-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Securing Redis
Sammy Libre edited this page Jul 27, 2016
·
4 revisions
I didn't test it properly, so better test it and verify then regret
If you have several mining nodes, all these nodes must talk to a single redis instance. Redis has no built-in security and password authentication is easy bruteforceable. I recommend using stunnel and firewall IP restriction to properly secure it, otherwise attacker can gain access to your database.
CAfile = /etc/stunnel/private.pem
cert = /etc/stunnel/private.pem
pid = /var/run/stunnel4/redis.pid
output = /var/log/stunnel4/stunnel.log
verify = 3
client = no
sslVersion = TLSv1
[redis]
accept = ext-ip:ext-port
connect = 127.0.0.1:6379
cert = /etc/stunnel/private.pem
pid = /var/run/stunnel4/redis-client.pid
output = /var/log/stunnel4/stunnel.log
client = yes
[redis-client]
connect = ext-ip:ext-port
accept = 127.0.0.1:6379
"redis": {
"endpoint": "127.0.0.1:6379",
"poolSize": 10,
"database": 0,
"password": ""
},
This way your redis server is remote and central point for all of your mining nodes, but your pool node on remote node will connect to local stunnel socket. Add password and restrict access to server with firewall for additional safety.