How To Install and Secure Redis on Ubuntu 20.04
Redis is a powerful in-memory key-value store that is used as a database, cache, and message broker. Due to its speed and flexibility, Redis is popular in many applications that require real-time data processing. In this guide, we will walk you through the process of installing Redis on Ubuntu 20.04, configuring it for optimal performance, and securing it against unauthorized access.
Prerequisites Copy link
Before starting, ensure that your server meets the following requirements:
-
Ubuntu 20.04: You need a local computer or a cloud server with Ubuntu 20.04 installed
-
A user with sudo privileges: You’ll need administrative rights to install and configure Redis.
-
Basic command-line knowledge: Familiarity with the Linux command line is essential.
Installing Redis on Ubuntu 20.04 Copy link
To begin the installation of Redis on Ubuntu 20.04, follow these steps:
-
Update your system’s package list
sudo apt update-
Install Redis
Install Redis from the Ubuntu repository:
sudo apt install redis-server -yRedis will be installed and configured to run automatically after installation.
-
Verify the installation
To check if Redis is installed and running, use:
sudo systemctl status redis
Redis should be running. If not, start it with:
sudo systemctl start redisConfiguring Redis Copy link
By default, Redis works out of the box, but some configurations can optimize its performance and security:
-
Edit the Redis configuration file
Open the Redis configuration file located at /etc/redis/redis.conf:
sudo nano /etc/redis/redis.conf-
Optimize memory usage
Redis can be configured to use specific memory limits by adjusting the maxmemory directive:
maxmemory 256mb
maxmemory-policy allkeys-lruThis setting limits Redis to use a maximum of 256MB of RAM and removes the least recently used (LRU) keys when the limit is reached.
-
Bind Redis to the local interface
For security, ensure Redis is only accessible from the local machine:
bind 127.0.0.1 ::1-
Save your changes
After making these adjustments, save and close the file (CTRL + X, then Y, and Enter).
-
Restart Redis
For the changes to take effect, restart Redis:
sudo systemctl restart redisSecuring Redis: Authentication and Firewall Copy link
Redis has minimal security by default. Follow these steps to enhance its security:
-
Set up Redis authentication
In the Redis configuration file (/etc/redis/redis.conf), find the requirepass directive and set a strong password:
requirepass your_secure_password-
Configure the firewall
If Redis must be accessible from outside the local machine, set up UFW (Uncomplicated Firewall) to allow connections only from trusted sources:
sudo ufw allow from trusted_IP to any port 6379-
from trusted_IP: Specifies the source IP address from which traffic is allowed. -
to any: Refers to the destination, meaning any of the system’s IP addresses. -
port 6379: Specifies the port number to which the access is granted (the Redis port).
To enable the firewall:
sudo ufw enable
Always ensure Redis is only accessible from authorized IP addresses.
If ufw is not installed, you can simply install with:
sudo apt update && sudo apt install ufw -yEnabling Redis Persistence Copy link
Redis offers two types of persistence: RDB (Redis Database Backup) and AOF (Append-Only File).
-
Enable RDB persistence
RDB snapshots are created at specified intervals. In /etc/redis/redis.conf, configure the snapshot settings:
save 900 1
save 300 10
save 60 10000-
Enable AOF persistence
AOF logs every write operation. To enable AOF, in the same configuration file:
appendonly yes-
Restart Redis to apply changes
sudo systemctl restart redisSetting Up Redis as a Service Copy link
Redis can be managed as a service, allowing you to control it with systemd.
-
Enable Redis to start on boot:
sudo systemctl enable redis-
Start, stop, and check the status of Redis:
-
Start Redis:
sudo systemctl start redis-
Stop Redis:
sudo systemctl stop redis-
Check the status:
sudo systemctl status redisMonitoring and Managing Redis Copy link
Proper monitoring ensures Redis is running efficiently:
-
Use the Redis CLI for real-time monitoring
Redis includes a command-line interface (redis-cli) for monitoring:
redis-cli -a $password monitorThis command authenticates using the specified password and directly starts monitoring. But for security reasons, we need to avoid passing the password directly on the command line in production environments, as it may be visible to other users on the system. Instead, you can enter the redis-cli interactive mode and authenticate like this:
-
Start the
redis-cliwithout a password:
redis-cli-
Authenticate with the
AUTHcommand:
AUTH your_secure_password-
Then, run the
monitorcommand:
monitor-
Use Redis’ built-in metrics
Get a summary of Redis operations using:
redis-cli info-
Set up third-party monitoring tools
Tools like Prometheus, Grafana, or RedisInsight offer advanced monitoring and visualization.
Backing Up and Restoring Redis Data Copy link
Backing up Redis data is crucial to avoid data loss:
-
Manual RDB backup
Copy the Redis dump file:
cp /var/lib/redis/dump.rdb /path/to/backup/directory-
Restore from backup
Stop Redis, replace the current RDB file with your backup, and start Redis again:
sudo systemctl stop rediscp /path/to/backup/dump.rdb /var/lib/redis/sudo systemctl start redisTroubleshooting Common Issues Copy link
If you encounter issues, here are some common problems and their solutions:
-
Redis won’t start
Check the Redis logs at /var/log/redis/redis-server.log for error messages.
-
Memory issues
If Redis runs out of memory, adjust the maxmemory setting or add more RAM to your server.
-
Connection issues
Ensure that Redis is bound to the correct IP address and the firewall rules are correctly configured.
Conclusion Copy link
Installing and securing Redis on Ubuntu 20.04 is a straightforward process that, when done correctly, provides a reliable and fast database solution for your applications. By following this guide, you have set up Redis, configured it for optimal performance, secured it against unauthorized access, and implemented essential monitoring and backup procedures. With Redis now properly configured and secured, your applications can leverage its speed and efficiency with confidence.