Redis is a fast, versatile in-memory key-value store. With its rapid response, it is mainly used in the caching layer.

What is Redis Server?

Redis stands for Remote Dictionary, and was founded when its founder Salvatore Sanfilippo wanting to improve his startup's scalability. As traditional database systems have major issues scaling some types of workloads, Redis was created to adress those concerns, working as a store and a cache at the same time.

Unlike traditional applications, Redis always modifies and stores data on the main computer memory. Though it stores some data on the disk that's unsuitable for RAM, it reconstructs it back into memory once the computer restarts. This makes it fast and there for very popoular among key-value databases.

In this tutorial, you will learn how to install the Redis server on Ubuntu 20.04 LTS, as well as how to secure it with a password and TLS encryption and perform some redis server config.

Preparing Our VPS Server

Let's prepare our server for our setup; after connecting , you will update the local package index and upgrade any packages that are outdated.

First, we run the apt-get update command as follows:

$ sudo apt-get update

An output similar to the following (cut for brevity) will be displayed, and indexes will be updated.

Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Reading package lists... Done                        
...

Now with the following command, you will upgrade outdated packages.

$ sudo apt-get -y upgrade

The output will look like this:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
...
...

How to build Redis server in Ubuntu 20.04

The first step in the Redis build process is installing the dependencies required to complete it.

$ sudo apt-get install -y build-essential pkg-config libssl-dev

Now, change directory to /tmp.

$ cd /tmp

Download Redis' latest stable version as follows.

$ wget http://download.redis.io/redis-stable.tar.gz

Extract the archive using the tar command.

$ tar -xzvf redis-stable.tar.gz

Change to the newly created directory.

$ cd redis-stable/

Compile Redis server using the make command with two options, one definining the malloc library, and the other enabling TLS support.

$ make MALLOC=libc BUILD_TLS=yes

An output like below will be displayed:

cd src && make all
make[1]: Entering directory '/tmp/redis-stable/src'
    CC Makefile.dep
rm -rf redis-server redis-sentinel redis-cli redis-benchmark ...
...

How to Install Redis server

Once the build is successfull you can continue the Redis install process.

First you need to create a user for Redis server. This user doesn't need to login and doesn't need to have a home directory.

$ sudo adduser --system --group --no-create-home redis

Change directory to build artifacts i.e. src.

$ cd /tmp/redis-stable/src

Copy executable files to /usr/local/bin so they are in the system path.

$ sudo cp redis-server redis-cli redis-benchmark redis-check-aof redis-check-rdb /usr/local/bin/

Create a data directory for Redis server, change the ownership to redis user, and make sure only redis user and redis group are able to read and write.

$ sudo mkdir /var/lib/redis
$ sudo chown -R redis:redis /var/lib/redis
$ sudo chmod 770 /var/lib/redis

Create a directory to hold the logs.

$ sudo mkdir /var/log/redis
$ sudo chown -R redis:redis /var/log/redis

Create a directoy to hold the pid file.

$ sudo mkdir /var/run/redis
$ sudo chown -R redis:redis /var/run/redis

Finally, create a directory for configuration files.

$ sudo mkdir /etc/redis
$ sudo chown -R redis:redis /etc/redis

Change directory to the source.

$ cd /tmp/redis-stable/

Copy the distributed configuration file to the redis configiration directory.

$ sudo cp redis.conf /etc/redis/

Create a file to be used for systemd to manage the Redis server service.

$ sudo nano /etc/systemd/system/redis.service

Paste the following and save and exit (using Ctrl-x)

[Unit]
Description=Advanced key-value store
After=network.target
Documentation=http://redis.io/documentation, man:redis-server(1)

[Service]
Type=forking
ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf
PIDFile=/run/redis/redis-server.pid
ExecStartPost=/bin/sh -c "echo $MAINPID > /run/redis/redis-server.pid"
TimeoutStartSec=5
TimeoutStopSec=5
Restart=always
User=redis
Group=redis

UMask=007
PrivateTmp=yes
LimitNOFILE=65535

ReadOnlyDirectories=/
ReadWritePaths=-/var/lib/redis
ReadWritePaths=-/var/log/redis
ReadWritePaths=-/run/redis


# redis-server can write to its own config file when in cluster mode so we
# permit writing there by default. If you are not using this feature, it is
# recommended that you replace the following lines with "ProtectSystem=full".
ProtectSystem=full
#ReadWriteDirectories=-/etc/redis

[Install]
WantedBy=multi-user.target
Alias=redis.service

How to perform Redis server config

The first step in Redis configuration is to copy the distribution configuration so we have a backup:

$ sudo cp /etc/redis/redis.conf /etc/redis/redis.conf_original-20200703

Open the Redis config, redis.conf with your favorite editor. This guide uses nano.

$ sudo nano /etc/redis/redis.conf

Change the supervised setting to systemd as we are using a systemd based distribution.

supervised systemd

Set the daemonize option to yes.

daemonize yes

Make sure Redis server listens on all IP addresses so other servers can reach. If you are setting up a local Redis server you can skip this step.

bind 0.0.0.0 ::

Set the pidfile directive to the correct path.

pidfile "/run/redis/redis-server.pid"

Set the logfile directive to the correct path.

logfile "/var/log/redis/redis.log"

Set the data folder to the correct path.

dir /var/lib/redis/

Save and exit (using Ctrl-x)

Securing Redis server with password

In this step, you will configure Redis server with a password so that only authenticated clients are allowed.

Generate a random password using the openssl command.

$ openssl rand -base64 100

A similar output to below will be shown.

Ro0R/Cj19W9RuDdNSq2Yoqx0f5H4B6/Fs/Y7AdkJkvppiW8ZxftCFjdl7zA2sP8A
e9fdIWAcBGekrqGTg3AjisaZ50O61k96N+0sPGI4yqqT57A144SYF7aLM0GliUpy
tR6KEA==

Open redis.conf with the editor.

$ sudo nano /etc/redis/redis.conf

Paste the following at the end of the file. This defines the password required to authenticate.

requirepass "Ro0R/Cj19W9RuDdNSq2Yoqx0f5H4B6/Fs/Y7AdkJkvppiW8ZxftCFjdl7zA2sP8Ae9fdIWAcBGekrqGTg3AjisaZ50O61k96N+0sPGI4yqqT57A144SYF7aLM0GliUpytR6KEA=="

Save and exit (using Ctrl-x)

Secure Redis server with TLS

In this section, you will generate a key/certificate pair to secure the communication between Redis server and client.

First you will create the certificate and the key using the openssl command

$ sudo openssl req -x509 -nodes -newkey rsa:4096 -keyout /etc/redis/redis-server-key.pem -out /etc/redis/redis-server-cert.pem -days 365

After generating the required certificate, go ahead and edit the configuration file.

$ sudo nano /etc/redis/redis.conf

With the following lines you point it to the certificate, key file and system certificate authority file.

tls-cert-file /etc/redis/redis-server-cert.pem
tls-key-file /etc/redis/redis-server-key.pem
tls-ca-cert-file /etc/ssl/certs/ca-certificates.crt

Now, disallow clients that don't use TLS.

tls-auth-clients no

Disable non-TLS services.

port 0

Enable TLS based service on default Redis port.

tls-port 6379

Save and exit (using Ctrl-x)

Restart the Redis server.

$ sudo systemctl restart redis-server

Check the status of the Redis server.

$ sudo systemctl status redis-server

An output similar to the following will be displayed:

● redis.service - Advanced key-value store
     Loaded: loaded (/etc/systemd/system/redis.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2020-07-04 06:53:56 UTC; 1 weeks 0 days ago
       Docs: http://redis.io/documentation,
             man:redis-server(1)
   Main PID: 1053 (redis-server)
      Tasks: 4 (limit: 614)
     Memory: 3.8M
     CGroup: /system.slice/redis.service
             └─1053 /usr/local/bin/redis-server 0.0.0.0:6379

Jul 04 06:53:56 5eca7132aa8cc30001a9eb8b systemd[1]: Starting Advanced key-value store...
Jul 04 06:53:56 5eca7132aa8cc30001a9eb8b systemd[1]: redis.service: Failed to parse PID from file /run/redis/redis-server.pid: Invalid argument
Jul 04 06:53:56 5eca7132aa8cc30001a9eb8b systemd[1]: Started Advanced key-value store.

Now you can connect to your Redis server via redis-cli client.

$ redis-cli --tls --cacert /etc/redis/redis-server-cert.pem

When setting a key/value pair, the server points out that authentication is required.

127.0.0.1:6379> set test "hello world"
(error) NOAUTH Authentication required.

Authenticate using the auth command and the password you set earlier.

127.0.0.1:6379> auth Ro1R/Cj19W9RuDdNSq2Yoqx0f5H4B6/Fs/Y7AdkJkvppiW8ZxftCFjdl7zA2sP8Ae9fdIWAcBGekrqGTg3AjisaZ50O61k96N+0sPGI4yqqT57A144SYF7aLM0GliUpytR6KEA==

Authentication is successful.

OK

Now you can set the key test with value hello world.

127.0.0.1:6379> set test "hello world"

Operation is a success.

OK

Now you can retreive the value.

127.0.0.1:6379> get test
"hello world"
127.0.0.1:6379> 

Conclusion

You have now learned to install Redis on Ubuntu, as well as how to configure it and secure it with password authentication and client-server encryption.

Your secure Redis server is ready to use.

References

Redis Documentation

For a fast, private VPS to use with your Redis serverinstall, sign up to BitLaunch here.