fix: don't use ACLs by default, set redis password for optimized ACLs config, fixes #43 (#44)

Author: stasadev

README.md

@@ -37,10 +37,16 @@ Redis is available inside Docker containers with `redis:6379`.
 
 ## Redis Credentials
 
-| Field    | Value                 |
-|----------|-----------------------|
-| Username | `redis`               |
-| Password | `` (empty by default) |
+By default, no authentication is required.
+
+If you have the optimized config enabled (`ddev dotenv set .ddev/.env.redis --redis-optimized=true`), the credentials are:
+
+| Field    | Value   |
+|----------|---------|
+| Username | `redis` |
+| Password | `redis` |
+
+For more information about ACLs, see the [Redis documentation](https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/).
 
 ## Advanced Customization
 
@@ -49,6 +55,11 @@ To apply an optimized configuration from `ddev/ddev-redis-7`:
 ```bash
 ddev dotenv set .ddev/.env.redis --redis-optimized=true
 ddev add-on get ddev/ddev-redis
+
+# (optional) if you have an existing Redis volume, delete it to avoid problems with Redis:
+ddev stop
+docker volume rm ddev-$(ddev status -j | docker run -i --rm ddev/ddev-utilities jq -r '.raw.name')_redis
+
 ddev restart
 ```
 
@@ -59,6 +70,11 @@ To change the used Docker image:
 ```bash
 ddev dotenv set .ddev/.env.redis --redis-docker-image=redis:7
 ddev add-on get ddev/ddev-redis
+
+# (optional) if you have an existing Redis volume, delete it to avoid problems with Redis:
+ddev stop
+docker volume rm ddev-$(ddev status -j | docker run -i --rm ddev/ddev-utilities jq -r '.raw.name')_redis
+
 ddev restart
 ```
 

commands/redis/redis-cli

@@ -6,5 +6,8 @@
 ## Example: "ddev redis-cli KEYS *" or "ddev redis-cli INFO" or "ddev redis-cli --version"
 ## Aliases: redis
 
-redis-cli -p 6379 -h redis -a "" --no-auth-warning "$@"
-
+if [ -f /etc/redis/conf/security.conf ]; then
+  redis-cli -p 6379 -h redis -a redis --no-auth-warning $@
+else
+  redis-cli -p 6379 -h redis $@
+fi

commands/redis/redis-flush

@@ -5,4 +5,8 @@
 ## Usage: redis-flush
 ## Example: "ddev redis-flush"
 
-redis-cli -a "" --no-auth-warning FLUSHALL ASYNC
+if [ -f /etc/redis/conf/security.conf ]; then
+  redis-cli -p 6379 -h redis -a redis --no-auth-warning FLUSHALL ASYNC
+else
+  redis-cli -p 6379 -h redis FLUSHALL ASYNC
+fi

redis/redis.conf

@@ -11,8 +11,3 @@ maxmemory-policy allkeys-lfu
 # and uncomment the two lines below:
 #appendonly no
 #save ""
-
-# user config ending with "on >" means empty password
-# user config ending with "on >redis" means "redis" password
-user default ~* &* +@all on >
-user redis ~* &* +@all on >

redis/security.conf

@@ -9,7 +9,6 @@
 # can be easily a long string from /dev/urandom or whatever, so by using a
 # long and unguessable password no brute force attack will be possible.
 
-# user config ending with "on >" means empty password
 # user config ending with "on >redis" means "redis" password
-user default ~* &* +@all on >
-user redis ~* &* +@all on >
+user default ~* &* +@all on >redis
+user redis ~* &* +@all on >redis