In this tutorial we will show you How to Install and Configure Redis on CentOS 7. Redis is an open-source in-memory database project implementing a distributed, in-memory key-value store with optional durability. Some of Redis features are built-in transactions, replication, and support for a variety of data structures like strings, hashes, lists, sets and so on. Redis Sentinel makes Redis highly available and it supports automatic partitioning with Redis Cluster.
1. Installing Redis
There are few things that need to be done prior to Redis installing. First, we have to add Extra Packages for Enterprise Linux (EPEL) repository to the server`s package lists. EPEL is a package repository that contains several open-source-add-on software packages and a lot of them are maintained by the Fedora Project.
We can use yum to install EPEL:
sudo yum install epel-release
As soon as we finish installing EPEL, we can use yum once again to install Redis:
sudo yum install redis
After a few minutes this installation will be completed and then you can start the Redis service:
sudo systemctl start redis.service
There is always the chance for Redis to start on boot, all you have to do is enable it through the enable command:
sudo systemctl enable redis
If you want to check Redis`s status you should run the following:
sudo systemctl status redis.service
Output ● redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled) Drop-In: /etc/systemd/system/redis.service.d └─limit.conf Active: active (running) since Thu 2018-07-11 15:50:38 UTC; 7s ago Main PID: 3962 (redis-server) CGroup: /system.slice/redis.service └─3962 /usr/bin/redis-server 127.0.0.1:6379
You can test the setup using this command as soon as you confirm that Redis is indeed running:
redis-cli ping
This should print PONG as the response and once you get that response it means that you have Redis running on your server and its configuration can begin in order to enhance its security.
2. Configuration
Redis listens on port 6379 by default and it needs some additional configuration in order to be sure that it is secured. If Redis is not protected by a firewall, authentication and have it listen only on a private network, then you have to be aware that there is a great risk of leaking sensitive data.
Firstly, you have to make sure that you set Redis to only listen on your private network. Because Redis has not got any kind of encryption built in, it is very important to transfer the data exclusively through private networks or secured tunnels. You can set Redis to listen on the private interface using the following:
nano /etc/redis.conf ... bind redis_servers_private_IP ...
If you install Redis on a stand-alone web server and it does not need to accept connections from different clients, in that case, Redis can be set to listen on the local socket instead by commenting out the bind value and setting up a socket by:
mkdir /var/run/redis chown redis:redis /var/run/redis nano /etc/redis.conf ... # bind 127.0.0.1 unixsocket /var/run/redis/redis.sock unixsocketperm 777
You can also use your OS`s built-in firewall in order to allow in connections from web servers you trust using their internal IP’s, in case you do not have a dedicated firewall. You can find some examples below:
# iptables nano /etc/sysconfig/iptables ... -A INPUT -p tcp -m tcp --dport 6379 -s your_server_IP -m comment --comment "redis" -j ACCEPT service iptables restart
You need to set up authentication, a built-in security feature if you want further Redis protection. If you do this then the clients will be forced to authenticate before they are granted access. If you want to create a security password then you can use a tool such as apg or pwgen. Use the following to set a password within Redis:
nano /etc/redis.conf ... requirepass your_strong_password_here ... systemctl restart redis
To make sure that the password works you can do this test :
# This should fail redis_cli 127.0.0.1:6379> set key1 10 (error) NOAUTH Authentication required. # This should work redis-cli 127.0.0.1:6379> auth your_strong_password_here 127.0.0.1:6379> set key1 10 OK 127.0.0.1:6379> get key1 "10"
Another thing we have to so is to secure the file permissions for Redis. You can find the password for Redis in he redis.conf so that file should not be readable by everybody. Furthermore, we also want to lock down the Redis data directory. You can lock down the permissions on Redis with:
chown redis:redis /var/lib/redis chmod 700 /var/lib/redis chown redis:redis /etc/redis.conf chmod 600 /etc/redis.conf systemctl restart redis
PS. If you liked this post, on how to install and configure Redis on CentOS 7, please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.