Redis app refuses private connections

rugwiro · May 7, 2021, 9:10pm

I have deployed this redis app with little modification(for private networking) and I’m trying to connect to from a go app also running on fly. But it has refused all connection attempts.

the redis app configuration:

# fly.toml file generated for cache on 2021-05-07T21:26:24+02:00

app = "cache"

kill_signal = "SIGINT"
kill_timeout = 5

[[mounts]]
source      = "redis_server"
destination = "/data"

[env]

[experimental]
  auto_rollback = true
  private_network=true

[[services]]
  internal_port = 6379
  protocol      = "tcp"

  [services.concurrency]
    hard_limit = 25
    soft_limit = 20

  [[services.ports]]
    handlers = []
    port     = "10000"

  [[services.tcp_checks]]
    interval = 10000
    timeout  = 2000
``

My app is trying to connects via: `REDIS_URL=redis://:password@cache.internal:6379`

The app logs:

2021-05-07T20:32:44Z [info] time=“2021-05-07T20:32:44Z” level=fatal msg=“main: cannot initialize server err:could not establish redis connection: dial tcp [fdaa:0:1af2:a7b:a9a:0:1ce8:2]:6379: connect: connection refused”
2021-05-07T20:32:44Z [info] Starting clean up.
2021-05-07T20:32:44Z [info] Main child exited normally with code: 1
2021-05-07T20:32:46Z [info] Starting instance
2021-05-07T20:32:46Z [info] Configuring virtual machine
2021-05-07T20:32:46Z [info] Pulling container image
2021-05-07T20:32:47Z [info] Unpacking image
2021-05-07T20:32:47Z [info] Preparing kernel init


Is there something I'm doing wrong?

jerome · May 7, 2021, 9:35pm

Is redis bound to 0.0.0.0 or 127.0.0.1?

rugwiro · May 7, 2021, 9:46pm

It’s bound to 0.0.0.0

kurt · May 7, 2021, 10:00pm

If you’re connecting over wireguard/private network, you need to bind to all IPv6 addresses. 0.0.0.0 is only IPv4. You can try binding to :: to get both.

rugwiro · May 7, 2021, 10:07pm

Should I replace 0.0.0.0 with :: like so:

redis-server --requirepass $REDIS_PASSWORD --bind :: --dir /data/ --appendonly yes

kurt · May 7, 2021, 10:10pm

Yes I think that’ll work. It seems like dropping the --bind arg entirely might work too!

The actual “bind to everything” address varies between server types, so there’s a chance Redis won’t respect :: and it needs something else.

Jens · May 8, 2021, 5:20pm

@kurt not that it’s important but are there any Linux kernel hacks possible to allow apps binding to ipv4 localhost while behind the scenes it’s using your ipv6 network? Just for convenience. I guess many of your users will fall for this trap.

kurt · May 9, 2021, 5:44pm

I wish! We’ve thought about putting an iptables rule or something in but we haven’t found any reliable way to solve this problem.

Topic		Replies	Views
How to connect to redis over private network Questions / Help	10	1803	October 7, 2021
REDIS Public port not connecting Questions / Help	2	432	September 7, 2022
Can't connect to redis app via private network Questions / Help	4	828	June 21, 2022
Cannot connect to redis troubleshooting	2	1534	June 26, 2022
Cant connect redis with my app Questions / Help	6	556	May 4, 2024

Redis app refuses private connections

Related topics