Guide for letting memcached only listen on localhost
Are you concerned about the security while using memcached on your server with Railgun? There is a solution by letting memcached only listen on localhost i.e. 127.0.0.1 IP. Doing so, remote access is not possible with the memcached setup on your server. This will make your system one step ahead to security. This can be done with few numbers of steps.
Requirements
- Root/Sudo Access to the Server
Procedure
- Log in to the server using root user or sudo user.
- Check the default port to which memcached is listening
cat /etc/sysconfig/memcached
In our case, it is listening to 11211 Port - Check on what interfaces memcached is available.
netstat -utanp | grep memcache
or check using Port 11211 from memcached config
netstat -an | grep ":11211"
With default config, it must be listening to all the local as well as remote connections. - Restrict memcached to listen on localhost only i.e. 127.0.0.1 IP by editing Memcached config located at /etc/sysconfig/memcached
Edit the config file and change the last line with the OPTIONS variable to the following and save it
OPTIONS="-l 127.0.0.1"
- Restart Memcached
service memcached restart
- Restart Railgun if you are using it
service railgun restart
- Now, check on what interfaces memcached is available. You’ll notice it only listens on localhost (127.0.0.1).
netstat -utanp | grep memcache
or check using Port 11211 from memcached config
netstat -an | grep ":11211"
With this, we have restricted memcached to listen on localhost.