IV. Install Redis
Redis is an open-source in-memory data structure store. It can serve as a database cache and message broker and works well with web applications.
1. Setup Repository
We should setup repository for Redis because the default Redis version from ubuntu is very old. We should update it, so we can use the latest Redis version.
Beginning with version 6, Redis maintains multi-user security through an Access Control List (ACL). So in this guide, we going to use latest Redis 6 or higher.
Prerequest Install
apt install software-properties-common
a. Add Redis Repository
add-apt-repository ppa:redislabs/redis
b. Update Packages
apt update
2. Install Redis
a. Installing
apt install redis-server -y
b. Check Version
redis-cli --version
redis-cli 7.2.1
It is good if your redis is higher than version 6.
3. Enable and Run Redis
a. Change to use Systemd
Edit the redis.conf.
nano /etc/redis/redis.conf
Change the value of the supervised directive to systemd
# ---
supervised systemd
# ---
Then save it by press ctrl+x then press y and enter.
b. Allow Remote Connection
Edit the redis.conf.
nano /etc/redis/redis.conf
Change the value of the bind 127.0.0.1 -::1
# ---
bind 0.0.0.0 -::1
# ---
Then save it by press ctrl+x then press y and enter.
c. Restart Redis
systemctl restart redis.service
If you found it error redis.service not found, try to restart on different way
systemctl restart redis-server
d. Enter the interactive Redis CLI.
redis-cli
try to ping
PING
If Redis is running, it returns a PONG as a reply.
PONG
Now exit from CLI
exit
4. Secure Redis
a. Create Default Password
Default new installed redis, is no using password, so we should protect our redis by set the default password.
Change the requirepass variable in the redis.conf file to set the default password.
nano /etc/redis/redis.conf
Try searching requirepass foobared, then replace it with yourpassword
# ---
requirepass yourpassword
# ---
Restart Redis to force the changes to take effect.
systemctl restart redis.service
If you found it error redis.service not found, try to restart on different way
systemctl restart redis-server
b. Try using ACL
ACL feature is available since Redis 6.
Try to test ACL, let's enter the CLI
redis-cli
Try typing
ACL LIST
If you see,
127.0.0.1:6379> (error) ERR unknown command 'ACL'
Then it means you are using older than Redis 6.
You have to upgrade your Redis to 6 or higher. You can not continue, if stopped at here.
If you see,
1) "user default on nopass sanitize-payload ~* &* +@all"
Then it means you didn't set a default password for redis.
If you already set the default password, it must be like this
(error) NOAUTH Authentication required.
Then you can try typing
exit
Then you can try to come inside with your default password
redis-cli -a yourpassword
Then you can try typing again
ACL LIST
So it would return like this
1) "user default on sanitize-payload #816fd38b9c73259d4445dd41ef24670d627e7166a0c489d48e4f33241529d67b ~* &* +@all"
c. Create user ACL
Edit the redis.conf
nano /etc/redis/redis.conf
Add this list user on very last line
user youruser2 +@all allkeys on >user2pass
user youruser3 +@all -SET allkeys on >user3pass
user youruser4 +@all allkeys on ~* &* >user4pass
The difference youruser2 and youruser3 is,
youruser2is able to use all redis commandsyouruser3is able to use all redis commands except SET command.youruser4is able to use all redis commands on all channels (same as default user).
Then save it by press ctrl+x then press y and enter.
Restart Redis to force the changes to take effect.
systemctl restart redis.service
If you found it error redis.service not found, try to restart on different way
systemctl restart redis-server
d. Test Auth with default password
Try to enter CLI
redis-cli
Input default password
AUTH yourpassword
Check ACL list
ACL LIST
It should return like this
1) "user default on sanitize-payload #816fd38b9c73259d4445dd41ef246727e7166a0c489d48e4f33241529d67b ~* &* +@all"
2) "user youruser2 on sanitize-payload #8fbe8e13a025185501f49e0fbe71711b2b78dfc3f2e31dd75747e19fa0f42 ~* resetchannels +@all"
3) "user youruser3 on sanitize-payload #d48b9943c97a1cc654ec36bd1158a9be20adcb2a8622b0289587ff09fee8f ~* resetchannels +@all -set"
4) "user youruser4 on sanitize-payload #38b9816fdc73259d44451ef24670d627e7166a0c489d48e4f529d67b442dg ~* &* +@all"
Now exit
exit
e. Test with user ACL password
Enter CLI again
redis-cli
Then try to login with new user
AUTH youruser2 user2pass
It should return OK
OK
Now your redis already secured.
5. Optimize Redis
1. Set overcommit and maxcon
Edit the sysctl.conf
nano /etc/sysctl.conf
Put it on the very last line
# ---
vm.overcommit_memory = 1
net.core.somaxconn = 1024
Then save it by press ctrl+x then press y and enter.
2. Set Maximum Memory
maxmemory is the correct configuration option to prevent Redis from using too much RAM.
Edit the redis.conf
nano /etc/redis/redis.conf
Try searching maxmemory <bytes> then replace it with
maxmemory 1073741824
Then save it by press ctrl+x then press y and enter.
- maxmemory is calculated in bytes.
- 1073741824 bytes is around 1Gb of RAM.
- 2147483648 bytes is around 2Gb of RAM.
- You could increase it whatever as you like.
3. Reboot Server Machine
Now reboot the server to take the effect.
reboot
6. Completely Uninstall
If you has been failed to configure the Redis or just in case want to completely uninstall Redis.
Uninstall
apt-get purge --auto-remove redis-server
Now Reboot the server to take effect
reboot