Help Center/ GeminiDB/ GeminiDB Redis API/ Working with GeminiDB Redis API/ Connecting to an Instance/ Connection Information Management/ Binding a Public Gateway Address to or Unbinding a Public Gateway Address from a GeminiDB Redis Instance
Updated on 2026-05-08 GMT+08:00
View PDF
Share

Binding a Public Gateway Address to or Unbinding a Public Gateway Address from a GeminiDB Redis Instance

Scenarios

In public access scenarios, you typically use an EIP to connect to an instance. However, binding an EIP directly to an instance node increases security risks. If security rules are misconfigured or a vulnerability is exploited, an attacker may obtain your access credentials and perform malicious operations on database resources.

To mitigate this risk, you can configure an EIP by binding a public gateway address to your GeminiDB Redis instance. With a NAT gateway, public access is implemented as a one-way DNAT rule on the public NAT gateway, allowing only inbound traffic on the ports you configure to reach the instance's private IP address. This meets your access requirements while limiting exposure and reducing the attack surface.

If public network access is not required later, you can unbind the public gateway at any time.

Prerequisites

A public NAT gateway has been created, and its VPC and subnet match those of the GeminiDB Redis instance. For details about how to create a public NAT gateway, see Buying a Public NAT Gateway.

Usage Notes

  • Your instance must have a load balancer address. If no load balancer address is available, you can submit a service ticket on the console to contact the customer service.
  • If an EIP has been bound to an instance node, you must unbind it before binding a public gateway address.
  • You need to unbind an existing public gateway from the instance before binding a new one.
  • You need to set security groups and enable IP addresses and ports to access the instance. Before accessing a DB instance, request an EIP on the VPC console and add individual IP addresses or an IP address range that will access the DB instance to the security group's inbound rules. For details, see Setting Security Group Rules.
  • You need to estimate required bandwidth and buy an EIP with sufficient bandwidth resources. Client access exceptions caused by poor public network performance will not be included in the SLA.
  • Public access reduces instance security. To achieve a higher transmission rate and security level, you are advised to migrate your applications to the ECS that is in the same region as your GeminiDB Redis instance.
  • After the public gateway is unbound from a GeminiDB Redis instance, the associated EIP is retained. If the EIP is billed on a pay-per-use basis, it will continue to incur charges. To avoid extra charges, release the EIP manually if it is no longer needed.
  • This function is only available to proxy cluster and primary/standby instances with classic storage.

Billing

Procedure

  1. Log in to the GeminiDB console.
  2. On the Instances page, click the target instance name.
  3. On the Basic Information page, click Bind Gateway Address in the Connection Information area.

    Figure 1 Binding a gateway address

  4. In the displayed dialog box, select the public gateway and EIP to be bound, enter a port number, and click OK.

    Figure 2 Gateway address information

    Table 1 Parameter description

    Parameter

    Description

    Public Gateway

    Name of the public NAT gateway.

    If no available gateway addresses are displayed, click View Public Gateway and buy a public NAT gateway.

    EIP

    EIP to be bound. Only EIPs that are not bound to any instance node can be bound.

    If no available EIPs are displayed, click EIPs and create an EIP.

    Port

    Port used to provide services to external systems. You can connect to the instance node using the EIP and this port. The value ranges from 1 to 65535.

  5. After binding the gateway address, check the public gateway, EIP, and port in the Connection Information area on the Basic Information page.

    Figure 3 Public gateway information

  1. Log in to the GeminiDB console.
  2. On the Instances page, click the target instance name.
  3. On the Basic Information page, click Unbind Gateway Address in the Connection Information area.

    Figure 4 Unbinding a gateway address

  4. Check whether the unbound public gateway is displayed in the Connection Information area on the Basic Information page.

    Figure 5 No public gateway

Follow-up Operations

After the public gateway address is bound, you can connect to your instance over a public network by following the instructions provided in Connecting to an Instance by Binding a Public Gateway Address.

Helpful Links

Binding an EIP to or Unbinding an EIP from a GeminiDB Redis Instance Node

Parent Topic: Connection Information Management