Install and Configure Redis on Rocky Linux 8 | Full Guide

By Posted on

Install and Configure Redis on Rocky Linux 8 | Full Guide

Install and Configure Redis on Rocky Linux 8 | Full Guide

In this guide from Orcacore, we will teach you How To Install and Configure Redis on Rocky Linux 8. Redis is a lightning-fast in-memory database and cache. This open-source solution, licensed under BSD and written in C, is meticulously optimized for speed. The name "Redis" is derived from "Remote Dictionary Server."

Often referred to as a data structure server, Redis offers core data types akin to those found in programming languages, including strings, lists, dictionaries (or hashes), sets, and sorted sets. Its capabilities extend to advanced data structures and features for approximate counting, geolocation, and stream processing. Understanding how to Install and Configure Redis on Rocky Linux 8 is a valuable skill for any system administrator or developer.

To follow this guide, you will need access to a server running Rocky Linux 8 with a non-root user configured with sudo privileges and a basic firewall setup. You can refer to our guide on Initial server setup with Rocky Linux 8 for instructions. Let’s get started to Install and Configure Redis on Rocky Linux 8.

1. Install Redis Server on Rocky Linux 8

First, update your local package index:

sudo dnf update -y

Next, use the DNF Package Manager to install the EPEL repository and Redis:

# sudo dnf install epel-release -y
# sudo dnf install redis -y

Once the installation completes, proceed to the next step to start and enable your Redis server.

2. Manage Redis Server on Rocky Linux 8

Now, you’ll need to make some configuration changes in the Redis configuration file. Open the file with your preferred text editor (we’re using vi here):

sudo vi /etc/redis.conf

Inside the file, find the supervised directive. This directive allows you to declare an init system to manage Redis as a service, giving you more control over its operation.

By default, it’s set to no; change it to systemd:

manage Redis as a service

Save and close the file when you’re done.

Start the Redis service on Rocky Linux 8:

sudo systemctl start redis.service

To enable Redis to start automatically at boot:

sudo systemctl enable redis

Check that Redis is active and running:

sudo systemctl status redis

The output should resemble:

Verify Redis is active and running

Test Redis’s functionality:

redis-cli ping

The output should be:

Output
PONG

This confirms that a Redis server is running on your Rocky Linux 8 system. You can now configure it further to enhance its security.

3. Secure Redis Server on Rocky Linux

A key aspect of securing Redis is protecting the server it runs on. Ensure Redis is only accessible via localhost or a private IP address, and that the server’s firewall is active.

Reopen the Redis configuration file:

sudo vi /etc/redis.conf

Locate the bind line:

. . .
bind 127.0.0.1

Note: If binding Redis to another IP address, use a private IP.

. . .
bind your_private_ip

Save and close the file.

Assuming Firewalld is installed and enabled (as outlined in the requirements), restrict access to your Redis server to specific hosts using their private IP addresses.

Add a dedicated Redis zone to your firewalld policy:

sudo firewall-cmd --permanent --new-zone=redis

Redis uses port 6379 by default. Open it through the firewall:

sudo firewall-cmd --permanent --zone=redis --add-port=6379/tcp

Specify private IP addresses allowed to access Redis:

sudo firewall-cmd --permanent --zone=redis --add-source=client_server_private_IP

Reload the firewall to apply changes:

sudo firewall-cmd --reload

Note: Services in the default zone apply to all connections, so you don’t need to add other services (e.g., SSH) to the Redis zone.

Next, let’s see how to configure Redis to only be accessible with a strong password.

4. Set up a Strong Password For the Redis Server

Configure a Redis password directly in the Redis configuration file. Open it again:

sudo vi /etc/redis.conf

Find the Security section and the requirepass foobared directive. Uncomment it (remove the #) and replace foobared with a strong password.

requirepass your-strong-password

Save and close the file.

Restart Redis:

sudo systemctl restart redis

Test the password. Open the Redis client:

redis-cli

Try setting a key before authenticating:

127.0.0.1:6379> set key1 10

Redis returns an error:

127.0.0.1:6379> NOAUTH Authentication required.

Authenticate with the password:

127.0.0.1:6379> auth your_redis_password

The output will show OK.

Now run the previous command again:

127.0.0.1:6379> set key1 10

The output will show OK.

Query Redis for the value of the new key:

127.0.0.1:6379> get key1
Output
"10"

Exit the Redis client:

127.0.0.1:6379> quit

Note: Unauthorized access to your Redis installation should now be difficult. Remember to re-authenticate after restarting Redis. Also, without SSL or a VPN, the unencrypted password will be visible to outside parties if you’re connecting to Redis remotely.

You can also rename Redis commands to protect Redis from malicious actors.

5. Rename Redis Dangerous Commands

For increased security, Redis allows you to rename or disable commands considered dangerous, such as FLUSHDB, FLUSHALL, KEYS, CONFIG, DEBUG, SHUTDOWN, SAVE, STOP, RENAME, etc.

Disable commands you won’t use. Otherwise, rename them.

Open the Redis configuration file and go to the Security section:

sudo vi /etc/redis.conf

Note: These are examples. Choose to disable or rename commands that make sense for you. Learn more about Redis’s commands and determine how they might be misused at redis.io/commands.

Disable a command by renaming it to an empty string:

disable or kill a Redis command

Rename a command:

Rename a Redis command

Save and close the file.

Restart Redis:

sudo systemctl restart redis.service

Open the Redis client to test the new commands:

redis-cli

Authenticate:

127.0.0.1:6379> auth your_redis_password

Assuming you renamed the config command to orca_config, using config will result in an error:

127.0.0.1:6379> config get requirepass
Output
(error) ERR unknown command `config`

Use the renamed command instead:

127.0.0.1:6379> orca_config get requirepass

The output:

Output
1) "requirepass"
2) "your_redis_password"

Exit the Redis client:

127.0.0.1:6379> exit

Warning: At the end of the Security section in the /etc/redis.conf file, there’s a warning:

Redis warning statement

The best time to rename commands is when you’re not using AOF persistence or right after installation.

6. Set Correct Ownership and Permissions For Redis Server

Set ownership and make permission changes to improve the security of your Redis installation on Rocky Linux 8. Ensure only the Redis user can read its data.

Check the Redis data directory ownership and permissions:

ls -l /var/lib | grep redis
Output
drwxr-x---   2 redis          redis          4096 Sep 12 04:31 redis

The Redis data directory is owned by the Redis user and group.

If the Redis directory has insecure permissions, change the file permissions:

sudo chmod 770 /var/lib/redis

Check the Redis configuration file permissions:

ls -l /etc/redis.conf
Output
-rw-r----- 1 redis root 62243 Sep 12 04:31 /etc/redis.conf

The Redis configuration file is readable only by the Redis user and the root group. Change the file to be readable by the Redis user and the Redis group:

sudo chown redis:redis /etc/redis.conf

Change the permissions so only the owner can read and write:

sudo chmod 600 /etc/redis.conf

Verify the changes:

ls -l /var/lib | grep redis
Output
drwxrwx---   2 redis          redis          4096 Sep 12 04:31 redis
ls -l /etc/redis.conf
Output
-rw------- 1 redis redis 62243 Sep 12 04:31 /etc/redis.conf

Restart Redis:

sudo systemctl restart redis

Your Redis installation on Rocky Linux 8 is now secured. Properly configuring and securing Redis is crucial for maintaining data integrity and system stability.

Conclusion

You have now learned to install and configure Redis Server on Rocky Linux 8. By installing Redis with dnf, starting and enabling the Redis service, and adjusting the configuration file, you can set up a reliable in-memory data store for your applications.

We hope you enjoyed this guide. Please subscribe to us on Facebook, X, and YouTube.

You may also like these articles:

Install Fiber Server with Golang on Rocky Linux 8

Basic MySQL In Linux

How to install PuTTY in Linux

How to edit the Sudoers file

Alternative Solutions for Installing and Configuring Redis on Rocky Linux 8

While the original article provides a comprehensive guide to installing and configuring Redis on Rocky Linux 8 using the dnf package manager, here are two alternative approaches you might consider:

1. Using Docker to Deploy Redis

Docker provides a containerized environment that simplifies the deployment and management of applications like Redis. This method is especially useful for ensuring consistent environments across different systems and for isolating Redis from the host operating system.

Explanation:

Docker containers package an application with all its dependencies, ensuring it runs the same way regardless of the host environment. This eliminates many configuration issues that can arise from differences in operating systems or installed packages. Docker also allows you to easily manage Redis versions and configurations through Docker images and Compose files.

Steps:

  1. Install Docker: If Docker is not already installed, follow the official Docker documentation to install it on your Rocky Linux 8 system:

    sudo dnf install docker-ce --nobest -y
sudo systemctl start docker
sudo systemctl enable docker

  2. Pull the Redis Image: Download the official Redis Docker image from Docker Hub:

    sudo docker pull redis

  3. Run the Redis Container: Create and run a Redis container with desired configurations. For example, to expose Redis on port 6379 and mount a volume for persistent data storage:

    sudo docker run -d --name redis-server -p 6379:6379 -v redis_data:/data redis redis-server --requirepass your_strong_password
    • -d: Runs the container in detached mode (in the background).
    • --name redis-server: Assigns a name to the container.
    • -p 6379:6379: Maps port 6379 on the host to port 6379 in the container.
    • -v redis_data:/data: Mounts a named volume redis_data to the /data directory in the container, where Redis stores its data. This makes the data persistent across container restarts.
    • redis redis-server --requirepass your_strong_password: Specifies the image to use (redis) and the command to run inside the container, which starts the Redis server with a password.

  4. Connect to Redis: You can now connect to the Redis server running inside the Docker container using the redis-cli tool, either installed on your host or by executing it within the container:

    sudo docker exec -it redis-server redis-cli -a your_strong_password

    This command opens an interactive shell in the redis-server container and runs redis-cli with authentication.

2. Compiling Redis from Source

Another alternative is to compile Redis directly from the source code. This method provides greater control over the build process and allows you to optimize Redis for your specific hardware and software environment.

Explanation:

Compiling from source allows you to customize build options, such as compiler flags and linked libraries, potentially improving performance. It also gives you access to the latest Redis features and bug fixes before they are available in package managers.

Steps:

  1. Install Dependencies: Ensure you have the necessary build tools and dependencies installed on your Rocky Linux 8 system:

    sudo dnf install -y gcc make tcl

  2. Download Redis Source Code: Download the latest stable Redis source code from the official Redis website (https://redis.io/download/) or use wget:

    wget https://download.redis.io/releases/redis-stable.tar.gz
tar xzf redis-stable.tar.gz
cd redis-stable

  3. Compile Redis: Compile the Redis source code using make:

    make

  4. Run Tests (Optional): Run the Redis test suite to ensure the build is working correctly:

    make test

  5. Install Redis: Install the compiled Redis binaries to /usr/local/bin:

    sudo make install

  6. Configure Redis: Copy the redis.conf file from the source directory to /etc and configure it as needed:

    sudo cp redis.conf /etc/redis.conf
sudo vi /etc/redis.conf

    Make the necessary changes to the configuration file, such as setting the supervised directive to systemd, binding to a specific IP address, and setting a password.

  7. Create a Systemd Service File: Create a systemd service file to manage Redis as a service. Create a file named /etc/systemd/system/redis.service with the following content:

    [Unit]
Description=Redis In-Memory Data Store
After=network.target

[Service]
User=redis
Group=redis
ExecStart=/usr/local/bin/redis-server /etc/redis.conf
ExecStop=/usr/local/bin/redis-cli shutdown
Restart=always

[Install]
WantedBy=multi-user.target

    Create the redis user and group:

    sudo groupadd redis
sudo useradd -r -g redis redis
sudo chown -R redis:redis /etc/redis.conf

  8. Start and Enable Redis: Start and enable the Redis service:

    sudo systemctl start redis
sudo systemctl enable redis
sudo systemctl status redis

These alternative methods offer different trade-offs in terms of ease of use, control, and customization. Docker simplifies deployment and ensures consistency, while compiling from source provides maximum control and potential for optimization. Both provide valid methods to Install and Configure Redis on Rocky Linux 8.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *