Allow password authentication to be used for redis

[bonesoul]

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands
# requirepass foobared

So we can further improve the security of the redis-server.

[UnicusSum]

Would love to see this one implemented as well.

[Galaxy2004]

you can use nano /etc/redis/6379.conf and bind address 127.0.0.1 a simple solution.

[sysmanalex]

sorry to say - but 127.0.0.1 is stupid, limited to single box spike, not a solution :-( :boom: We running multi-node pool over 6 servers. Power of Redis is network distribution storage with replications slave-master - localhost is cave for redis. @raistlinthewiz @UnicusSum - Ok, will do this patch to master tree. I'm already using it in own fork.

[Galaxy2004]

Good idea hıııh :)

[UnicusSum]

@sysmanalex any progress?

[mapleshadow]

Good idea

[sysmanalex]

@UnicusSum : sorry was too busy. We are using own fork, I doesn't have time to port it to main tree. Just submit changes.

Note: Be aware, redis password is not protection, because of the high performance nature of redis, it is still possible to perform brute-force attack, trying a lot of passwords in very short time.

[mooleshacat]

I would ultimately like to see Redis removed and a real database like MySQL/MariaDB/Etc. be used to take the data out of the RAM and put it on disk with the most frequently used data in memory, obviously managed by the database.

I was going to do it myself, then I got lazy and decided to wait for Pexa pool software to be released.

However until then I could be pacified with a password for redis

For now I use UFW to block the port but allow a certain IP to access it.

ufw deny 6379 ufw allow from 128.123.8.125

Note: if you have a firewall/router outside your PC you need to allow the port through still on the other firewalls - or whitelist all connections from the specific IP address.