Open in app

Sign in

Write

Sign in

GitLab with Password to Redis

Vito Leung
2 min readSep 25, 2020

In the name of security… put a password on it!

If you are like me who set up GitLab just to get it working without setting up a password on the Redis end, here are the 4 easy steps to resolve the tech debt.

1.redis.config

Get the Redis config file

Get a Redis config file if you don’t have one; by default you didn’t need one. Stroll over to the Redis repo on GitHub and pick the version you are running from the drop down box. If you are using 5.0, then you will get to this config file. Copy the raw version as you will be using it.

Edit the Redis config file

  1. This is where you uncomment and put in the password
# requirepass foobared

2. Comment this out if you want outside servers accessing this Redis service.

bind 127.0.0.1

3. This is recommended but not mandatory. There’s a bunch of commands which can be vicious to Redis should a hacker get onto the box. Uncomment and add your own commands.

# rename-command CONFIG ""

I block these commands:

rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command DEBUG ""
rename-command CONFIG ""
rename-command SHUTDOWN ""

2. Docker-compose

Updated the docker-compose file for Redis as follow where

  • the redis.config is mounted from the outside into the docker container under /etc/redis/redis.config
  • add the command line to tell Redis to start using this particular conf file
version: '3.5'
services:
  redis:
    image: harbor.com/redis/redis:5.0.5
    volumes:
      - './config/redis.config:/etc/redis/redis.conf'
    command: redis-server /etc/redis/redis.conf

3. GitLab config

Update your gitlab.rb redis section with your custom values.

#### Redis TCP connection
gitlab_rails['redis_host'] = 'redis.hostname.com'
gitlab_rails['redis_port'] = 6379
#gitlab_rails['redis_ssl'] = true
gitlab_rails['redis_password'] = '<password you set on requirepass>'
# gitlab_rails['redis_database'] = 0
# gitlab_rails['redis_enable_client'] = true

4. Restart

  1. restart the redis server
  2. restart the Gitlab server

5. Troubleshooting

  • works without password
root@gitlab-redis:/data# redis-cli -h 127.0.0.1 -p 6379
127.0.0.1:6379> ping
PONG
127.0.0.1:6379>
  • works with password
root@gitlab-redis:/data# redis-cli -h 127.0.0.1 -p 6379 -a AuWey39PC6WT3VS5ZyhJHsj7eGzrpjES
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
127.0.0.1:6379> ping
PONG
127.0.0.1:6379>
Redis
Gitlab

--

--

Vito Leung

Written by Vito Leung

2 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams