Got it, let's tackle both of your Redis username configuration questions step by step—running Redis via Docker with a custom username, and setting it up using environment variables. These are common use cases, especially for containerized deployments, so here's what you need to know:

First, note that Redis usernames are part of the ACL system introduced in Redis 6.0+, so make sure you're using a Redis image version 6.0 or newer. Here are three reliable methods:

Method 1: Directly Pass Configuration Flags in docker run #

You can specify the username and its permissions directly in the docker run command using Redis's built-in CLI flags. For example, to create a user named appuser with full access and a password securepass, plus set a password for the default default user:

docker run -d --name redis-server \
  redis:latest \
  redis-server \
  --requirepass "default-secure-pass" \
  --user "appuser on >securepass ~* +@all"

Let's break down the --user flag syntax:

• appuser: The username
• on: Enables the user
• >securepass: Sets the user's password (the > indicates a hashed password would follow, but plain text works here for simplicity)
• ~*: Allows access to all keys
• +@all: Grants permission to run all commands

Method 2: Use Docker Compose with Command Flags #

If you prefer Docker Compose, add the Redis configuration flags to the command field in your docker-compose.yml:

version: '3.8'
services:
  redis:
    image: redis:latest
    command: >
      redis-server
      --requirepass "default-pass"
      --user "appuser on >apppass ~app:* +@read +@write"
    ports:
      - "6379:6379"
    restart: unless-stopped

This example restricts appuser to only keys matching app:* and gives read/write permissions instead of full access—great for least-privilege setups.

Method 3: Mount a Custom Redis Config File #

For more complex ACL rules, create a redis.conf file with your user definitions:

# Set password for default user
requirepass "default-password"

# Define a custom user with limited permissions
user appuser on >app-password ~app:* +@read +@write
user adminuser on >admin-pass ~* +@all

Then mount this file into your Docker container so Redis uses it on startup:

docker run -d --name redis-server \
  -v /path/to/your/redis.conf:/usr/local/etc/redis/redis.conf \
  redis:latest \
  redis-server /usr/local/etc/redis/redis.conf

The official Redis Docker image doesn't include a built-in environment variable for usernames (unlike REDIS_PASSWORD for the default user), but you can work around this with a couple of approaches:

Method 1: Use a Custom Startup Script #

Create a simple shell script to inject the username/password from environment variables into Redis on startup:

1. Create a start-redis.sh file:

#!/bin/sh
# Start Redis in the background temporarily
redis-server --daemonize yes

# Wait a few seconds for Redis to initialize
sleep 2

# Create the user using environment variables
redis-cli config set user "$REDIS_USER on >$REDIS_PASS ~* +@all"

# Stop the background Redis instance and restart it in the foreground
redis-cli shutdown
redis-server

2. Make the script executable:

chmod +x start-redis.sh

3. Build a custom Docker image with a Dockerfile:

FROM redis:latest
COPY start-redis.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/start-redis.sh
# Set default environment variables (can be overridden at runtime)
ENV REDIS_USER="default-app-user"
ENV REDIS_PASS="default-app-pass"
CMD ["start-redis.sh"]

4. Build and run the image, overriding the environment variables if needed:

docker build -t custom-redis .
docker run -d -e REDIS_USER="my-app-user" -e REDIS_PASS="my-secure-pass" custom-redis

Method 2: Inject Variables via Shell Command #

For a quicker (but less flexible) approach, use sh -c to parse environment variables when starting Redis:

docker run -d \
  -e REDIS_USER="appuser" \
  -e REDIS_PASS="apppass" \
  redis:latest \
  sh -c 'redis-server --user "$REDIS_USER on >$REDIS_PASS ~* +@all"'

This works because the shell will expand the environment variables before passing them to the Redis server command.

Important Notes #

• Always use Redis 6.0+—older versions don't support usernames, only password authentication for the default user.
• For production environments, avoid passing plain-text passwords in command lines or environment variables that might be exposed in process lists. Instead, use Docker Secrets or encrypted environment variable management tools.
• Test your ACL rules thoroughly to ensure users only have the permissions they need.

内容的提问来源于stack exchange，提问作者timbmg