Introduction

Redis is an open-source in-memory data store. It’s used as a flexible, highly available key-value database that maintains a high level of performance.

Apart from its performance and flexibility, Redis stands out with its wide language support, high availability, and automatic partitioning.

In this tutorial, learn how to install Redis on Ubuntu 20.04 / 18.04. 

tutorial on How To Install and Secure Redis on Ubuntu 18.04 & 20.04

Prerequisites

  • A system running Ubuntu 20.04 (or Ubuntu 18.04)
  • Access to a terminal window/command line
  • Sudo or root privileges on local /remote machines

Install and Secure Redis on Ubuntu

The following steps explain how to install Redis on Ubuntu 20.04. You can also use this guide on Ubuntu 18.04.

Apart from installing and setting up the basic configuration, the guide covers how to add password authentication, bind Redis to localhost and rename dangerous commands.

Step 1: Install Redis

Follow the steps outlined below to install and configure Redis on your Ubuntu system.

1. Start by updating the package repository:

sudo apt update

2. Then, install Redis with the command:

sudo apt install redis-server

Step 2: Configure Redis

1. Once the installation is complete, modify the Redis configuration file. To do so, open the file with a text editor of your choice (we are using nano):

sudo nano /etc/redis/redis.conf

2. Next, find the line specifying the supervised directive. By default, this line is set to no. However, to manage Redis as a service, set the supervised directive to systemd (Ubuntu’s init system).

Modify Redis configuration file to manage Redis as a service.

3. Save the changes and close the file.

4. Finally, restart the Redis service by running:

sudo systemctl restart redis.service

Step 3: Verify Redis Installation

To ensure you have set up Redis correctly, test if the service is running. Also, test the connection to the server, and whether you can set a key-value pair.

Step 3.1: Check Redis Service Status

Check the status of the Redis service by running the command:

sudo systemctl status redis

The output should display the service is active (and running), as in the image below.

Checking the status of Redis service

Step 3.2: Check Redis Connection

You should also verify the connection with the Redis server using the redis-cli tool. To connect with this command-line client, enter the following in the terminal window:

redis-cli

This moves you to the redis-cli command prompt. To test the connectivity, run:

ping

The output should respond with:

PONG

Checking Redis connectivity screenshot

Step 3.3: Test Setting up Key-Value Pairs

Since Redis is an in-memory key-value NoSQL database, you may also want to test whether it retrieves assigned values based on the specified key.

First, set a key using the set command. In this example, the key is labeled as key1 and should have the value of "You have successfully set up a key-value pair!".

To do this, run the command:

set key1 "You have successfully set up a key-value pair!"

2. Once you hit Enter, the prompt responds with OK.

3. Now, check whether you have successfully assigned the given value to the key with the get command:

get key1

4. The output should respond with the message you attached as the value in the first step.

How to set a key-value pair in Redis.

5. To exit out of the Redis shell run:

quit

Step 4: Secure Redis

Step 4.1: Set Up Redis Authentication

Redis includes an authentication feature as an additional security layer. The feature is not enabled by default. Therefore, you need to modify the configuration file to activate it.

1. To start, open the Redis configuration file for editing:

sudo nano /etc/redis/redis.conf

2. Then, locate the requirepass directive under the SECURITY section and uncomment it (by removing #).

3. Once you have uncommented the line, replace foobared with the password of your choice.

Configure Redis configuration.

4. Save and close the file.

5. Restart the Redis service:

sudo systemctl restart redis.service

Once you configure Redis to require authentication, it will refuse any query until you provide the required password.

For example, if you switch to the redis-cli command prompt and try to run the ping test, the output displays the message: (error) NOAUTH Authentication required.

The only way to start working in Redis in such a case is to provide the password defined in the configuration file.

Use the command:

auth [your_password]

If the output responds with OK you are good to go.

Step 4.2: Bind Redis to Localhost

If you installed the software following the steps outlined above, Redis should only be accessible from localhost. Limiting access in such a way is a matter of network security.

However, you may have changed the default settings and now want to restrict connections to localhost.

To do so, open the Redis configuration file for editing:

sudo nano /etc/redis/redis.conf

Scroll down and find the NETWORK section in the file. Then, uncomment the bind 127.0.0.1 ::1 line (by removing #), as in the image below.

Binding Redis to localhost

Once you save and exit the file, make sure to restart the service with:

sudo systemctl restart redis

With this, you have successfully managed to bind Redis to localhost, restricting access to other connections.

Step 4.3: Rename or Kill Dangerous Commands

Another way to protect your data is to disable specific commands or rename them, so they are unguessable. This is a useful security feature that can restrict normal users from using commands that could harm the system.

To disable or rename such commands, open the Redis configuration file:

sudo nano /etc/redis/redis.conf

Locate the SECURITY section and scroll down to the #Command renaming line. There you can find examples on how to rename or kill commands.

For example, to rename the CONFIG command, add the line:

rename-command CONFIG [new_command_name]

In this example, the config command is renamed to sys_admin_config_836 (something a normal user would not be able to guess).

Rename commands in Redis.

To remove certain commands, you can disable (kill) them. To do this, rename the dangerous command into an empty string.

Therefore, if you want to disable the config command, add the line:

rename-command CONFIG ""

How to disable a command in Redis.

After you have made these changes, make sure to save the changes, and restart the Redis service.

Conclusion

This tutorial should help you install and set up Redis on your Ubuntu 20.04 (or 18.04). Also, it provided a few tips on securing your Redis data store.

NoSQL databases, like Redis, are meant to run efficiently in distributed clusters that scale out horizontally. Using Docker to deploy Redis in a container makes horizontal scaling a routine, straightforward process.


Next you should also read