6.17 Installing and Configuring Redis

Banner

Redis (Remote Dictionary Server) is a powerful key-value database management system that has gained widespread adoption among developers due to its high performance and versatility. This technology serves not just as a data store but also as an effective tool for caching, message queues, and implementing complex data structures in real-time.

The uniqueness of Redis lies in its ability to store various data types — from simple strings to complex structures such as lists, sets, hash tables, and others. Thanks to in-memory operations support and the ability to persist data to disk, Redis provides unmatched data processing speed while maintaining reliability.

Important: before installing Redis, make sure Your system meets the minimum system requirements and has current system updates.

It is important to have root access level. The setup can be implemented on our virtual and dedicated server services.

System Preparation

System Update

For Debian/Ubuntu:
  1. sudo apt update
  2. sudo apt upgrade -y
For CentOS/AlmaLinux/RockyLinux:
  1. sudo dnf update -y

Installing Redis

Debian/Ubuntu:
  1. # Download and add the Redis repository key
  2. curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
  3. # Add Redis repository to APT sources list
  4. echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
  5. # Install Redis
  6. sudo apt install redis -y
CentOS/AlmaLinux/RockyLinux:
  1. sudo dnf install -y epel-release
  2. sudo dnf install -y redis

Basic Redis Configuration

  1. Editing the configuration file:
  1. sudo nano /etc/redis/redis.conf
  1. Key security settings:
# Limiting listening to local access only
bind 127.0.0.1 ::1

# Setting a strong password
requirepass StrongRedisPassword2024!

# Memory usage limitations
maxmemory 2gb
maxmemory-policy allkeys-lru

# Disabling commands that could be used for potential abuse
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command CONFIG ""
rename-command SHUTDOWN ""
rename-command DEBUG ""
  1. Save and restart the service:
  1. sudo systemctl restart redis-server
  1. Enable service autostart:
  1. sudo systemctl enable redis
  1. Check if autostart is active:
  1. systemctl is-enabled redis

If the command returns enabled, it means autostart is enabled.

The result might be alias, which means the redis service is running through a symbolic link (alias) to another service. This usually happens if Redis in Your system is configured as an “alias” to another service, for example, redis-server.

Firewall Configuration

Information: for convenience when entering multiple sequential commands, You will be provided with an example using Heredoc. Let’s look at what this is.

Heredoc (shortened from “here document”) is a convenient mechanism in bash scripting that allows passing multiline text or command sequences directly to a command or interpreter. The heredoc syntax uses << operators with an arbitrary delimiter (most commonly EOF), creating a unique way to group and execute commands.

The heredoc mechanism works as follows:

  • The bash interpreter creates a temporary text stream.
  • All commands between the <<EOF and EOF markers are executed sequentially.
  • Allows grouping complex command sequences without creating temporary files.
  • Provides controlled data transfer between commands.

The main advantage is the ability to execute a block of commands with elevated privileges (via sudo) without the need to create a separate script.

Configuring iptables:
  1. sudo bash << EOF
  2. # Complete iptables configuration for Redis
  3. iptables -F
  4. iptables -X
  5. # Basic policies
  6. iptables -P INPUT DROP
  7. iptables -P FORWARD DROP
  8. iptables -P OUTPUT ACCEPT
  9. # Allow local connections
  10. iptables -A INPUT -i lo -j ACCEPT
  11. # Allow established connections
  12. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  13. # Allow SSH
  14. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  15. # Allow Redis from local network
  16. iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 6379 -j ACCEPT
  17. # Close Redis port for external connections
  18. iptables -A INPUT -p tcp --dport 6379 -j LOG --log-prefix "Redis Connection Attempt: "
  19. iptables -A INPUT -p tcp --dport 6379 -j DROP
  20. EOF

Save the rules:

  1. sudo apt install -y iptables-persistent
  2. netfilter-persistent save

When saving rules, You will be asked for confirmation. You need to press Yes. Rules

Configuring firewalld:
  1. sudo bash << EOF
  2. # Install and configure firewalld
  3. dnf install -y firewalld
  4. # Start and enable the service
  5. systemctl enable firewalld
  6. systemctl start firewalld
  7. # Add rules for Redis
  8. firewall-cmd --permanent --add-port=6379/tcp
  9. firewall-cmd --permanent --add-rich-rule='
  10. rule family="ipv4"
  11. source address="192.168.0.0/24"
  12. port protocol="tcp" port="6379"
  13. accept'
  14. # Apply changes
  15. firewall-cmd --reload
  16. EOF
Configuring UFW:
  1. sudo bash << EOF
  2. # Install and basic UFW configuration
  3. apt install -y ufw
  4. # Basic policies
  5. ufw default deny incoming
  6. ufw default allow outgoing
  7. # Allow SSH
  8. ufw allow ssh
  9. # Allow Redis from local network
  10. ufw allow from 192.168.0.0/24 to any port 6379
  11. # Enable UFW
  12. ufw enable
  13. EOF

Checking Redis Service Status

1. Checking Redis system service status.

To find out if the Redis service is running, execute the command:

  1. sudo systemctl status redis

You will see information about the service status, including activity and possible errors.

Status

2. Checking Redis through redis-cli.

For a quick check if Redis is responding:

  1. redis-cli ping

The response should be PONG, indicating correct operation.

Pong

3. Checking if the service is listening on port 6379 (default port).

Use netstat or ss to check if Redis is listening on the required port:

  1. sudo netstat -lnp | grep 6379

Netstat

Or using ss:

  1. sudo ss -lnp | grep 6379

If the port is being listened to, this confirms that Redis is working.

Port listening

4. Additional Redis configuration check.

To find out active Redis parameters, connect to it using the client:

  1. redis-cli

And enter the command:

  1. CONFIG GET *

This will show all configuration parameters, including port, operation mode, and other settings. Конфиг