Add port to expose redis server on docker-compose

Feature Request
,
#1

Hi,
The default redis installation on docker do not expose redis server that allows an external connection like with RedisInsight or Dbeaver.
Declaring the port in docker-compose.yml make the trick.

ports:
      - '6379:6379'

Final redis on docker-compose.yml

redis:
    image: 'redis:alpine'
    hostname: 'redis'
    restart: 'always'
    ports:
      - '6379:6379'
    volumes:
      - 'redis-volume:/data'

From this:
image

To this:
image

How to connect to Redis from 3rd party client?
#2

A previous feature request of mine caused docker-compose files to no longer (unnecessarily) publish ports due to security reasons.

To aid your feature request, I suggest to have a field in the project settings to allow defining a port or host:port combination to publish a service.

Meanwhile, I believe those changes (the ports property you added) might not be overwritten by Wappler, so you wouldn’t have to worry about Wappler breaking that - I recommend checking if this is true, by saving target settings in order to re-generate the docker-compose file

#3

But I guess that in development target publishing the ports do not interfere in some kind of security.

Right now I can live with manual configuration because I’m working in a redis extension and I want to check the data store in redis, I’m using RedisInsight and the only option that allow to connect with docker redis is to set ports in docker-compose. By the way, saving taget setting re-generate docker-compose removing any custom changes.

In stag and prod target the Redis Connection in Server Connect Setttings I’m using this:
image
Of course in enviroment tab is declare the REDIS_URL.

But at same time I’m not using docker in stag or prod, so I’m really don’t know how this could affect to docker in stag or prod.

Please, can you tell me what was the security reason in previous feature request that affect this now?

I’m thinking in migrate projects to docker using portainer, so, would be great to know any possible security concern.

Thank in advance @Apple

#4

Correct. I still recommend to bind to 127.0.0.1 for precaution (in case you have rogue computers on your local network; other computers don’t need to access your Redis)

The security concerns on remote servers are:

  1. Lack of transport encryption by default - Consequence: vulnerable to MITM attack between your computer and your server. Better to bind to 127.0.0.1 and use SSH tunneling to access it
  2. Lack of password authentication (if binded to 127.0.0.1 it’s not necessary)
#5