How to Install Redis on a CentOS 7 Dedicated Server or VPS

Redis is a flexible open-source, configurable key-value store, using an in-memory system data storage model to achieve high performance. It comes with an array of features including transactions, automatic failover, pub/sub, among other unique functionality. Redis is widely recognized for its performance, scalability, flexibility, and extensive support for languages.

It’s based on simplicity with a few lines of code that do a lot. Regardless of your work on memory, it has a reasonable fairy support for high availability and clustering that works well in ensuring your data is safe. Redis was made to serve clients who want a trusted and secure environment. This guide will provide direction on the process of installing and configuring Redis on a CentOS 7 server.

Getting Started

Before we get started, you will require the following:

  • One dedicated server running a clean installation of CentOS7
  • Two Droplets of any size.
  • Access to your system through SSH with a sudo root user.

To install the necessary packages on CentOS7, start by running the following command:

$ yum install wget make gcc

Step 1: Install Redis

In this case, it is important to add the Extra Packages for Enterprise Linux (EPEL) and use it to install Redis. EPEL contains several open-source software packages.

Use YUM to Install EPEL:

$ sudo yum install epel-release

After installing EPEL, install Redis using yum:

$ sudo yum install redis -y

Wait for a couple of minutes for the process to complete, then start Redis:

$ sudo systemctl start redis.service

Optional: To starts Redis automatically on boot run the command below:

$ sudo systemctl enable redis

To check the status of Redis, run the following command:

$ sudo systemctl status redis.service

Output

redis.service - Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/redis.service.d
       	└─limit.conf
   Active: active (running) since Thu 2018-03-01 15:50:38 UTC; 7s ago
 Main PID: 3962 (redis-server)
   CGroup: /system.slice/redis.service
       	└─3962 /usr/bin/redis-server 127.0.0.1:6379

Verify that Redis has installed successfully with by running the command:

$ redis-cli ping

If Redis is running, you should see the response PONG. This shows the Redis application is running successfully on your web server. We can now go ahead and configure it to increase its security in the system.

Step 2: Configuring Redis

The best way to ensure Redis is safe is to ensure the server it's running on is secure. This can be done by ensuring Redis is attached to a localhost or a reserved IP address. It is also important to ensure that the web server has firewall that is running successfully.

Start with opening the Redis configuration box and run the following command:

$ sudo vi /etc/redis.con

Look for a line that shows bind as follows:

   /etc/redis.conf
bind 127.0.0.1

If you plan to access Redis from a different host, it’s recommend to connect it with another IP address to increase its exposure to the outside parties. You should have something like this:

                                    /etc/redis.conf
bind your_private_ip

If you don’t plan to bind Redis with another host, there is no need to include additional Redis firewall rules. Reason being, any traffic directed towards Redis will be used in default mode unless the firewall guidelines openly permit them.

On the other hand, if you don’t plan to connect to Redis from a different host, it is important to adjust your firewall configuration by running the command below for your firewall:

$ sudo firewall-cmd --permanent --new-zone=redis

Specify the port you would like remain open. By default, Redis use port 6397:

$ sudo firewall-cmd --permanent --zone=redis --add-port=6379/tcp

Include any private but secure IP address that should access Redis:

$ sudo firewall-cmd --permanent --zone=redis -add source=client_server_private_IP

Reload the system firewall settings to apply these changes:

$ sudo firewall-cmd --reload

Using these configurations, a firewall will update and apply these rules in a specific Redis zone anytime it sees information from your client’s IP address.

Step 3: Configuration of the Redis Password

This process enables the functionality of its security components which require your clients to verify their identity before accessing any data in the system. In this case, the key passcode is directly configured in Redis’s as follows:

/etc/redis.conf

Open the file:

$ sudo vi /etc/redis.conf

Click on the SECURITY section then search for the text that reads:

   /etc/redis.conf
# requirepass foobared

Make sure you uncomment the directive by getting rid of # and change the section that reads footbared to a stronger password

When you enter the command above the same passcode will appear. So, you need to come up with a new password and make some changes in the words in quotes:

echo "HostAdvice" | sha256sum

The password should be strong and long to ensure your system is secure.

The command output should read like this:

/etc/redis.conf
requirepass password_copied_from_output

Once you set the password, you can now access Redis:

$redis-cli

To test whether the password you have created for Redis is working, run the following command to try to set-up a key value before the authentication process:

127.0.0.1:6379> set key1 10

If Redis have not been authenticated, it will return the following error:

Output
(error) NOAUTH Authentication required.

The command below authenticates with your password in your Redis file:

127.0.0.1:6379> auth your_redis_password

Redis application will show that the password has been authenticated with the text “OK.”

Once it’s done, run the earlier command and ensure it is successful.

To exit the system, use the command

 redis-cli.
127.0.0.1:6379> quit

Now, it should be hard for unauthorized people to gain access to your Redis files.

Step 4: Set-up of Data Ownership and Authorizations

In this section, we will go through several data ownership and file authorization you may need to change to secure the Redis Installation. This is to ensure only the authorized user access Redis.

You can do this by typing the command below:

$ ls -l /var/lib | grep redis

The output should look like this:

drwxr-xr-x 2 redis   redis   4096 Aug  6 09:32 redis

To make sure the Redis user can access the data directory, change the permission setting to authorize file 770 as shown below:

$ sudo chmod 770 /var/lib/redis

Also, change the application configuration folder which has a file authorization of 644 in default mode. Run the command below:

$ ls -l /etc/redis.conf

The output should look like this:

rw-r--r-- 1 root root 30176 Jan 14  2014 /etc/redis.conf

The permission 664 may be readable which can present a critical security issue. So go ahead and configure file’s permissions. To do this run the command below:

 

sudo chown redis:redis /etc/redis.conf

Change ownership and authorization to make sure that only the Redi User can access the file:

$ sudo chmod 660 /etc/redis.conf

Verify the permissions using the command below:

$ ls -l /etc/redis.conf

The output should be like this:

total 40
-rw------- 1 redis redis 29716 Sep 22 18:32 /etc/redis.conf

Restart the Redis afresh to confirm it’s configured:

$ sudo service redis-server restart

Congratulations, you now have a fully installed and configured Redis, so your system is secure.

Conclusion

That’s enough to get you started with Redis installation on your server. With this, it can be easy to enjoy the security features that come with Redis. The most crucial security feature you should consider is the application’s firewall to prevent unauthorized users from accessing your server.

 

Check out the top 3 VPS services:

Was this article helpful?