化应用,并将其部署到 DigitalOcean 的 Ubuntu 服务器和 Netlify 上,同时引入 Redis 进行缓存优化。1. 前期回顾与本章概述 在之前的内容中,我们创建了基于 MongoDB 聚合的 API 端点,并使用 Chart.js 将其转换为可视化图表。还利用了 SWR 和 React 特定的获取策略来提升网站性能,同时探索了 FastAPI 的后台任务功能,实现了一个简单的邮件发送系统。本章将探索另一种部署方案,即使用 Uvicorn、Gunicorn 和 Nginx 的强大组合。我们还会添加 Redis 缓存,减轻 MongoDB 的负担,并将基于 React 的前端部署到 Netlify 上。具体将涵盖以下内容:- 创建 DigitalOcean 账户 (可选) -用 Nginx 准备 Ubuntu 服务器 - 通过 Uvicorn、Gunicorn 和 Nginx 部署 FastAPI 实例 - 使用 Redis 进行缓存 - 创建 Netlify 免费账户 -在 Netlify 上部署 React 前端 2. 在 DigitalOcean 上部署 FastAPI DigitalOcean 是云计算和基础设施即服务 (IaaS) 的领先提供商之一。虽然它没有完全免费的套餐,但起步成本相对较低 (约每月 4 美元),并且具有灵活可扩展的系统。以下是在 DigitalOcean 上部署 FastAPI 的详细步骤:

DigitalOcean 怎么部署 Redis 数据库?安全加固配置怎么做?

如何将 AdonisJS 应用和 Redis 部署到 Digital Ocean

简介 1.选择回购 2.设置应用名称和地区 3.设置环境变量 选择计划 如果您还没有 repo,请 fork 并克隆这个 $ gh repo fork https://github.com/vicradon/tic-tac-toe.git 进入全屏模式 退出全屏模式 如果你没有 Github CLI,你可以手动完成。克隆后,全局安装 adonis CLI(Linux 使用 sudo) $npmi -g @adonis/cli 进入全屏模式 退出全屏模式 之后,创建一个 .env 文件 $cp.env.example .env 进入全屏模式 退出全屏模式 最后生成一个 app key $ adonis key:generate 进入全屏模式 退出全屏模式 该密钥将被复制到 .env 文件中。注意它。我们稍后会用到它。部署 Redis 集群 由于我们的应用需要 Redis,所以我们必须单独部署 Redis。步骤 1:导航到数据库页面 导航到新建数据库页面创建 Redis 集群 [ ](https://res.cloudinary.com/practicaldev/image/fetch/s--7cVx7o3e--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to -uploads.s3.amazonaws.com/i/uqhbny2mvh89whcz5ynn.png) 第二步:选择数据中心 选择离大多数用户最近的数据中心。[ ](https://res.cloudinary.com/practicaldev/image/fetch/s--4zosYsSo--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to- uploads.s3.amazonaws.com/i/nsh7j4nf1h8j7br79zl1.png) 步骤 3:选择数据库集群名称 您可以将其保留为默认名称,也可以选择一个新名称。单击 CreateaDatabaseCluster 按钮继续。[ ](https://res.cloudinary.com/practicaldev/image/fetch/s--YGgqCEfR--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to- uploads.s3.amazonaws.com/i/dm6syay2m2rdgy3fqmah.png) 在 Digital Ocean 配置我们的 Redis 集群的同时,我们将部署我们的 Adonis 应用程序。部署阿多尼斯应用程序 第 1 步:选择您的仓库 [ ](https://res.cloudinary.com/practicaldev/image/fetch/s--siwlWx8q--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to -uploads.s3.amazonaws.com/i/foh6tzmq45t1ri327k0y.png) 第 2 步:选择应用名称、区域和分支 正如我们之前所做的那样,选择最接近您的应用名称和区域。您也可以从此处选择您的分支。

FAQ

DigitalOcean 托管 Redis 和自行安装有什么区别?

托管服务自动处理备份、升级和安全补丁,适合生产环境;自行安装灵活性高但需手动维护安全配置。

如何防止 Redis 被公网扫描攻击?

DigitalOcean 怎么部署 Redis 数据库?安全加固配置怎么做?

绑定 localhost,配置防火墙只允许内网 IP,启用强密码,禁用危险命令。

Redis 默认端口是多少?

默认端口是 6379,建议在防火墙中限制该端口的访问来源。