Does redis:latest (3.2.3) start in protected mode? Does passing --protected-mode no work?

[paulvi]

There is SO question http://stackoverflow.com/questions/39424559/check-connect-to-redis-running-within-docker-from-javaspring-boot-or-node-js

I expected that docker run -p 6379:6379 redis would give ready to use redis instance.

If it is decided not to keep protected mode, README here should have tips how to disable it.

[paulvi]

Possibly this was resolved in #58 #59 with docker run redis --protected-mode no

but I have just tried docker run -p 6379:6379 redis --protected-mode no, and still can't connect

$ docker run -p 6379:6379 redis --protected-mode no
                _._
           _.-``__ ''-._
      _.-``    `.  `_.  ''-._           Redis 3.2.3 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 1
  `-._    `-._  `-./  _.-'    _.-'
 |`-._`-._    `-.__.-'    _.-'_.-'|
 |    `-._`-._        _.-'_.-'    |           http://redis.io
  `-._    `-._`-.__.-'_.-'    _.-'
 |`-._`-._    `-.__.-'    _.-'_.-'|
 |    `-._`-._        _.-'_.-'    |
  `-._    `-._`-.__.-'_.-'    _.-'
      `-._    `-.__.-'    _.-'
          `-._        _.-'
              `-.__.-'

1:M 11 Sep 04:12:52.511 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 11 Sep 04:12:52.512 # Server started, Redis version 3.2.3
1:M 11 Sep 04:12:52.512 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
1:M 11 Sep 04:12:52.512 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
1:M 11 Sep 04:12:52.512 * The server is now ready to accept connections on port 6379

with node_redis

Error Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED

on Windows 10 PC and docker

                        ##         .
                  ## ## ##        ==
               ## ## ## ## ##    ===
           /"""""""""""""""""\___/ ===
      ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
           \______ o           __/
             \    \         __/
              \____\_______/

docker is configured to use the default machine with IP 192.168.99.100
For help getting started, check out the docs at https://docs.docker.com

Start interactive shell

Paul@aspire MINGW64 ~
$ docker info
Containers: 4
 Running: 1
 Paused: 0
 Stopped: 3
Images: 3
Server Version: 1.12.1
Storage Driver: aufs
 Root Dir: /mnt/sda1/var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 23
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: null host bridge overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 4.4.17-boot2docker
Operating System: Boot2Docker 1.12.1 (TCL 7.2); HEAD : ef7d0b4 - Thu Aug 18 21:18:06 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 995.9 MiB
Name: default
ID: ZB6X:7Q5M:TYY3:27ZR:HIFU:DLHX:FNAF:ZM7W:WLEP:6UKV:725Q:RICO
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 19
 Goroutines: 36
 System Time: 2016-09-11T04:18:26.593172649Z
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
 provider=virtualbox
Insecure Registries:
 127.0.0.0/8

[yosifkit]

We actually patch the redis source to not have protected mode by default: https://github.com/docker-library/redis/blob/ec0cb4dab9ed6e60cc0863cd3477a013fb4c0596/3.2/Dockerfile#L45-L51.

I see one major problem in your node connection to redis: 127.0.0.1. If you are running node on your Windows host, then it needs to connect to 192.168.99.100 (the IP of the docker VM). If you are running node in another docker container then it needs to connect to the other container's IP (or name if you are using a docker network or docker-compose which creates a network for you.)

[paulvi]

From my knowledge specifying 192.168.. IP is required for Mac, not for Windows.

I have tried again and got the same

Error Error: Redis connection to 192.168.99.100:6389 failed - connect ECONNREFUSED

var redis = require("redis"),
    //client = redis.createClient();
    //client = redis.createClient(6389, '127.0.0.1');
    client = redis.createClient(6379, '192.168.99.100');

// if you'd like to select database 3, instead of 0 (default), call
// client.select(3, function() { /* ... */ });

client.on("error", function (err) {
    console.log("Error " + err);
});

client.set("string key", "string val", redis.print);
client.hset("hash key", "hashtest 1", "some value", redis.print);
client.hset(["hash key", "hashtest 2", "some other value"], redis.print);
client.hkeys("hash key", function (err, replies) {
    console.log(replies.length + " replies:");
    replies.forEach(function (reply, i) {
        console.log("    " + i + ": " + reply);
    });
    client.quit();
});

Now I have time to continue with this issue. I was looking for a way to get redis local service and docker run -p 6379:6379 redis looked awesome. You says :latest should be already patched, so --protected-mode no is not needed.
What is the issue then?

P.S. The was wrong port, 192.168.99.100:6379 did worked on Windows 10.

[paulvi]

Initial questions are answered.