Redis is a secondary database that is useful for session storage as well as performing background jobs like sending emails, user notifications,..etc.
In this blog post you will learn how to install a stable & secured version of redis by the following steps:
1. Install stable version of Redis
To install Redis, first make sure the tcl package is installed.
sudo aptitude install build-essential tcl8.5
1.1 Check for the latest version of Redis and grab it into your /tmp directory.
cd /tmp wget http://download.redis.io/releases/redis-stable.tar.gz
Now extract it.
tar xzf redis-stable.tar.gz
Then configure it and install it.
1.2 Installing the server
In the same directory you extracted the redis stable version, write in your terminal
cd redis-stable make make test sudo make install
Then configure an instance and add it to your boot sequence
cd utils sudo ./install_server.sh
Now test your installation:
sudo service redis_6379 start
Check it through its command line interface:
You now have Redis installed and running. The prompt will look like this:
Type in ping, and the prompt should look like this:
redis 127.0.0.1:6379> ping PONG
To set Redis to automatically start at boot, run:
sudo update-rc.d redis_6379 defaults
2. Secure the installed Redis
2.1 Binding to localhost
By default, Redis server is only accessible from localhost. However, if you followed the tutorial to set up a Redis master server, you updated the configuration file to allow connections from anywhere. This is not as secure as binding to localhost.
Open the Redis configuration file for editing:
sudo vim /etc/redis/6379.conf
Locate this line and make sure it is uncommented (remove the # if it exists):
# bind 127.0.0.1
2.2 Configuring Redis password
Configuring a Redis password enables one of its two built-in security feature – the auth command, which requires clients to authenticate to access the database. The password is configured directly in Redis’s configuration file,
/etc/redis/6379.conf, which you should still have open from the previous step.
Scroll to the SECURITY section and look for a commented directive that reads:
# requirepass foobared
Uncomment it by removing the #, and change foobared to a very strong and very long value. Instead of foobared, make a more complex password using one of sha algorithm types like:
$: echo -n "yournormalstring" | openssl sha1 f44f60738a2ecbc060a7fe974371997137ac4e69
Store this key just in case. Then alter your redis conf file to be:
After setting the password, save the file, and restart Redis:
sudo service redis-server restart
To test that the password works, access the Redis command line and try to write ping, you will get this (error) NOAUTH Authentication required. Do not panic, it is normal as in the next example, until you get the OK acknowledgment:
$: redis-cli redis 127.0.0.1:6379> ping (error) NOAUTH Authentication required. redis 127.0.0.1:6379> auth f44f60738a2ecbc060a7fe974371997137ac4e69 OK
N.B. Do not forget to alter your applications to use the new password accordingly.
Enjoy using a secure redis!
In case of any misbehaviour, you can remove the password from the conf file and shutdown redis manually, but you need to make the following:
- Comment the require password line in the redis conf file.
- Go to the redis console
$: redis-cli redis 127.0.0.1:6379> auth f44f60738a2ecbc060a7fe974371997137ac4e69 OK redis 127.0.0.1:6379> shutdown redis 127.0.0.1:6379> quit
- start the redis service, and it is now without a password
sudo service redis_6379 start