Forge and Redis Password

I'm wondering the same thing - anyone have thoughts?

@Awks @Nicholaus No need to worry there.

Forge also sets up the firewall to only accept connections on ports 80 (http), 443 (https) and 22 (ssh). Redis usually uses port 6379 so any connection attempt from the outside to that port will be rejected.

Forge uses UFW (uncomplicated firewall) to set up its rules. You can always run ufw status to see what firewall rules you have.

@kfirba Thanks :)

@kfirba, can you, please, check https://laracasts.com/discuss/channels/forge/laravel-forge-redis ?

Thank you!

I received an email from Digital Ocean concerning a Forge spun VPS. The email highlighted that I may have insecurely configured Redis on that server.

This is from the email:

"We've received a notification from 3rd party security researchers, the Shadowserver Foundation, that your Droplet at 1.1.1.1 is running a Redis instance configured in a way that may be insecure.

This configuration that was reported to us can allow attackers to gain local access to your Droplet, as well as the ability to read, change, or destroy any data hosted in your Redis instance. This issue could result in severe security breaches, and we strongly urge you to take immediate action to secure your Redis instance. We have several resources available to help you secure your server."

I have a ufw firewall rule added through Forge that allows everything on 6379. I believe I needed to do that to setup broadcasting. Would you advise that I limit the scope of the IPs that have access?