There is a new version of this tutorial available for CentOS 8.

How to Install and Secure Redis on CentOS 7

Redis is an open-source, in-memory data structure store, used as a database, cache, and message broker. It's a distributed in-memory key-value database with optional durability. Supports major data structures such as string, hashes, lists, sets, bitmaps, sorted sets, HyperlogLogs, stream, and geospatial indexes with radius queries.

In this tutorial, we will show you how to install and configure Redis Server on CentOS 7. We will install the Redis Server from the Remi repository, and then secure the installation.

Prerequisite

For this guide, we will install the Redis on CentOS 7 Server with 1GB of RAM and 2CPUs. This is for testing only, and you will need more than this for your production.

What we will do:

  • Install and Enable Remi Repository
  • Install Redis Server
  • Configure Redis Server
  • Securing Redis Server
  • Testing

Step 1 - Install and Enable Remi Repository

Firstly, we will add the Remi repository to the CentOS 7 system. The Remi repository provides the latest version of Redis package for our installation.

Before adding the Remi repository, let's install the EPEL repository and yum utility packages.

sudo yum install epel-release yum-utils

Now add the Remi repository for CentOS 7 using the yum command below.

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

After that, enable the 'remi' repository using the yum-config-manager tool as below.

sudo yum-config-manager --enable remi

The Remi repository has been added and enabled on the CentOS 7 system, check using the yum command below.

yum repolist enabled

And you will get the result as below.

Add Remi repository

Step 2 - Install Redis on CentOS 7

After installing the Remi repository, we will install the latest Redis package. You can check the available Redis version using the yum command below.

yum search redis
yum info redis

Now you will get the Redis 5.0.5 is available on the Remi repository.

Install Redis on CentOS

Install Redis using the command below.

sudo yum -y install redis

Once the installation is complete, start the redis service and add it to the system boot.

systemctl start redis
systemctl enable redis

The Redis service is up and running with the default configuration, check the service status and the port used by the server.

systemctl status redis
netstat -plntu

And you will get the result as below.

Check Redis status

The Redis server is up and running on CentOS 7 system, running the localhost IP address '127.0.0.1' with default TCP port '6379'.

Step 3 - Configure Redis

In this step, we're going to configure our Redis Server installation on the CentOS 7 server.

Edit the Redis configuration file '/etc/redis.conf' using vim editor.

vim /etc/redis.conf

Now change 'bind' address with your internal IP address. If you're running as a cluster, you can change with the private IP address. It's recommended to run the Redis Server on private internal IP address.

bind 127.0.0.1

Now change the 'daemonize' value to 'yes', because we will run the Redis service as a daemon.

daemonize yes

Since we're using the CentOS 7 server and systemd, so we need to change the 'supervised' line configuration to 'systemd'.

supervised systemd

Save and close.

Now restart the redis service.

systemctl restart redis

The basic configuration of the Redis Server has been completed. Now connect to the Redis Server using the redis-cli command as below.

redis-cli

Run the ping command below.

ping
ping "Hello Redis"

If your installation is correct, you will get the 'PONG' reply and the message that you write after the command.

Edit Redis configuration

Step 4 - Securing Redis Installation

In this step, we're going to secure our Redis installation. There are 3 things that you must know about securing the Redis Server.

1. Network Security

The Network security for redis server is related with the 'bind' configuration on the redis configuration 'redis.conf'. It's recommended to use the internal private network for your Redis installation and don't use the public.

Edit the Redis configuration file '/etc/redis.conf' using vim editor.

vim /etc/redis.conf

On the 'bind' section, change the IP address with your own internal network IP address.

bind INTERNAL-IP-ADDRESS

Save and close.

And now the redis service will run under the 'INTERNAL-IP-ADDRESS'.

2. Password Authentication

The password authentication for Redis will give you access control to your Redis server. This is a little layer of security that will enhance your Redis server security, and it is not yet enabled by default installation.

To enable the Password Authentication for Rediser server, you will need to uncomment the 'requirepass' section on the 'redis.conf' file and type your strong password after it.

requirepass hakase-labs321@#$

Change the 'hakase-labs321@#$' with your strong password. And now the password authentication for Redis has been enabled.

3. Disabling Dangerous Redis Command

Redis provides a feature for disabling some specific Redis command. This feature can be used to rename or disable some of the dangerous commands such as 'FLUSHALL' for erasing all data, 'CONFIG' command to setup configuration parameter through the Redis CLI, etc.

To change or disable the Redis command, you can use the 'rename-command' option. Edit the redis configuration file 'redis.conf' and add some configurations below.

# rename-command COMMAND "CUSTOM"
rename-command CONFIG "REDISCONFIG"
rename-command FLUSHALL "DELITALL"

Save and close.

Once all is complete, restart the redis service using the systemctl command below.

systemctl restart redis

And the basic Redis security for securing Redis installation has been applied to our host.

Secure Redis configuration

Other consideration, you may also need the 'Data Encryption' support for Redis, as well as the secure coding needed on the application side.

Step 5 - Testing

In this step, we're going to test our Redis Server deployment using the 'redis-cli' command line.

- Testing Host and Authentication

Connect to the Redis Server using the redis-cli command by specifying the redis server hostname/ IP address and port.

redis-cli -h 10.5.5.15 -p 6379

Change the '10.5.5.15' with your IP address.

Once you're connected to the server, try the ping command.

ping
ping "Hello Redis"

Now you will get the result as below.

Test Redis

You're getting ann error because you need to authenticate before invoking any command on the Redis CLI shell.

Run the following command to authenticate against the Redis Server.

AUTH hakase-labs321@#$

Once you're authenticated, you can try the ping command and you will get a reply from the Redis server.

ping
ping "Hello Redis"

Below is the result after you're authenticated to the Redis Server.

Ping Redis

- Testing Disabled/Renamed Command

Run all commands that we've renamed on the shell and you will get the command error.

CONFIG
FLUSHALL

Below is the error result of those commands.

Used Redis CLI

Next, run the 'CUSTOM' commands for each.

Create a new Key using the 'SET' command as below.

SET Name "Hakase Labs"
SET Blog "Howtoforge.com"

Keys *

Now delete all keys and data using the renamed 'FLUSHALL' command 'DELITALL'.

DELITALL

For the 'CONFIG' command, you can try to retrieve or set up new value of the Redis Server configuration. The 'CONFIG' command renamed to 'REDISCONFIG'.

REDISCONFIG get bind
REDISCONFIG get requirepass

And below is the result of these new renamed custom command.

Use REDISCONFIG command

The Basic installation of Redis Server on CentOS 7 Server has been completed, and the basic security for Redis Server has been applied.

Reference

Share this page:

2 Comment(s)