4

There are several issues similar to this one, such as:

Redis is configured to save RDB snapshots, but it is currently not able to persist on disk - Ubuntu Server

MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk. Commands that may modify the data set are disabled

but none of these solves my problem.

The problem is that I am running my redis in docker-compose, and just cannot understand how to fix this at docker-compose startup.

The redis docs say this is the fix:

echo 1 > /proc/sys/vm/overcommit_memory

And this works when Redis is installed outside of docker. But how do I run this command with docker-compose?

I tried the following:

1) adding the command:

services:
  cache:
    image: redis:5-alpine
    command: ["echo", "1", ">", "/proc/sys/vm/overcommit_memory", "&&", "redis-server"]
    ports:
      - ${COMPOSE_CACHE_PORT:-6379}:6379
    volumes:
      - cache:/data

this doesn't work:

 docker-compose up
Recreating constructor_cache_1 ... done
Attaching to constructor_cache_1
cache_1  | 1 > /proc/sys/vm/overcommit_memory && redis-server
constructor_cache_1 exited with code 0

2) Mounting /proc/sys/vm/ directory.

This failed: turns out I cannot mount to /proc/ directory.

3) Overriding the entrypoint:

custom-entrypoint.sh:


#!/bin/sh
set -e

echo 1 > /proc/sys/vm/overcommit_memory


# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
    set -- redis-server "$@"
fi

# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
    find . \! -user redis -exec chown redis '{}' +
    exec su-exec redis "$0" "$@"
fi


exec "$@"

docker-compose.yml:

services:
  cache:
    image: redis:5-alpine
    ports:
      - ${COMPOSE_CACHE_PORT:-6379}:6379
    volumes:
      - cache:/data
      - ./.cache/custom-entrypoint.sh:/usr/local/bin/custom-entrypoint.sh
    entrypoint: /usr/local/bin/custom-entrypoint.sh

This doesn't work too.

How to fix this?

kurtgn
  • 8,140
  • 13
  • 55
  • 91

1 Answers1

-1

TL;DR Your redis is not secure

UPDATE: Use expose instead of ports so the service is only available to linked services

Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified. 

expose
 - 6379

ORIGINAL ANSWER:

long answer:

This is possibly due to an unsecured redis-server instance. The default redis image in a docker container is unsecured.

I was able to connect to redis on my webserver using just redis-cli -h <my-server-ip>

To sort this out, I went through this DigitalOcean article and many others and was able to close the port.

  • You can pick a default redis.conf from here
  • Then update your docker-compose redis section to(update file paths accordingly)
redis:
    restart: unless-stopped
    image: redis:6.0-alpine
    command: redis-server /usr/local/etc/redis/redis.conf
    env_file:
      - app/.env
    volumes:
      - redis:/data
      - ./app/conf/redis.conf:/usr/local/etc/redis/redis.conf
    ports:
      - "6379:6379"

the path to redis.conf in command and volumes should match

  • rebuild redis or all the services as required
  • try to use redis-cli -h <my-server-ip> to verify (it stopped working for me)
itaintme
  • 1,575
  • 8
  • 22
  • And making redis secure by not exposing the port somehow fixes the overcommit_memory error? – Tim Jul 28 '20 at 10:52
  • @Tim this is what worked for me for the same error message. I had also tried the linked questions in the question above and also tried blocking the port from external access using ufw – itaintme Jul 29 '20 at 11:15