Redis is a particularly fast open source database thanks to its data that can be saved both on the memory on the disk. It represents one of the best solutions for developing applications that require real-time data processing.
This tutorial provides a detailed explanation of how to install and configure the Redis database on a server with Linux CentOS 7 distribution and of how to improve your database security and create a replica installation.
First, connect to your server via an SSH connection. If you haven’t done so yet, following our guide is recommended to connect securely with the SSH protocol. In case of a local server, go to the next step and open the terminal of your server.
Installation of Redis
To install Redis, just use the yum package manager:
Once the installation is completed, start the service and install it on the system:
$ sudo systemctl start redis
$ sudo systemctl enable redis
Checking the installation
To verify the correct installation of Redis, use the redis-cli command line client, setting a test value in your database:
$ redis-cli set test 123456
OK
If everything works correctly, the server will reply with "OK". Therefore, check if value has been saved correctly:
$ redis-cli get test
"123456"
Redis will return the value just saved (in this case the string "123456"). Then, delete this test key:
$ redis-cli del test
(integer) 1
Improving the security of your installation
The initial configuration of Redis allows you to connect to the database only from a local address and without requiring any password or form of authentication.
All Redis settings are read by the configuration file in /etc/redis.conf and can be overwritten at any time and in real time, by using any client software through the CONFIG SET / CONFIG GET commands. However, remember that the settings modified by the client are not saved in the configuration file and, , will be lost the next time the Redis is started. .
To improve your database security, set an authentication password, by modifying or inserting the requirepass entry in the configuration file:
requirepass 5eMX822gZ0lCGdd81rSIrTvPCUfeEFYAUIgyJNs4
The password is saved in the plaintext configuration file and has to be long enough to withstand bruteforce attacks as Redis is able to handle multiple connections per second.
Among the most important settings, we also find the bind that sets which on address Redis has to enable the reception of connections:
Only the local address 127.0.0.1 is enabled by default. However, if you need to expose the Redis server to the outside, additional addresses can be added, such as:
bind 127.0.0.1 51.125.63.201
Another common mistake is to leave the default port set for listening to the incoming connections. This allows any port scanning software to locate the Redis server.
By changing the port from 6379 into 2589, the Redis service can be hidden and an additional level of security to your installation added.
After completing all the changes to the configuration file, restart the service:
$ sudo systemctl restart redis
To check the parameters just applied, use redis-cli to obtain, for example, the current binding parameter, using the new configured port and the password set above:
$ redis-cli -a 5eMX822gZ0lCGdd81rSIrTvPCUfeEFYAUIgyJNs4 -p 2589 config get bind
The server should respond with the required parameters:
Creating a replica installation
Redis allows you to configure a replica (copy) server in a few steps. Compared to the master version, this replica server is updated in real time.
Through this configuration, a backup service for reading in case of malfunction of the main server can be offered.
After connecting to the slave secondary server, complete the installation of Redis using yum:
The same security procedures in the previous paragraph can be applied to secure this Redis instance as well. In the following example, the default parameters will be used.
In order to be synchronized with the main (master) server, the slave machine has to correctly communicate with the master machine. Make sure that the public IP address is present on the configuration of the master machine (bind parameter) and check if the connection works by starting the command from the slave machine:
$ redis-cli -h [MASTER_IP_ADDRESS] -a [PASSWORD_MASTER] ping
PONG
Ifa response to the ping command is provided, the slave is able to communicate correctly.
Then, proceed with the actual configuration of the slave, by modifying the following parameters in the configuration file /etc/redis.conf:
# If it is there, specify the master connection password too.
masterauth password
# The slaveof directory specifies the master connection parameters (ADDRESS_IP PORT)
slaveof 195.231.4.71 6379
After completing, save the configuration and start the Redis slave server, typing:
$ sudo systemctl start redis
$ sudo systemctl enable redis
To check that the synchronization has been activated correctly, use tail to view the last lines of the service log file:
$ tail /var/log/redis/redis.log
6345:S 02 Jul 10:53:46.695 * MASTER <-> SLAVE sync: receiving 77 bytes from master
6345:S 02 Jul 10:53:46.695 * MASTER <-> SLAVE sync: Flushing old data
6345:S 02 Jul 10:53:46.695 * MASTER <-> SLAVE sync: Loading DB in memory
6345:S 02 Jul 10:53:46.695 * MASTER <-> SLAVE sync: Finished with success
The last few lines confirm that the synchronization is active and works properly.
Then, perform a real test, setting a value in your database and checking that it is correctly read by the master server.
Set the test key from the master server :
$ redis-cli -a password set test hello
OK
the same value is read from the slave server:
$ redis-cli get test
"hello"
As you can see, both master and slave have stored the same value. This means that the replica is working correctly!