How to Install and Secure Redis on Ubuntu 18.04: A Step-by-Step Guide
Redis is a powerful and popular tool for developers and system administrators. Redis is an open-source, in-memory data structure store, often used as a high-performance database, cache, and message broker. Its ability to handle key-value data with incredible speed makes it a go-to solution for applications requiring rapid data access, from session caching to real-time analytics.
This guide provides a comprehensive walkthrough for installing, configuring, and securing a Redis server on Ubuntu 18.04 LTS. Following these steps will give you a stable and secure Redis instance ready for your production environment.
Prerequisites
Before we begin, ensure you have the following:
- An Ubuntu 18.04 server.
- A non-root user with
sudoprivileges.
Step 1: Update Your System
First, it’s a critical best practice to ensure your system’s package repository is up to date. This guarantees you are installing the latest stable versions of software and security patches.
Open your terminal and run the following commands:
sudo apt update
sudo apt upgrade
Step 2: Install Redis Server
Ubuntu’s official APT repository contains a stable version of Redis, making the installation process straightforward.
To install Redis and its dependencies, execute this command:
sudo apt install redis-server
Once the installation completes, the Redis service will automatically start.
Step 3: Verify the Redis Service Status
To ensure Redis is running correctly, you can check the status of its service using systemctl.
sudo systemctl status redis-server
You should see an output indicating the service is active (running). This confirms that the installation was successful and Redis is operational on your server.
● redis-server.service - Advanced key-value store
Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-10-25 14:30:00 UTC; 5min ago
...
Press q to exit the status view.
Step 4: Configure Basic Redis Security
By default, Redis is configured to be accessible only from the local machine (localhost). This is a secure default, but you may need to adjust it if your application server is on a different machine.
The main Redis configuration file is located at /etc/redis/redis.conf. Before making changes, it’s wise to create a backup of the original file.
sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.bak
Now, open the configuration file in a text editor like nano:
sudo nano /etc/redis/redis.conf
Inside this file, look for the bind directive. By default, it is set to 127.0.0.1, meaning it only listens for connections from the local machine.
- For local-only access: Leave
bind 127.0.0.1 ::1as it is. This is the most secure option if your application runs on the same server. - For access from a specific private IP: If your application server has a private IP of
192.168.1.10, you would change the line tobind 127.0.0.1 192.168.1.10. Never bind Redis to a public IP address (0.0.0.0) without a properly configured firewall and authentication.
Step 5: Secure Redis with a Password
One of the most important security steps is to protect your Redis instance with a password. An unprotected Redis server exposed to the internet is a major security risk.
In the same configuration file (/etc/redis/redis.conf), find the requirepass directive. It is commented out by default.
# requirepass foobared
Uncomment this line (remove the #) and change foobared to a very strong, unique password.
requirepass YourSuperStrongPasswordHere
After setting your password, save the file and exit the editor (press CTRL + X, then Y, and ENTER in nano).
To apply these configuration changes, you must restart the Redis service:
sudo systemctl restart redis.service
Step 6: Test Your Redis Connection
Now, let’s test that everything is working as expected. You can connect to the server using the Redis command-line interface, redis-cli.
redis-cli
Once connected, try running a command like ping:
127.0.0.1:6379> ping
Because we enabled password protection, you will receive an error: (error) NOAUTH Authentication required.
This is the expected behavior. To authenticate, use the AUTH command followed by the password you set.
127.0.0.1:6379> AUTH YourSuperStrongPasswordHere
OK
After receiving the OK response, you are authenticated. Now, the ping command should work:
127.0.0.1:6379> ping
PONG
You can also test setting and retrieving a key:
127.0.0.1:6379> SET mykey "HelloRedis"
OK
127.0.0.1:6379> GET mykey
"HelloRedis"
This confirms your Redis server is installed, secured, and fully functional. Type exit to quit the redis-cli.
Step 7: Enable Redis to Start on Boot
Finally, you should ensure that Redis automatically starts whenever your server reboots. The apt installation process usually handles this, but it’s good practice to verify and enable it explicitly.
sudo systemctl enable redis-server
This command ensures the Redis service is added to the system’s startup sequence.
Conclusion
You have successfully installed and secured a Redis instance on your Ubuntu 18.04 server. By updating your system, installing the redis-server package, and performing crucial security hardening like setting a strong password, you have established a reliable foundation for your applications. Your Redis server is now ready to be integrated as a powerful cache or data store, boosting your application’s performance and efficiency.
Source: https://kifarunix.com/how-to-install-redis-on-ubuntu-18-04-lts/
