Setup Guide
Understanding Redis
Redis is an in-memory data structure store that can be used as a database, cache, message broker, and queue. This guide will help you install and secure Redis with custom configurations.
Installation Process
Update package lists and install Redis:
# Update package lists to ensure we get the latest version
sudo apt update
# Install Redis server package
sudo apt install redis-server
Detailed Configuration
Redis configuration is managed through the redis.conf file. We'll make several important modifications:
- First, backup your original configuration:
# Create a backup before making changes
sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.backup
# Edit Redis configuration
sudo nano /etc/redis/redis.conf
- Essential Configuration Settings:
# Network Configuration
port 35000 # Custom port instead of default 6379
bind 0.0.0.0 # Allow external connections (be careful with this)
protected-mode yes # Additional network security
# Authentication
requirepass YourStrongPasswordHere # Set a strong password (min 32 chars recommended)
# Memory Management
maxmemory 1gb # Limit Redis memory usage
maxmemory-policy allkeys-lru # Eviction policy when memory limit is reached
# Performance Tuning
tcp-keepalive 300 # Keep connections alive
timeout 0 # Client connection timeout (0 = disabled)
tcp-backlog 511 # Connection queue length
databases 16 # Number of database instances
# Persistence Configuration
appendonly yes # Enable AOF persistence
appendfilename "appendonly.aof"
appendfsync everysec # Fsync policy (always/everysec/no)
Security Implementation
Redis security is crucial when exposed to external connections:
- Firewall Configuration:
# Allow specific IPv4 addresses
sudo ufw allow from 192.168.1.100 to any port 35000 proto tcp comment 'Redis - Application Server'
sudo ufw allow from 192.168.1.101 to any port 35000 proto tcp comment 'Redis - Backup Server'
# Allow specific IPv6 addresses if needed
sudo ufw allow from 2001:db8::1 to any port 35000 proto tcp comment 'Redis - IPv6 Client'
Service Management
Control and monitor Redis service:
- Service Controls:
# Start Redis service
sudo systemctl start redis-server
# Enable Redis to start on boot
sudo systemctl enable redis-server
# Restart Redis after configuration changes
sudo systemctl restart redis-server
- Verify Installation:
# Connect to Redis
redis-cli -p 35000
# Authenticate
auth YourStrongPasswordHere
# Test connection
ping
Expected successful response:
PONG
Monitoring and Maintenance
- Service Status:
# Check service status
sudo systemctl status redis-server
# View logs
sudo tail -f /var/log/redis/redis-server.log
- Performance Monitoring:
# Connect to Redis with password
redis-cli -p 35000 -a YourStrongPasswordHere
# Check memory usage
INFO memory
# Monitor connected clients
CLIENT LIST
# Get server statistics
INFO stats
Troubleshooting
Common issues and solutions:
- Connection refused:
- Check if Redis is running:
sudo systemctl status redis-server - Verify port is open:
sudo ss -tulpn | grep 35000 - Check firewall rules:
sudo ufw status numbered
- Check if Redis is running:
- Authentication failed:
- Verify password in configuration
- Check if requirepass is set correctly
- Ensure no typos in authentication command
- Memory issues:
- Monitor memory usage:
redis-cli -p 35000 -a YourStrongPasswordHere INFO memory - Adjust maxmemory setting if needed
- Review eviction policy effectiveness
- Monitor memory usage:
Best Practices
- Memory Configuration:
- Set maxmemory to 70-80% of available RAM
- Choose appropriate eviction policy
- Monitor memory usage regularly
- Security:
- Use strong passwords (32+ characters)
- Limit access to specific IPs
- Regularly update Redis to patch security issues
- Disable dangerous commands in production
- Backup:
- Enable AOF persistence for data safety
- Schedule regular RDB snapshots
- Test backup restoration procedures