What is Redis
Quoting Introduction to Redis page :
Redis is an open source (BSD licensed), in-memory data structure store, used as database, cache and message broker.
Redis supports multiple types of data structures. You can find data structures that Redis support below :
- Binary-safe strings
- Bit arrays (or bitmaps)
Installing Redis From Repository
Now, let's install Redis from the Ubuntu repository. Before installing Redis, let's update the system to latest update first.
$ sudo apt-get update $ sudo apt-get upgrade
After updating the system, it's time to install Redis from the repository.
$ sudo apt-get -y install redis-server
By default, redis-server is started after installation. You can check using the service command :
$ sudo service redis-server status redis-server is running
We can also check using the
netstat command whether redis-server is already listening on a port or not.
$ sudo netstat -naptu | grep LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 887/sshd tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 20478/redis-server tcp6 0 0 :::22 :::* LISTEN 887/sshd
From output above we learned that redis server is already listening on port
6379 and bind to
Redis configuration is located in the
/etc/redis/redis.conf file. In this tutorial we'll change one Redis configuration directive so that it will listen to all network interfaces instead of only on localhost. This is useful if you have a dedicated redis server and you're connecting from other servers, such as an application server.
/etc/redis/redis.conf. Find line below:
Change the line above with
Restart Redis service
$ sudo service redis-server restart
Now check where Redis is listening.
$ sudo netstat -naptu | grep LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 906/sshd tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 7650/redis-server 0 tcp6 0 0 :::22 :::* LISTEN 906/sshd
We see above that redis is listening on all interfaces on port 6379 (0.0.0.0:6379).
There are a lot more configuration directive on redis.conf file. You can read the comment above each directive to see how you can customize Redis configuration.
By default Redis is not secure. It assumes that it runs on a secure environment or network. From Redis security page :
Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.
In this section we'll discuss how-to secure Redis.
Setting up a Firewall
The first method that you can use to secure Redis is by setting up a firewall. You can use a firewall on a host level using
iptables or on a network level from a Firewall device. If you are using a cloud service you can also use a Firewall service that your provider provides on a host or a network level.
Configure a Password for Redis
By default Redis does not ask the user to authenticate. To add more security to your Redis installation you can enable authentication on your Redis server.
/etc/redis/redis.conf file, find the line below
# requirepass foobared
foobared the line above with your own password. You can also use a fully random password like the line below
Restart redis-server to make the change take effect :
$ sudo service redis-server restart Stopping redis-server: redis-server. Starting redis-server: redis-server.
Now let's test the new configuration. Open redis-cli
PING on redis console
127.0.0.1:6379> PING (error) NOAUTH Authentication required.
AUTH and input your password.
127.0.0.1:6379> AUTH nl6Cq8mthJrrXbqlDqLaPgtFkeq12zqB7Sb5j5UJ OK
If authentication is successful it will return OK. Now if you run
PING again, it will return
PONG as expected.
127.0.0.1:6379> PING PONG 127.0.0.1:6379>
If you need to generate a random password you can use the hash of your easily remembered password / passphrase using
sha256sum. You can find the sample below :
Creating an MD5 Hash for a Redis password
$ echo "Rogue Nation" | md5sum 003dab87555ea8267ce713a50d3525b9 -
Creating an SHA1 Hash for a Redis password
sumodirjo@labs:~$ echo "Rogue Nation" | sha1sum ebb963281b7515aae2ce185c2f455023654db240 -
Creating a SHA256 Hash for Redis password
sumodirjo@labs:~$ echo "Rogue Nation" | sha256sum 342fd6c5b14db8c969ca7901cf03b1fd81bb01e445e5b3b9a034a68c48277a23 -
As an alternative, you can also get the random password online from GRC's Ultra High Security Password Generator.
Rename or Disable Some Dangerous Commands
Additional methods that you can employ to secure your redis installation is by renaming or disabling some dangerous commands. This configuration is also located on the SECURITY section on the
/etc/redis/redis.conf file. For example the config below will change the
CONFIG commmand with
rename-command CONFIG 123aqCONFGG
We also can disable a command. To disable the
CONFIG command you can put empty quotes (
"") as the replacement of
rename-command CONFIG ""
Don't forget to restart redis-server after changing the configuration by running command below
$ sudo service redis-server restart
Redis comes with the
redis-benchmark tool. You can try benchmarking redis by running
redis-benchmark without options
$ redis-benchmark ====== PING_INLINE ====== 10000 requests completed in 0.17 seconds 50 parallel clients 3 bytes payload keep alive: 1
99.08% <= 1 milliseconds 99.51% <= 2 milliseconds 99.83% <= 3 milliseconds 100.00% <= 4 milliseconds 58139.53 requests per second
====== PING_BULK ====== 10000 requests completed in 0.11 seconds 50 parallel clients 3 bytes payload keep alive: 1
100.00% set name "Muhamad Panji" OK 127.0.0.1:6379> get name "Muhamad Panji"
The distinguishing feature of Redis is that the value can be a data structure instead of only a value.
We will put four city names using lpush and rpush below from the redis-cli. If you have already set authentication up you will have to authenticate first before running the command below.
$ redis-cli 127.0.0.1:6379> lpush cities "Yogyakarta" (integer) 1 127.0.0.1:6379> lpush cities "Jakarta" (integer) 2 127.0.0.1:6379> rpush cities "Bogor" (integer) 3 127.0.0.1:6379> lpush cities "Bandung" (integer) 4
Now let's check the values of cities using the
$ redis-cli 127.0.0.1:6379> lrange cities 0 -1 1) "Bandung" 2) "Jakarta" 3) "Yogyakarta" 4) "Bogor"
As you can see above the 2nd and 3rd cities inserted on the left (before the 1st city), and the 4th city inserted from the right (after the 1st city).
Futher Learning Resources
If you want to learn more about how-to use Redis, you can follow some tutorial below :
- Try Redis is online tutorial where you can learn by typing redis command on the website.
- The Little Redis Book
- Redis Cookbook
In this tutorial we learned how-to install Redis on Ubuntu 14.04 from the Ubuntu repository. We also learned how to manage the Redis service, configuring the service, securing Redis, and also Benchmarking Redis. We also learned the basic usage of Redis.