How to Install and Configure Redis on CentOS 7

How to Install and Configure Redis on CentOS 7

Spread the love

In this tutorial we will show you How to Install and Configure Redis on CentOS 7. Redis is an open-source in-memory database project implementing a distributed, in-memory key-value store with optional durability. Some of Redis features are built-in transactions, replication, and support for a variety of data structures like strings, hashes, lists, sets and so on. Redis Sentinel makes Redis highly available and it supports automatic partitioning with Redis Cluster.

1. Installing Redis

There are few things that need to be done prior to Redis installing. First, we have to add Extra Packages for Enterprise Linux (EPEL) repository to the server`s package lists. EPEL is a package repository that contains several open-source-add-on software packages and a lot of them are maintained by the Fedora Project.

We can use yum to install EPEL:

sudo yum install epel-release

As soon as we finish installing EPEL, we can use yum once again to install Redis:

sudo yum install redis

After a few minutes  this installation will be completed and then you can start the Redis service:

sudo systemctl start redis.service

There is always the chance for Redis to start on boot, all you have to do is enable it through the enable command:

sudo systemctl enable redis

If you want to check Redis`s status you should run the following:

sudo systemctl status redis.service
Output
● redis.service - Redis persistent key-value database
Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/redis.service.d
└─limit.conf
Active: active (running) since Thu 2018-07-11 15:50:38 UTC; 7s ago
Main PID: 3962 (redis-server)
CGroup: /system.slice/redis.service
└─3962 /usr/bin/redis-server 127.0.0.1:6379

You can test the setup using this command as soon as you confirm that Redis is indeed running:

redis-cli ping

This should print PONG as the response and once you get that response it means that you have Redis running on your server and its configuration can begin in order to enhance its security.

2. Configuration

Redis listens on port 6379 by default and it needs some additional configuration in order to be sure that it is secured. If Redis is not protected by a firewall, authentication and have it listen only on a private network, then you have to be aware that there is a great risk of leaking sensitive data.

Firstly, you have to make sure that you set Redis to only listen on your private network. Because Redis has not got any kind of encryption built in, it is very important to transfer the data exclusively through private networks or secured tunnels. You can set Redis to listen on the private interface using the following:

nano /etc/redis.conf
...
bind redis_servers_private_IP
...

If you install Redis on a stand-alone web server and it does not need to accept connections from different clients, in that case, Redis can be set to listen on the local socket  instead by commenting out the bind value and setting up a socket by:

mkdir /var/run/redis
chown redis:redis /var/run/redis
nano /etc/redis.conf
...
# bind 127.0.0.1
unixsocket /var/run/redis/redis.sock
unixsocketperm 777

You can also use your OS`s built-in firewall in order to allow in connections from web servers you trust using their internal IP’s, in case you do not have a dedicated firewall. You can find some examples below:

# iptables
nano /etc/sysconfig/iptables
...
-A INPUT -p tcp -m tcp --dport 6379 -s your_server_IP -m comment --comment "redis" -j ACCEPT
service iptables restart

You need to set up authentication, a built-in security feature if you want further Redis protection. If you do this then the clients will be forced to authenticate before they are granted access. If you want to create a security password then you can use a tool such as apg or pwgen. Use the following to set a password within Redis:

nano /etc/redis.conf
...
requirepass your_strong_password_here
...

systemctl restart redis

To make sure that the password works you can do this test :

# This should fail
redis_cli
127.0.0.1:6379> set key1 10
(error) NOAUTH Authentication required.

# This should work
redis-cli
127.0.0.1:6379> auth your_strong_password_here
127.0.0.1:6379> set key1 10
OK
127.0.0.1:6379> get key1
"10"

Another thing we have to so is to secure the file permissions for Redis. You can find the password for Redis in he redis.conf so that file should not be readable by everybody. Furthermore, we also want to lock down the Redis data directory. You can lock down the permissions on Redis with:

chown redis:redis /var/lib/redis
chmod 700 /var/lib/redis
chown redis:redis /etc/redis.conf
chmod 600 /etc/redis.conf
systemctl restart redis

Installing Redis on CentOS 7Of course, you don’t have to install and configure Redis on CentOS 7, if you use one of our outsourced server support services, in which case you can simply ask our expert Linux admins to install and configure Redis on CentOS 7, for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to install and configure Redis on CentOS 7, please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *