6.17 Installing and Configuring Redis
Redis (Remote Dictionary Server) is a powerful key-value database management system that has gained widespread adoption among developers due to its high performance and versatility. This technology serves not just as a data store but also as an effective tool for caching, message queues, and implementing complex data structures in real-time.
The uniqueness of Redis lies in its ability to store various data types — from simple strings to complex structures such as lists, sets, hash tables, and others. Thanks to in-memory operations support and the ability to persist data to disk, Redis provides unmatched data processing speed while maintaining reliability.
Important: before installing Redis, make sure Your system meets the minimum system requirements and has current system updates.
It is important to have root
access level. The setup can be implemented on our virtual and dedicated server services.
System Preparation
System Update
For Debian/Ubuntu:
- sudo apt update
- sudo apt upgrade -y
For CentOS/AlmaLinux/RockyLinux:
- sudo dnf update -y
Installing Redis
Debian/Ubuntu:
- # Download and add the Redis repository key
- curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
-
- # Add Redis repository to APT sources list
- echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
-
- # Install Redis
- sudo apt install redis -y
CentOS/AlmaLinux/RockyLinux:
- sudo dnf install -y epel-release
- sudo dnf install -y redis
Basic Redis Configuration
- Editing the configuration file:
- sudo nano /etc/redis/redis.conf
- Key security settings:
# Limiting listening to local access only
bind 127.0.0.1 ::1
# Setting a strong password
requirepass StrongRedisPassword2024!
# Memory usage limitations
maxmemory 2gb
maxmemory-policy allkeys-lru
# Disabling commands that could be used for potential abuse
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command CONFIG ""
rename-command SHUTDOWN ""
rename-command DEBUG ""
- Save and restart the service:
- sudo systemctl restart redis-server
- Enable service autostart:
- sudo systemctl enable redis
- Check if autostart is active:
- systemctl is-enabled redis
If the command returns enabled
, it means autostart is enabled.
The result might be alias
, which means the redis service is running through a symbolic link (alias) to another service. This usually happens if Redis in Your system is configured as an “alias” to another service, for example, redis-server
.
Firewall Configuration
Information: for convenience when entering multiple sequential commands, You will be provided with an example using Heredoc. Let’s look at what this is.
Heredoc (shortened from “here document”) is a convenient mechanism in bash scripting that allows passing multiline text or command sequences directly to a command or interpreter. The heredoc syntax uses <<
operators with an arbitrary delimiter (most commonly EOF
), creating a unique way to group and execute commands.
The heredoc mechanism works as follows:
- The bash interpreter creates a temporary text stream.
- All commands between the
<<EOF
andEOF
markers are executed sequentially. - Allows grouping complex command sequences without creating temporary files.
- Provides controlled data transfer between commands.
The main advantage is the ability to execute a block of commands with elevated privileges (via sudo
) without the need to create a separate script.
Configuring iptables:
- sudo bash << EOF
- # Complete iptables configuration for Redis
- iptables -F
- iptables -X
-
- # Basic policies
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- iptables -P OUTPUT ACCEPT
-
- # Allow local connections
- iptables -A INPUT -i lo -j ACCEPT
-
- # Allow established connections
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-
- # Allow SSH
- iptables -A INPUT -p tcp --dport 22 -j ACCEPT
-
- # Allow Redis from local network
- iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 6379 -j ACCEPT
-
- # Close Redis port for external connections
- iptables -A INPUT -p tcp --dport 6379 -j LOG --log-prefix "Redis Connection Attempt: "
- iptables -A INPUT -p tcp --dport 6379 -j DROP
- EOF
Save the rules:
- sudo apt install -y iptables-persistent
- netfilter-persistent save
When saving rules, You will be asked for confirmation. You need to press Yes
.
Configuring firewalld:
- sudo bash << EOF
- # Install and configure firewalld
- dnf install -y firewalld
-
- # Start and enable the service
- systemctl enable firewalld
- systemctl start firewalld
-
- # Add rules for Redis
- firewall-cmd --permanent --add-port=6379/tcp
- firewall-cmd --permanent --add-rich-rule='
- rule family="ipv4"
- source address="192.168.0.0/24"
- port protocol="tcp" port="6379"
- accept'
-
- # Apply changes
- firewall-cmd --reload
- EOF
Configuring UFW:
- sudo bash << EOF
- # Install and basic UFW configuration
- apt install -y ufw
-
- # Basic policies
- ufw default deny incoming
- ufw default allow outgoing
-
- # Allow SSH
- ufw allow ssh
-
- # Allow Redis from local network
- ufw allow from 192.168.0.0/24 to any port 6379
-
- # Enable UFW
- ufw enable
- EOF
Checking Redis Service Status
1. Checking Redis system service status.
To find out if the Redis service is running, execute the command:
- sudo systemctl status redis
You will see information about the service status, including activity and possible errors.
2. Checking Redis through redis-cli
.
For a quick check if Redis is responding:
- redis-cli ping
The response should be PONG
, indicating correct operation.
3. Checking if the service is listening on port 6379 (default port).
Use netstat
or ss
to check if Redis is listening on the required port:
- sudo netstat -lnp | grep 6379
Or using ss
:
- sudo ss -lnp | grep 6379
If the port is being listened to, this confirms that Redis is working.
4. Additional Redis configuration check.
To find out active Redis parameters, connect to it using the client:
- redis-cli
And enter the command:
- CONFIG GET *
This will show all configuration parameters, including port, operation mode, and other settings.