Question posted in 
I run redis image with docker-compose
I passed redis.conf (and redis says "configuration loaded")
In redis.conf i added user
user pytest ><password> ~pytest/* on @set @get
And yet I can communicate with redis as anonymous
even with uncommented string
requirepass <password>
Redis docs about topics: Security and ACL do not answer how to restrict access to everyone. Probably I do not understand something fundamentally.
my docker-compose.yaml:
version: '3'
services:
redis:
image: redis:latest
ports:
- 6379:6379
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 6000s
timeout: 30s
retries: 50
restart: always
volumes:
- redis-db:/data
- redis.conf:/usr/local/etc/redis/redis.conf
command: ["redis-server", "/usr/local/etc/redis/redis.conf" ]
volumes:
redis-db:
redis.conf:
2
Answers
Because there’s a default user, and you didn’t disable it. If you want to totally disable anonymous access, you should add the following to your redis.conf:
Secondly, the configuration for user ‘pytest’ is incorrect. If you want to only allow user ‘pytest’ to have
setandgetcommand on the given key pattern, you should configure it as follows:You also need to ensure that the docker-compose is using your config file.
Assuming you have the
redis.confin the same directory as yourdocker-compose.ymlthe ‘volumes’ section in the service declaration would be.and also remove the named volume declaration in the bottom
The users would be able to connect to Redis but without AUTH they can’t perform any action if you enable
The right way to restrict GET, SET operations on the keys pytest/* would be