From f2ae767f9a8f3722f20a951c2a387abb4e6f78af Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <anders@zulipchat.com>
Date: Wed, 15 Jan 2020 18:16:07 -0500
Subject: [PATCH] Enable Redis authentication.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
---
 README.md          |  2 ++
 docker-compose.yml | 15 ++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index f3f42af..443cad5 100644
--- a/README.md
+++ b/README.md
@@ -151,6 +151,8 @@ production traffic, you need to also set these:
   just for the RabbitMQ container.
 * `MEMCACHED_PASSWORD` and `SECRETS_memcached_password` are similar,
   just for the memcached container.
+* `REDIS_PASSWORD` and `SECRETS_redis_password` are similar, just for
+  the Redis container.
 * `SECRETS_secret_key` should be a long (e.g. 50 characters), random
   string.  This value is important to keep secret and constant over
   time, since it is used to (among other things) sign login cookies
diff --git a/docker-compose.yml b/docker-compose.yml
index 77f521d..c70c077 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,9 +35,17 @@ services:
     volumes:
       - '/opt/docker/zulip/rabbitmq:/var/lib/rabbitmq:rw'
   redis:
-    image: 'quay.io/sameersbn/redis:latest'
+    image: 'redis:alpine'
+    command:
+      - 'sh'
+      - '-euc'
+      - |
+        echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
+        exec redis-server /etc/redis.conf
+    environment:
+      REDIS_PASSWORD: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
     volumes:
-      - '/opt/docker/zulip/redis:/var/lib/redis:rw'
+      - '/opt/docker/zulip/redis:/data:rw'
   zulip:
     image: 'zulip/docker-zulip:2.1.2-0'
     build:
@@ -61,10 +69,11 @@ services:
       SETTING_REDIS_HOST: 'redis'
       SECRETS_email_password: '123456789'
       # These should match RABBITMQ_DEFAULT_PASS, POSTGRES_PASSWORD,
-      # and MEMCACHED_PASSWORD above.
+      # MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
       SECRETS_rabbitmq_password: 'REPLACE_WITH_SECURE_RABBITMQ_PASSWORD'
       SECRETS_postgres_password: 'REPLACE_WITH_SECURE_POSTGRES_PASSWORD'
       SECRETS_memcached_password: 'REPLACE_WITH_SECURE_MEMCACHED_PASSWORD'
+      SECRETS_redis_password: 'REPLACE_WITH_SECURE_REDIS_PASSWORD'
       SECRETS_secret_key: 'REPLACE_WITH_SECURE_SECRET_KEY'
       SETTING_EXTERNAL_HOST: 'localhost.localdomain'
       SETTING_ZULIP_ADMINISTRATOR: 'admin@example.com'