How to Set up a Redis Server

Simple tutorial for setting up your own Redis server and use it within connection

Photo by Tapio Haaja on Unsplash

Prerequisites

To complete this tutorial, you will need a server running CentOS 8. This server should have a non-root user with administrative privileges and a firewall configured with firewalld.

In today’s tutorial, we will prepare for 3 servers where 1 of them will be the master node and the others will be its replica.

Step 1 — Installing and Starting Redis

You can install Redis with the DNF package manager. The following command will install Redis, and its dependencies.

sudo dnf install redis

Press Y for the confirmation of installation. Find redis.conf and open it with your preferred text editor. File redis.conf usually will be stored on /etc/redis/. Here we’ll use nano as example:

sudo nano /etc/redis.conf

Inside the file, find the supervised directive. This directive allows you to declare an init system to manage Redis as a service, providing you with more control over its operation. The supervised directive is set to no by default. Since you are running CentOS, which uses the systemd init system, change this to systemd:

After that, bind your Redis host IP to your private IP in the network. The default host of the redis server is 127.0.0.1. Find and uncomment the following line and replace it with your private IP.

Disable a protected mode for allowed connective from another server:

You can also configure a port number that you want to use for hosting the redis server. Find and uncomment the following line and replace it with the port number that you want.

That’s the only change you need to make to the Redis configuration file at this point, so save and close it when you are finished. If you used nano to edit the file, do so by pressing CTRL+X, Y then Enter.

After editing the file, start the Redis service with the following command:

sudo systemctl start redis

You can check Redis’s status by running the following:

sudo systemctl status redis

Once you’ve confirmed that Redis is indeed running, you can test its functionality with this command:

redis-cli -h XXX.XXX.XXX.XXX -p YYYY
ping

This should print Pong as the response:

Note: if you receive an NOAUTH Authentication result. Then your redis server is already being configured and locked by password. Find and password in your redis.conf and try with the following command:

redis-cli -h XXX.XXX.XXX.XXX -p YYYY
auth password
ping

Step 2 — Configuring Redis and Securing it with a Firewall

An effective way to safeguard Redis is to secure the server it’s running on. You can do this by ensuring that Redis is bound only to either localhost or to a private IP address and also that the server has a firewall up and running.

To begin, add a dedicated redis zone to your firewalld policy:

sudo  firewall-cmd –-permanent –-new-zone=redis

Then specify which port you’d like to have open. Redis uses port 6379 by default:

sudo firewall-cmd — permanent — zone=redis — add-port=6379/tcp

Next, specify any private IP addresses which should be allowed to pass through the firewall and access Redis, this step is optional.

sudo firewall-cmd — permanent — zone=redis — add source=client_server_private_IP

After running those commands, reload the firewall to implement the new rules:

sudo firewall-cmd –reload

You can check the active zone of firewalld by the following command:

sudo firewall-cmd –get-active-zones

Under this configuration, when the firewall encounters a packet from your client’s IP address, it will apply the rules in the dedicated the redis zone to that connection. All other connections will be processed by the default public zone. The services in the default zone apply to every connection, not just those that don’t match explicitly, so you don’t need to add other services (e.g. SSH) to the redis zone because those rules will be applied to that connection automatically.

Step 3 — Configuring a Redis Password

Configuring a Redis password enables one of its built-in security features — the auth command — which requires clients to authenticate before being allowed access to the database. Like the binding setting, the password is configured directly in Redis’s configuration file, /etc/redis.conf. Reopen that file:

sudo nano /etc/redis.conf

Scroll to the SECURITY section and look for a commented directive that reads:

Uncomment it by removing the #, and change “foobared” to a very strong password of your choosing.

Reset a redis.service with the following command :

sudo systemctl reload redis

So the configuration of redis is completed. Now let’s try to access the server that we have configured. In this case, I will try to connect to a remote server redis from my local computer that connects to a VPN with the help of WSL (Windows Subsystem Linux). This WSL has already installed the redis server. Here is the result of the testing:

Conclusion

in this tutorial, we learn about how to set up a Redis on your server and make it available to another server in a secure way. Hope this articel can help you in learning about Redis.