How to Perform a Secure Redis Install on Linux

choubertsprojects

VPN offers!

1. NordVPN

2. Surfshark

3. ExpressVPN

Redis is a key-value store that offers speed, reliability and concurrency. It’s used by many popular websites like Reddit and OkCupid to store data in memory. In this tutorial, we’ll install Redis on Linux using the standard package manager tools.

The “how to install redis on ubuntu” is a tutorial that explains how to install the Redis database on Linux. The article also includes steps for installing and configuring Redis on Ubuntu 16.04 LTS, 14.04 LTS, 12.04 LTS and other versions of Linux operating systems.

How to Perform a Secure Redis Install on Linux

Redis is useful for a variety of tasks, including caching. Redis may also be used as a main data store or even as a database substitute. But how can you set up Redis in a safe manner? Redis installation is a hassle, and if you’re not cautious, you could wind up with a lot of issues. Fortunately for you, this guide will cover all you need to know.

In this guide, you’ll learn how to install Redis safely on your Linux system, as well as some pointers on how to avoid frequent pitfalls.

Continue reading to avoid the hardships of debugging Redis installation issues!

Prerequisites

This will be a hands-on presentation in this course. If you want to follow along, make sure you have the following items on hand:

  • A computer running Ubuntu 20.04 LTS — The methods in this guide are for Ubuntu 20.04 LTS, although they are comparable for other Linux systems.

Related: [Step-by-Step] How to Install Ubuntu 20.04

  • A non-root user having sudo rights or root privileges

APT Package Manager is used to install Redis.

Redis may be installed in a variety of methods on Ubuntu, but for this guide, you’ll use the APT package manager.

Because Redis is written in C, you’ll have to manually build it from source code. A number of dependencies would have to be installed, and the construction process isn’t without flaws.

Although compiling Redis from source isn’t encouraged, it does have the advantage of allowing you to personalize your installation. You download the source code and then configure it yourself.

To ensure you have the most up-to-date package listings, open your terminal and perform the apt update command below.

Keeping the Linux system up to date Keeping the Linux system up to date

To install Redis on your PC, use the apt install command.

The apt package manager is used to obtain and install the redis-server package from the Ubuntu repository onto your system using the command below. The -y option instructs apt to automatically accept prompts throughout the installation process.

How to Manage Linux Packages Using the Ansible apt Module

redis-server -y sudo apt install

Getting Redis installed on your computer Getting Redis installed on your computer

To run Redis as a service, you must configure the Redis.conf file.

You’ve just finished installing Redis, but it’s not yet ready to use. You must first setup the redis.conf file before you can use Redis.

The redis.conf configuration file is located in the /etc/redis/ directory by default and comes with the Redis package you installed. All of Redis’ configuration settings are included in this file.

The.conf file extension makes sense since it follows a standard pattern. This style is used by a lot of different applications. The primary configuration file for the Apache web server, for example, has the.conf extension.

To stop the redis-server service, use the systemctl command below. When you’re initially starting started with Redis, it’s a good idea to stop the Redis service from running.

systemctl stop redis.service sudo systemctl stop redis.service

Controlling Systemd services using Ubuntu systemctl is a related topic.

2. In your favourite text editor, open the /etc/redis/redis.conf file.

Locate the supervised directive and modify it to systemd, as seen below, before saving the modifications. This instructs the operating system that Redis should be launched as a service.

Configuring the systemd directive Configuring the systemd directive

3. Now, since the Redis service (redis.service) is unaware of the modifications, use the systemctl restart command below to restart it.

redis.service must be restarted using sudo systemctl.

4. Finally, check whether Redis is operating using the systemctl status command.

redis.service status sudo systemctl

The result demonstrates that the Redis service is up and operating, as seen below.

Checking to see whether the Redis service is up and running Checking to see whether the Redis service is up and running

Checking to see whether the Redis Server is working properly.

Although you’ve setup and confirmed that the Redis service is active, this does not imply that the Redis server is operational. How can you tell whether the Redis server is up and running? To test whether the Redis server replies, connect to it and transmit instructions.

To connect to the Redis server, use the redis-cli command. Redis-cli is a command-line interface for the Redis database that enables you to submit instructions to the server and see its current status.

Below, you can tell that you’re in the Redis server prompt (127.0.0.1:6379>). The redis-cli command tries to connect to a Redis server at 127.0.0.1:6379 by default.

Obtaining a connection to the Redis Server Obtaining a connection to the Redis Server

2. Next, use the ping command to see whether the Redis server is up and running.

As you can see, the server responded PONG, indicating that the Redis server is now accessible and can connect with the service successfully.

The Redis server is being pinged. The Redis server is being pinged.

If you’re still not convinced, try the set command below. The set command is a Redis command that creates a database key-value pair.

“This is a test,” says the setter.

The set command, as you can see, returns “OK,” indicating that the Redis service is operational.

The Redis server is being tested. The Redis server is being tested.

3. To quit the redis-cli, use the exit command shown below. The connection to the Redis server is then closed.

The Redis Server is bound to Localhost.

You’ve just verified that the Redis server is operational, but it’s possible that it’s also accessible from other devices on your network. This is unwelcome activity, and you’d normally want to keep people away from your Redis server.

The Redis Server is bound to Localhost. sets a behavior that only the machine on which you installed Redis can access the Redis server.

1. In your text editor, open the /etc/redis/redis.conf file.

2. Find the line that reads bind 127.0.0.1::1 and At the start of the line, remove the number symbol (#). to uncomment it.

1647501376_417_How-to-Perform-a-Secure-Redis-Install-on-Linux removing the comment from the bind 127.0.0.1::1 line

3. Now, to restart the redis-server service, execute the command below.

sudo systemctl redis-server restart

4. Finally, verify whether your Redis server is tied to localhost using the command below. The netstat -lnp tool displays all active network connections, while the grep redis component of the command restricts the output to lines containing the word “redis.”

Local Name Protocol (-lnp) is a networking protocol that UNIX-like systems use to resolve hostnames to IP addresses.

grep redis | sudo netstat -lnp

The Redis server is now exclusively listening on the localhost interface, as seen below (127.0.0.1:6379). Only the localhost interface is mentioned under your active internet connections, reflecting the change in the configuration file (tcp).

Other devices on your network will no longer be able to connect to your Redis server.

All active network connections are shown here. All active network connections are shown here.

Using a Password to Secure a Redis Server Connection

Redis isn’t configured to need password authentication at this time. Anyone with the IP address or hostname of your Redis server might connect to it and modify its contents.

How do you keep your Redis server secure? Set a password that users must provide before connecting to your Redis server.

1. In your text/code editor, reopen the redis.conf configuration file.

2. Create a strong password that includes the following:

  • Under the SECURITY section, look for requirepass foobared.
  • At the start of the line, remove the number symbol (#).
  • Change foobared to a secure password of your choosing and save the changes.

Creating a strong password Creating a strong password

3. Restart and connect to your Redis server using the instructions below.

sudo systemctl redis-server restart redis-cli

4. Now, use the ping command to test whether the server responds.

NOAUTH Authentication needed is shown in the error message below. This notification shows that remote access to your Redis server requires an authentication password.

Connection to the server is being tested. Connection to the server is being tested.

5. To authenticate your connection to your Redis server, use the auth command below, followed by your password.

When authentication is successful, you’ll receive an OK answer like the one below.

Redis Server Connection Authentication Redis Server Connection Authentication

6. Finally, perform the ping command to see whether you’ve successfully authenticated your Redis server connection.

After validating your connection, you’ll receive the PONG answer, as illustrated below. You’ve successfully secured your Redis server using a password at this point.

The Redis server is being pinged. The Redis server is being pinged.

To protect your Redis server, disable dangerous commands.

Setting a password to authenticate your Redis server connection does not ensure that it is completely secure. Redis comes with a number of potentially harmful commands that enable users to alter the data in your database by default.

When invoked by unauthorized users, these instructions provide attackers access to your Redis database’s contents, allowing them to read, alter, delete, and even wipe it entirely.

Because your Redis server may include other harmful commands, the list below is not exhaustive, but in most situations, these are the risky ones:

FLUSHDB, FLUSHALL, KEYS, PEXPIRE, DEL, CONFIG, SHUTDOWN, BGREWRITEAOF BGSAVE, SAVE, SPOP, SREM, RENAME, DEBUG, EVAL, FLUSHDB, FLUSHALL, KEYS, PEXPIRE, DEL, CONFIG, SHUTDOWN, BGREWRITEAOF BGSAVE, SAVE, SPOP, SREM, REN

Rename these harmful instructions in the redis.conf file to better safeguard your Redis server:

1. In your text editor, open the redis.conf file and search for the Command renaming section.

To deactivate commands, rename them to an empty string using the syntax below. To deactivate, replace the-command with the actual command.

the-command the-command “” rename-command the-command “”

For example, you may deactivate the CONFIG command by renaming it to an empty string and saving the modifications, as seen below. The double quotes (“”) denote an empty string that indicates that a command is disabled.

The CONFIG command has been renamed. The CONFIG command has been renamed.

2. To restart the Redis server, exit the text editor and enter the command below.

sudo systemctl redis-server restart

3. To connect to your Redis server, use the instructions below.

Qae9p fY:YjdtJ7k redis-cli auth

4. Finally, verify that the CONFIG command is deactivated using the config get command.

The CONFIG command will be deactivated if you get an ERR unknown command config answer, as illustrated below.

Using the CONFIG command to see what's going on Using the CONFIG command to see what’s going on

If the config get requirepass command succeeds, it will ask your Redis server for the password in order to authenticate the connection.

To secure your Redis server, you’ve successfully renamed a harmful Redis command. Continue to disable additional potentially harmful instructions in the redis.conf file.

Using a Firewall to Block Connection Requests to Redis Server

Setting up a firewall is another option to safeguard your Redis server. Setting up a firewall necessitates allowing just the needed ports for each of your server’s services.

For example, if Redis is operating on your server at port 6379, all you need to do is open that port. You may add IP addresses or ranges of IP addresses to the firewall rules if you need to enable access from a certain IP address or range of IP addresses.

You’ll need to install a firewall configuration utility before you can set up a firewall. This example makes use of UFW, a popular Linux firewall setting tool. However, another program, such as iptables, may be used to create a firewall.

To install UFW on your PC, use the command below.

2. Then, to activate UFW, use the command below.

To continue executing the command, type ‘Y’ when you see the prompt displayed below.

Activating UFW Activating UFW

3. Use the ufw command to create a rule that permits (allows) traffic to your Redis server on port 6379. Replace 11.22.33.44 with the IP addresses of the people you want to reach.

sudo ufw allow any port 6379 from 11.22.33.44

Allowing traffic on port 6379 by adding a firewall rule Allowing traffic on port 6379 by adding a firewall rule

4. Finally, execute the command below to ensure that the firewall rule was successfully added. The command examines your firewall’s state.

The firewall is operational, and the rule to allow traffic on port 6379 for Redis from the IP address 11.22.33.44 can be seen in the output below.

Examining the UFW's regulations Examining the UFW’s regulations

Users with the IP address 11.22.33.44 may now connect to Redis through port 6379, but they must first login with a password. In a similar way, you may add other ports for various services.

Conclusion

You’ve learnt how to setup and safeguard your Redis server by renaming risky commands to empty strings and configuring a firewall in this article.

With this newfound understanding, you can take use of all of Redis’ features without putting your server at danger.

Do you want to learn more? Why not start with securing a Kubernetes Redis server?

The “install redis on ubuntu 20” is a tutorial that will show you how to install Redis on Ubuntu Linux. It includes instructions for both the command line and GUI method.

Frequently Asked Questions

How do I make Redis secure?

A: Redis is an open source, in-memory database with a command line interface designed for high speed and efficiency. It has been used by many websites including Twitter and Instagram as a data store to deliver millions of messages per second.

How install Redis Linux?

A: As with most Linux distributions, Redis can be installed via the package manager. For Debian-based systems such as Ubuntu or Mint, you should install it by running
“sudo apt update“ followed by “sudo apt install redis-server -y“

Do I need to secure Redis?

A: Redis is a key-value store, so there isnt much need to secure it. It does require you to make sure your password for the redis server is strong enough and should be changed periodically.

Related Tags

  • install redis centos 7
  • install redis windows
  • install redis-cli
  • install redis-cli ubuntu
  • install redis linux