What is Redis?
Redis is an open-source in-memory key-value data store that supports different kinds of data structures. It can be used as a database, cache, message broker, and queue.
Its amazingly fast, written in C and built-in replication with different levels of on-disk persistence, provides high availability through Redis Sentinel and automatic partitioning with Redis Cluster.
In this tutorial, you will learn how to install and manage Redis on the CentOS 8 Server. Furthermore, you will learn how to secure Redis with Password authentication, setup bind IP address to local Network, and disable Redis dangerous command.
Below is the tutorial about the CentOS 8 server installation.
Before going any further, log in to your CentOS server and type the sudo command to get the root privileges on your system.
Step 1 – Install Redis
First, you will install the Redis packages, which available by default on the CentOS AppStream repository.
Install Redis to the CentOS 8 Server using the dnf command below.
dnf install redis
Once the installation is finished, start the Redis service and add it to the system boot, then check the Redis service status.
systemctl enable --now redis systemctl status redis
As a result, the Redis service is up and running, and you’ve successfully installed Redis on the CentOS 8 server.
Step 2 – Configure Redis
In general, the default Redis configuration file located at the ‘/etc/redis.conf’. And for this step, you will learn the basic configuration of Redis by editing its configuration file.
Edit the Redis configuraiton ‘/etc/redis.conf’ using vim editor.
On the ‘bind’ option, define the IP address that Redis will run under. Use the localhost ‘127.0.0.1’ or use your local network IP address.
Now change the ‘supervised’ option to ‘systemd’, because the default service manager for CentOS is systemd.
Save and close.
Next, restart the Redis service and make sure there is no error.
systemctl restart redis
As a result, you’ve successfully configured Redis on the CentOS system.
Now test the Redis configuration using the ‘redis-cli’ command as below.
The ‘redis-cli’ command will automatically connect to the Redis server on your system.
Now send the ‘ping’ message to a Redis server.
You will get the ‘PONG’ as a response.
Next, create a new key named ‘test’ with the value ‘Redis is Working!’, then call the ‘test’ key.
set test "Redis is Working!" get test
And you will get the value ‘Redis is Working!‘ as can be seen below.
As a result, your Redis configuration is working without any error, now type ‘exit’ to logout from the ‘redis-CLI’ shell.
Step 3 – Secure Redis
At this stage, your Redis service is up and running, but its important to realize that you must secure your Redis installation.
For this step, you will secure Redis by specifying the bind-address, enable Redis password authentication, and disable/rename some Redis dangerous command.
Edit the Redis confogiration ‘/etc/redis.conf’ using vim editor.
– Bind Address to Local Network
For the production environment, you should run Redis on the internal IP address. And for security reasons, don’t run Redis server under the public IP address.
Run Redis under the internal network IP address using the ‘bind’ option as below.
As a result, the Redis service will be run on the local IP address ‘10.5.5.36’.
– Enable Password Authentication
By default, the password authentication on Redis is disabled. You will generate a new password and enable Redis authentication through the ‘requirepass’ option.
Open a new SSH session and generate a new password using the openssl command below.
openssl rand 60 | openssl base64 -A
Copy the password to your note.
After that, back to the previous SSH session, uncomment the ‘requirepass’ option and change the password with your own.
As a result, you’ve enabled password authentication for the Redis server.
– Disable/Rename Dangerous Commands
On Redis, you can disable commands or make it an unguessable name. In effect, a normal client cannot run some dangerous commands on the Redis server.
To disable command on Redis, use the ‘rename-command’ option. Also, you must disable the ‘CONFIG’ command, so the normal client cannot read the Redis configuration.
Disable Redis command using the ‘rename-command’ as below.
# rename-command COMMAND "CUSTOM" rename-command FLUSHALL "DefineYourCommandForFlushAsYouWant" rename-command CONFIG "DefineYourCommandForShowingConfigRedis"
As a result, you’ve disabled the ‘FLUSHALL’ and ‘CONFIG’ command. A normal client cannot run both commands, and will not be able to read the Redis configuration.
Next, restart the Redis service to apply the new configuration.
systemctl restart redis
And finally, you’ve successfully secured the Redis Server.
Step 4 – Testing
In this step, you will test the Redis authentication and run disabled commands.
– Testing Redis Password Authentication
To test Redis authentication, run the ‘redis-cli’ command below.
Now type the ‘ping’ query and create a new key named ‘key1’ as below.
ping set key1 "value1"
And you will get an error response about the ‘Authentication Required‘ for both commands.
Next, authenticate against Redis Server using your password.
If your password is correct, you will get an ‘OK‘ response.
After that, run the ping command again and create a new key.
ping set key1 "value1" get key1
Once you’re authenticated, you will get the ‘PONG‘ response, and you’ve created a new key named ‘key1‘.
As a result, you’ve successfully enabled the Redis Password Authentication.
– Run Renamed Command
At the top, you’ve disabled the ‘FLUSHALL’ and ‘CONFIG’ commands.
The ‘FLUSHALL’ command is used to delete all keys from the database, and the ‘CONFIG’ command is used to set up and show the configuration of Redis.
Remove all available keys on the Redis server using the ‘FLUSHALL’ command below.
Now you will get an error response ‘Unknow command ‘FLUSHALL’‘ because it’s disabled.
Also, for the ‘CONFIG’ command, you will get the same error response.
The ‘unknown command ‘CONFIG’‘.
Now try to use the command that you’ve defined on the Redis configuration.
DefineYourCommandForFlushAsYouWant DefineYourCommandForShowingConfigRedis get bind DefineYourCommandForShowingConfigRedis get supervised
And you will get the result as below.
As a result, you’ve successfully disabled commands on the Redis Server.
And finally, you’ve successfully install Redis on the CentOS 8 Server. Also, you’ve secured the Redis Server installation.