How To Install and Secure Redis on Ubuntu 20.04

Redis is a powerful in-memory key-value store that is used as a database, cache, and message broker. Due to its speed and flexibility, Redis is popular in many applications that require real-time data processing. In this guide, we will walk you through the process of installing Redis on Ubuntu 20.04, configuring it for optimal performance, and securing it against unauthorized access.

Prerequisites

Before starting, ensure that your server meets the following requirements:

1. Ubuntu 20.04: You need a local computer or a cloud server with Ubuntu 20.04 installed

2. A user with sudo privileges: You’ll need administrative rights to install and configure Redis.

3. Basic command-line knowledge: Familiarity with the Linux command line is essential.

Installing Redis on Ubuntu 20.04

To begin the installation of Redis on Ubuntu 20.04, follow these steps:

1. Update your system’s package list

sudo apt update

2. Install Redis

Install Redis from the Ubuntu repository:

sudo apt install redis-server -y

Redis will be installed and configured to run automatically after installation.

3. Verify the installation

To check if Redis is installed and running, use:

sudo systemctl status redis

Redis should be running. If not, start it with:

sudo systemctl start redis

Configuring Redis

By default, Redis works out of the box, but some configurations can optimize its performance and security:

1. Edit the Redis configuration file

Open the Redis configuration file located at /etc/redis/redis.conf:

sudo nano /etc/redis/redis.conf

2. Optimize memory usage

Redis can be configured to use specific memory limits by adjusting the maxmemory directive:

maxmemory 256mb
maxmemory-policy allkeys-lru

This setting limits Redis to use a maximum of 256MB of RAM and removes the least recently used (LRU) keys when the limit is reached.

3. Bind Redis to the local interface

For security, ensure Redis is only accessible from the local machine:

bind 127.0.0.1 ::1

4. Save your changes

After making these adjustments, save and close the file (CTRL + X, then Y, and Enter).

5. Restart Redis

For the changes to take effect, restart Redis:

sudo systemctl restart redis

Securing Redis: Authentication and Firewall

Redis has minimal security by default. Follow these steps to enhance its security:

1. Set up Redis authentication

In the Redis configuration file (/etc/redis/redis.conf), find the requirepass directive and set a strong password:

requirepass your_secure_password

2. Configure the firewall

If Redis must be accessible from outside the local machine, set up UFW (Uncomplicated Firewall) to allow connections only from trusted sources:

sudo ufw allow from trusted_IP to any port 6379

• from trusted_IP : Specifies the source IP address from which traffic is allowed.

• to any: Refers to the destination, meaning any of the system’s IP addresses.

• port 6379: Specifies the port number to which the access is granted (the Redis port).

To enable the firewall:

sudo ufw enable

Always ensure Redis is only accessible from authorized IP addresses.

If ufw is not installed, you can simply install with:

sudo apt update && sudo apt install ufw -y

Enabling Redis Persistence

Redis offers two types of persistence: RDB (Redis Database Backup) and AOF (Append-Only File).

1. Enable RDB persistence

RDB snapshots are created at specified intervals. In /etc/redis/redis.conf, configure the snapshot settings:

save 900 1
save 300 10
save 60 10000

2. Enable AOF persistence

AOF logs every write operation. To enable AOF, in the same configuration file:

appendonly yes

3. Restart Redis to apply changes

sudo systemctl restart redis

Setting Up Redis as a Service

Redis can be managed as a service, allowing you to control it with systemd.

1. Enable Redis to start on boot:

sudo systemctl enable redis

2. Start, stop, and check the status of Redis:

• Start Redis:

sudo systemctl start redis

• Stop Redis:

sudo systemctl stop redis

• Check the status:

sudo systemctl status redis

Monitoring and Managing Redis

Proper monitoring ensures Redis is running efficiently:

1. Use the Redis CLI for real-time monitoring

Redis includes a command-line interface (redis-cli) for monitoring:

redis-cli -a $password monitor

This command authenticates using the specified password and directly starts monitoring. But for security reasons, we need to avoid passing the password directly on the command line in production environments, as it may be visible to other users on the system. Instead, you can enter the redis-cli interactive mode and authenticate like this:

• Start the redis-cli without a password:

redis-cli

• Authenticate with the AUTH command:

AUTH your_secure_password

• Then, run the monitor command:

monitor

2. Use Redis’ built-in metrics

Get a summary of Redis operations using:

redis-cli info

3. Set up third-party monitoring tools

Tools like Prometheus, Grafana, or RedisInsight offer advanced monitoring and visualization.

Backing Up and Restoring Redis Data

Backing up Redis data is crucial to avoid data loss:

1. Manual RDB backup

       Copy the Redis dump file:

cp /var/lib/redis/dump.rdb /path/to/backup/directory

2. Restore from backup

     Stop Redis, replace the current RDB file with your backup, and start Redis again:

sudo systemctl stop redis

cp /path/to/backup/dump.rdb /var/lib/redis/

sudo systemctl start redis

Troubleshooting Common Issues

If you encounter issues, here are some common problems and their solutions:

1. Redis won’t start

Check the Redis logs at /var/log/redis/redis-server.log for error messages.

2. Memory issues

If Redis runs out of memory, adjust the maxmemory setting or add more RAM to your server.

3. Connection issues

Ensure that Redis is bound to the correct IP address and the firewall rules are correctly configured.

Conclusion

Installing and securing Redis on Ubuntu 20.04 is a straightforward process that, when done correctly, provides a reliable and fast database solution for your applications. By following this guide, you have set up Redis, configured it for optimal performance, secured it against unauthorized access, and implemented essential monitoring and backup procedures. With Redis now properly configured and secured, your applications can leverage its speed and efficiency with confidence.