Redis protected mode Error

문제

Jul 11 20:25:59 ip-172-31-44-203 web[526050]: 2024-07-11T20:25:59.368Z ERROR 526050 --- [nio-8080-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: org.springframework.data.redis.RedisConnectionFailureException: Unable to connect to Redis
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$ExceptionTranslatingConnectionProvider.translateException(LettuceConnectionFactory.java:1847) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$ExceptionTranslatingConnectionProvider.getConnection(LettuceConnectionFactory.java:1778) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$SharedConnection.getNativeConnection(LettuceConnectionFactory.java:1580) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$SharedConnection.lambda$getConnection$0(LettuceConnectionFactory.java:1560) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory.doInLock(LettuceConnectionFactory.java:1521) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$SharedConnection.getConnection(LettuceConnectionFactory.java:1557) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory.getSharedConnection(LettuceConnectionFactory.java:1243) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory.getConnection(LettuceConnectionFactory.java:1049) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.core.RedisConnectionUtils.fetchConnection(RedisConnectionUtils.java:195) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.core.RedisConnectionUtils.doGetConnection(RedisConnectionUtils.java:144) ~[spring-data-redis-3.3.1.jar!/:3.3.1]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at org.springframework.data.redis.core.RedisConnectionUtils.getConnection(RedisConnectionUtils.java:105) ~[spring-data-redis-3.3.1.jar!/:3.3.1]

Jul 11 20:25:59 ip-172-31-44-203 web[526050]: Caused by: io.lettuce.core.RedisConnectionException: DENIED Redis is running in protected mode because protected mode is enabled and no password is set for the default user. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Set up an authentication password for the default user. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.lettuce.core.protocol.CommandHandler.onProtectedMode(CommandHandler.java:883) ~[lettuce-core-6.3.2.RELEASE.jar!/:6.3.2.RELEASE/8941aea]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:670) ~[lettuce-core-6.3.2.RELEASE.jar!/:6.3.2.RELEASE/8941aea]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.lettuce.core.protocol.CommandHandler.channelRead(CommandHandler.java:597) ~[lettuce-core-6.3.2.RELEASE.jar!/:6.3.2.RELEASE/8941aea]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1407) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:918) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[netty-transport-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:994) ~[netty-common-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.111.Final.jar!/:4.1.111.Final]
Jul 11 20:25:59 ip-172-31-44-203 web[526050]: #011... 1 common frames omitted

redirect-uri 변경 후 발생한 에러, DB에는 user가 저장이 되지만 refresh token을 발급하는 도중 에러가 발생했다.

 

문제의 에러 부분

Jul 11 20:25:59 ip-172-31-44203 web[526050]: Caused by: io.lettuce.core.RedisConnectionException:

DENIED Redis is running in protected mode because protected mode is enabled and no password is set for the default user. 
In this mode connections are only accepted from the loopback interface. 
If you want to connect from external computers to Redis you may adopt one of the following solutions: 
1) Just disable protected mode sending the command 
'CONFIG SET protectedmode no' from the loopback interface by connecting to Redis from the same host the server is running,however MAKE SURE Redis is not publicly accessible from internet if you do so. 

Use CONFIG REWRITE to make this change permanent. 
2) Alternatively you can just disable the protected mode by editing the Redis configuration file, 
and setting the protected mode option to 'no', and then restarting the server. 
3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 
4) Set up an authentication password for the default user. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.

---

원인

Redis의 연결 문제에서 에러가 발생했다. 하지만 빌드 과정 중에는 연결할 때 에러가 발생하지 않아 원인을 찾아보고 로그를 분석해 보니

Redis가 현재 protected mode 이기 때문에 접근이 제한되어있었다.

 

* Redis의 protected-mode?

1. 외부 접근 차단:Redis 서버가 외부 네트워크에서 접근할 수 없도록 설정됩니다.이는 Redis가 로컬 환경에서만 접근 가능한 상태로 설정된다는 의미
2. 허용된 IP 주소에서만 접근 가능:bind 옵션을 사용하여 허용된 IP 주소를 명시적으로 설정해야 합니다.예를 들어, 로컬 호스트(127.0.0.1)나 내부 네트워크 IP 주소를 설정
3. 비밀번호 미설정 시:비밀번호가 설정되어 있지 않으면 Redis 서버는 외부 접근을 완전히 차단합니다.이는 비밀번호가 없는 상태에서 보안을 강화하기 위한 조치
4. 비밀번호 설정 시:비밀번호가 설정된 경우라도 protected-mode가 활성화되어 있으면 기본적으로 외부 접근이 제한됩니다.비밀번호를 사용하여 인증을 시도할 수 있지만, 여전히 허용된 IP 주소에서만 접근이 가능

---

해결

 

Redis가 설치된 ec2에 접속해 redis.conf 파일에서 비밀번호를 설정해주었다.

ps aux | grep redis
kill 번호

를 사용하여 종료 후 재부팅