Redis is known most frequently as a caching software but it is actually much more. Redis is a NoSQL database system that holds in memory sets of data which can persist on disk and its often used together with popular software like Magento or WordPress. The data model key-value supports several data types: strings, lists, sets, hashes, bitmaps, hyperloglogs, geospatial indexes with radius queries and streams.

 

Install & enable EPEL repository

We will install the EPEL repository to the CentOS 7 system, which provides the latest version of the Redis package for our installation.

 

sudo yum install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.....
* extras: mirrors.....
* updates: mirrors......
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================
Installing:
epel-release noarch 7-11 extras 15 k

Transaction Summary
=============================================================================================================================================================================================
Install 1 Package

Total download size: 15 k
Installed size: 24 k
Is this ok [y/d/N]: y
Downloading packages:
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : epel-release-7-11.noarch 1/1
Verifying : epel-release-7-11.noarch 1/1

Installed:
epel-release.noarch 0:7-11

Complete!

Installing Redis on CentOS 7

Once EPEL repository was installed, we can proceed to install the latest Redis package. Check the available Redis version with yum:

yum search redis
yum info redis

Install Redis using yum:

sudo yum install redis -y
...
(1/3): epel/x86_64/group_gz                                                                                                                                           |  95 kB  00:00:00
(2/3): epel/x86_64/primary_db                                                                                                                                         | 6.9 MB  00:00:00
(3/3): epel/x86_64/updateinfo                                                                                                                                         | 1.0 MB  00:00:00
Resolving Dependencies
--> Running transaction check
---> Package redis.x86_64 0:3.2.12-2.el7 will be installed
--> Processing Dependency: libjemalloc.so.1()(64bit) for package: redis-3.2.12-2.el7.x86_64
--> Running transaction check
---> Package jemalloc.x86_64 0:3.6.0-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================
 Package                                       Arch                                        Version                                           Repository                                 Size
=============================================================================================================================================================================================
Installing:
 redis                                         x86_64                                      3.2.12-2.el7                                      epel                                      544 k
Installing for dependencies:
 jemalloc                                      x86_64                                      3.6.0-1.el7                                       epel                                      105 k

Transaction Summary
=============================================================================================================================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 648 k
Installed size: 1.7 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/epel/packages/jemalloc-3.6.0-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for jemalloc-3.6.0-1.el7.x86_64.rpm is not installed
(1/2): jemalloc-3.6.0-1.el7.x86_64.rpm                                                                                                                                | 105 kB  00:00:00
(2/2): redis-3.2.12-2.el7.x86_64.rpm                                                                                                                                  | 544 kB  00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                        2.2 MB/s | 648 kB  00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <[email protected]>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package    : epel-release-7-11.noarch (@extras)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : jemalloc-3.6.0-1.el7.x86_64                                                                                                                                               1/2
  Installing : redis-3.2.12-2.el7.x86_64                                                                                                                                                 2/2
  Verifying  : redis-3.2.12-2.el7.x86_64                                                                                                                                                 1/2
  Verifying  : jemalloc-3.6.0-1.el7.x86_64                                                                                                                                               2/2

Installed:
  redis.x86_64 0:3.2.12-2.el7

Dependency Installed:
  jemalloc.x86_64 0:3.6.0-1.el7

Complete!

Start the Redis service and make sure it will automatically start at boot time:

systemctl start redis
systemctl enable redis

Verify whether Redis service is active and running as well as service status:

systemctl status redis
● redis.service - Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/redis.service.d
           └─limit.conf
   Active: active (running) since Fri 2020-07-31 12:25:14 EEST; 5s ago
 Main PID: 31674 (redis-server)
   CGroup: /system.slice/redis.service
           └─31674 /usr/bin/redis-server 127.0.0.1:6379

Jul 31 12:25:14 testmxforge.hostx.ro systemd[1]: Starting Redis persistent key-value database...
Jul 31 12:25:14 testmxforge.hostx.ro systemd[1]: Started Redis persistent key-value database.

Redis server is now running successfully on your  server.

 

How to configure Redis

Edit the Redis configuration file /etc/redis.conf using vim editor:

vim /etc/redis.conf

Look for a line that starts with bind. Change bind address with your internal network IP address.If you don’t need to access Redis remotely you may leave the IP 127.0.0.1.

bind 127.0.0.1

Change the daemonize value to yes in order to run the Redis service as a daemon:

daemonize yes

Restart Redis service:

systemctl restart redis

Once the basic configuration of the Redis Server has been completed, connect to the Redis Server using the redis-cli command:

redis-cli

Execute the following ping command:

ping
ping "Hello Redis"

If Redis is running correctly, you should see the response PONG.

 

How to secure your Redis installation

When dealing with securing Redis Server, we must know three important things:

1. Network security for Redis is related to the bind configuration option in redis.conf.  It is advisable to use a internal private network IP for your Redis installation and don’t expose your instance to Internet.

Edit the Redis configuration file /etc/redis.conf using vim editor:

vim /etc/redis.conf

On the bind section, change the IP address with your own internal network IP address, then save and close:

bind MY-INTERNAL-IP

redis service will now run under the MY-INTERNAL-IP.

2. Password authentication for Redis will give you access control to your Redis server. Password authentication adds a layer of security, enhancing your Redis server security. For Internet exposed Redis instances it is recommended to extend this layer by restricting access at firewall level based on client’s IP.

In order to enable Password Authentication for Redis server (it is not yet enabled by default installation), you have to to uncomment the requirepass section on the redis.conf file and type a strong password after it:

requirepass G$)m3fVf#

Replace G$)m3fVf# with another password, but maintain a similar level of complexity. Password authentication for Redis is now enabled.

3. Redis provides a feature for disabling some specific Redis commands, like FLUSHALL for erasing all data, CONFIG command to setup configuration parameter through the Redis CLI, etc.

In order to change or disable a Redis command, use the rename-command option. Edit the redis configuration file redis.conf and add some configurations below, then save and close:

# rename-command COMMAND "CUSTOM"
rename-command CONFIG "BOOGY1"
rename-command FLUSHALL "BOOGY2"

When all is complete, restart the redis service using the systemctl command:

systemctl restart redis

 

Testing a Redis Server deployment

– Testing Host and Authentication

Connect to the Redis Server using the redis-cli command by specifying the redis server hostname/ IP address and port.

redis-cli -h 127.0.0.1 -p 6379

replace 127.0.0.1 with your IP address. When connected to the server, try the ping command:

ping
ping "Hello Redis"

In the given result of the above command you are getting an error because you need to authenticate before invoking any command on the Redis CLI shell.

Execute the following command to authenticate against the Redis Server:

AUTH G$)m3fVf#

Then you can try the ping command and you will get a reply from the Redis server:

ping
ping "Hello Redis"

– Testing Disabled/Renamed Command

Run all commands that we have renamed on the shell and you will get the command error.

CONFIG
FLUSHALL

You will get the error result of those commands. Run the CUSTOM commands for each.

Create a new Key using the SET command as shown:

SET Name "Victoria Labs"
SET Blog "MXForgecom"

Keys *

Delete all keys and data using the renamed FLUSHALL command DELITALL:

DELITALL

For the CONFIG command, you can try to retrieve or set up new value of the Redis Server configuration. The CONFIG command renamed to REDISCONFIG:

REDISCONFIG get bind
REDISCONFIG get requirepass

 

 

Now you know how to install and configure Redis on a CentOS 7 server as well as to apply the basic security for Redis server.