How to Set up a Redis Server
Simple tutorial for setting up your own Redis server and use it within connection
Prerequisites
To complete this tutorial, you will need a server running CentOS 8. This server should have a non-root user with administrative privileges and a firewall configured with firewalld.
In today’s tutorial, we will prepare for 3 servers where 1 of them will be the master node and the others will be its replica.
Step 1 — Installing and Starting Redis
You can install Redis with the DNF package manager. The following command will install Redis, and its dependencies.
sudo dnf install redis
Press Y for the confirmation of installation. Find redis.conf and open it with your preferred text editor. File redis.conf usually will be stored on /etc/redis/. Here we’ll use nano as example:
sudo nano /etc/redis.conf
Inside the file, find the supervised directive. This directive allows you to declare an init system to manage Redis as a service, providing you with more control over its operation. The supervised directive is set to no by default. Since you are running CentOS, which uses the systemd init system, change this to systemd:
After that, bind your Redis host IP to your private IP in the network. The default host of the redis server is 127.0.0.1. Find and uncomment the following line and replace it with your private IP.
Disable a protected mode for allowed connective from another server:
You can also configure a port number that you want to use for hosting the redis server. Find and uncomment the following line and replace it with the port number that you want.
That’s the only change you need to make to the Redis configuration file at this point, so save and close it when you are finished. If you used nano to edit the file, do so by pressing CTRL+X, Y then Enter.
After editing the file, start the Redis service with the following command:
sudo systemctl start redis
You can check Redis’s status by running the following:
sudo systemctl status redis
Once you’ve confirmed that Redis is indeed running, you can test its functionality with this command:
redis-cli -h XXX.XXX.XXX.XXX -p YYYY
ping
This should print Pong as the response:
Note: if you receive an NOAUTH Authentication result. Then your redis server is already being configured and locked by password. Find and password in your redis.conf and try with the following command:
redis-cli -h XXX.XXX.XXX.XXX -p YYYY
auth password
ping
Step 2 — Configuring Redis and Securing it with a Firewall
An effective way to safeguard Redis is to secure the server it’s running on. You can do this by ensuring that Redis is bound only to either localhost or to a private IP address and also that the server has a firewall up and running.
To begin, add a dedicated redis zone to your firewalld policy:
sudo firewall-cmd –-permanent –-new-zone=redis
Then specify which port you’d like to have open. Redis uses port 6379 by default:
sudo firewall-cmd — permanent — zone=redis — add-port=6379/tcp
Next, specify any private IP addresses which should be allowed to pass through the firewall and access Redis, this step is optional.
sudo firewall-cmd — permanent — zone=redis — add source=client_server_private_IP
After running those commands, reload the firewall to implement the new rules:
sudo firewall-cmd –reload
You can check the active zone of firewalld by the following command:
sudo firewall-cmd –get-active-zones
Under this configuration, when the firewall encounters a packet from your client’s IP address, it will apply the rules in the dedicated the redis zone to that connection. All other connections will be processed by the default public zone. The services in the default zone apply to every connection, not just those that don’t match explicitly, so you don’t need to add other services (e.g. SSH) to the redis zone because those rules will be applied to that connection automatically.
Step 3 — Configuring a Redis Password
Configuring a Redis password enables one of its built-in security features — the auth command — which requires clients to authenticate before being allowed access to the database. Like the binding setting, the password is configured directly in Redis’s configuration file, /etc/redis.conf. Reopen that file:
sudo nano /etc/redis.conf
Scroll to the SECURITY section and look for a commented directive that reads:
Uncomment it by removing the #, and change “foobared” to a very strong password of your choosing.
Reset a redis.service with the following command :
sudo systemctl reload redis
So the configuration of redis is completed. Now let’s try to access the server that we have configured. In this case, I will try to connect to a remote server redis from my local computer that connects to a VPN with the help of WSL (Windows Subsystem Linux). This WSL has already installed the redis server. Here is the result of the testing:
Conclusion
in this tutorial, we learn about how to set up a Redis on your server and make it available to another server in a secure way. Hope this articel can help you in learning about Redis.