From output above we learned that redis server is already listening on port 6379 and bind to localhost or 127.0.0.1.
Redis configuration is located in the /etc/redis/redis.conf file. In this tutorial we'll change one Redis configuration directive so that it will listen to all network interfaces instead of only on localhost. This is useful if you have a dedicated redis server and you're connecting from other servers, such as an application server.
Open /etc/redis/redis.conf. Find line below:
We see above that redis is listening on all interfaces on port 6379 (0.0.0.0:6379).
There are a lot more configuration directive on redis.conf file. You can read the comment above each directive to see how you can customize Redis configuration.
By default Redis is not secure. It assumes that it runs on a secure environment or network. From Redis security page :
Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.
In this section we'll discuss how-to secure Redis.
Setting up a Firewall
The first method that you can use to secure Redis is by setting up a firewall. You can use a firewall on a host level using iptables or on a network level from a Firewall device. If you are using a cloud service you can also use a Firewall service that your provider provides on a host or a network level.
Configure a Password for Redis
By default Redis does not ask the user to authenticate. To add more security to your Redis installation you can enable authentication on your Redis server.
Open /etc/redis/redis.conf file, find the line below
# requirepass foobared
Replace foobared the line above with your own password. You can also use a fully random password like the line below
Additional methods that you can employ to secure your redis installation is by renaming or disabling some dangerous commands. This configuration is also located on the SECURITY section on the /etc/redis/redis.conf file. For example the config below will change the CONFIG commmand with 123aqCONFGG.
rename-command CONFIG 123aqCONFGG
We also can disable a command. To disable the CONFIG command you can put empty quotes ("") as the replacement of CONFIG command
rename-command CONFIG ""
Don't forget to restart redis-server after changing the configuration by running command below
$ sudo service redis-server restart
Redis comes with the redis-benchmark tool. You can try benchmarking redis by running redis-benchmark without options
In this tutorial we learned how-to install Redis on Ubuntu 14.04 from the Ubuntu repository. We also learned how to manage the Redis service, configuring the service, securing Redis, and also Benchmarking Redis. We also learned the basic usage of Redis.
Facebook0TwitterReddit0StumbleUpon0 Do you need to increase the memory limit in WordPress? Getting an error about memory Exhausted? The memory limit is one of the most common WordPress errors as the default limit of memory in WordPress is only set to 64mb! But there’s good news! The Memory Exhausted error is...
Facebook0TwitterReddit0StumbleUpon0 A vulnerability has been discovered in the “All In One WordPress Migration” WordPress plugin. All versions earlier than, and including 6.97 contain a vulnerability which allows Cross-Site Scripting (XSS).With over 2 million active installations, this vulnerability has the potential to be high impact, however, this is lessened by the...
Facebook0TwitterReddit0StumbleUpon0HostPresto will be launching a European point of presence in the coming weeks, specifically in Amsterdam. For customers needing their data located within the EU still please contact support to request migration to this location with ticket subject ‘EU Migration’. We will ensure this is actioned well before the Brexit...