Thoughts on securing your NodeBB installation
-
About two weeks ago, the creator of Redis, antirez, published a blog entry in response to perceived security "faults" in Redis.
From time to time I get security reports about Redis. It’s good to get reports, but it’s odd that what I get is usually about things like Lua sandbox escaping, insecure temporary file creation, and similar issues, in a software which is designed (as we explain in our security page here http://redis.io/topics/security) to be totally insecure if exposed to the outside world.
Click here to see the full blog post
-
Despite using SSH Keys I also recommend to change your SSH Port and to disable direct root login.
-
How to allow access to redis with two ip?
bind (my ip)
bind 127.0.0.1But I still can not access from their computer.
This is necessary, because I use Redis Desktop Manager.
-
@xen The
bind
directive accepts space-separated values.I'd recommend using an SSH tunnel to access Redis from your desktop, while maintaining the
bind
set to127.0.0.1
.@AOKP Good points. Also keep your server up-to-date
-
This post is deleted!
-
@xen
Binding a port through your ssh connection is actually quite simple.
(The following assumes that you are using the OpenSSH client on GNU/Linux)tl;dr:
https://youtu.be/vC7Smc67gPg- Start the SSH client with
ssh user@remotehost.com -L 7000:localhost:6379
So basically like you would normally do, appending-L ...
with the syntax:- local_port:interface_on_remote:remote_port (ssh manpage)
- You should have an interactive session to your remote, prompt and all or whatever your setup resolves into when logging in over SSH. Again, business as usual is expected here.
- Now comes the good part: Since you tunneled your local port
7000
to the remoteslocalhost
interface on (redis-) port6379
, you can create a new connection in Redis Desktop Manager, ignoring the SSH tab in the "New Connection" dialog and simply connecting to localhost:7000.
- Start the SSH client with