What is Redis

Quoting Introduction to Redis page :

Redis is an open source (BSD licensed), in-memory data structure store, used as database, cache and message broker.

Redis supports multiple types of data structures. You can find data structures that Redis support below :

• Binary-safe strings
• Lists
• Sets
• Hashes
• Bit arrays (or bitmaps)
• Hyperloglogs

Installing Redis From Repository

Now, let’s install Redis from the Ubuntu repository. Before installing Redis, let’s update the system to latest update first.

$ sudo apt-get update
$ sudo apt-get upgrade

After updating the system, it’s time to install Redis from the repository.

$ sudo apt-get -y install redis-server

By default, redis-server is started after installation. You can check using the service command :

$ sudo service redis-server status
redis-server is running

We can also check using the netstat command whether redis-server is already listening on a port or not.

$ sudo netstat -naptu | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      887/sshd        
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      20478/redis-server 
tcp6       0      0 :::22                   :::*                    LISTEN      887/sshd        

From output above we learned that redis server is already listening on port 6379 and bind to localhost or 127.0.0.1.

Configuring Redis

Redis configuration is located in the /etc/redis/redis.conf file. In this tutorial we’ll change one Redis configuration directive so that it will listen to all network interfaces instead of only on localhost. This is useful if you have a dedicated redis server and you’re connecting from other servers, such as an application server.
Open /etc/redis/redis.conf. Find line below:

bind 127.0.0.1

Change the line above with

bind 0.0.0.0

Restart Redis service

$ sudo service redis-server restart

Now check where Redis is listening.

$ sudo netstat -naptu | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      906/sshd        
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN      7650/redis-server 0
tcp6       0      0 :::22                   :::*                    LISTEN      906/sshd        

We see above that redis is listening on all interfaces on port 6379 (0.0.0.0:6379).

There are a lot more configuration directive on redis.conf file. You can read the comment above each directive to see how you can customize Redis configuration.

Securing Redis

By default Redis is not secure. It assumes that it runs on a secure environment or network. From Redis security page :

Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.

In this section we’ll discuss how-to secure Redis.

Setting up a Firewall

The first method that you can use to secure Redis is by setting up a firewall. You can use a firewall on a host level using iptables or on a network level from a Firewall device. If you are using a cloud service you can also use a Firewall service that your provider provides on a host or a network level.

Configure a Password for Redis

By default Redis does not ask the user to authenticate. To add more security to your Redis installation you can enable authentication on your Redis server.
Open /etc/redis/redis.conf file, find the line below

# requirepass foobared

Replace foobared the line above with your own password. You can also use a fully random password like the line below

requirepass nl6Cq8mthJrrXbqlDqLaPgtFkeq12zqB7Sb5j5UJ

Restart redis-server to make the change take effect :

$ sudo service redis-server restart 
Stopping redis-server: redis-server.
Starting redis-server: redis-server.

Now let’s test the new configuration. Open redis-cli

$ redis-cli 

Run PING on redis console

127.0.0.1:6379> PING
(error) NOAUTH Authentication required.

Now use AUTH and input your password.

127.0.0.1:6379> AUTH nl6Cq8mthJrrXbqlDqLaPgtFkeq12zqB7Sb5j5UJ
OK

If authentication is successful it will return OK. Now if you run PING again, it will return PONG as expected.

127.0.0.1:6379> PING
PONG
127.0.0.1:6379> 

If you need to generate a random password you can use the hash of your easily remembered password / passphrase using md5sum, sha1sum, or sha256sum. You can find the sample below :

Creating an MD5 Hash for a Redis password

$ echo "Rogue Nation" | md5sum
003dab87555ea8267ce713a50d3525b9  -

Creating an SHA1 Hash for a Redis password

sumodirjo@labs:~$ echo "Rogue Nation" | sha1sum
ebb963281b7515aae2ce185c2f455023654db240  -

Creating a SHA256 Hash for Redis password

sumodirjo@labs:~$ echo "Rogue Nation" | sha256sum 
342fd6c5b14db8c969ca7901cf03b1fd81bb01e445e5b3b9a034a68c48277a23  -

As an alternative, you can also get the random password online from GRC’s Ultra High Security Password Generator.

Rename or Disable Some Dangerous Commands

Additional methods that you can employ to secure your redis installation is by renaming or disabling some dangerous commands. This configuration is also located on the SECURITY section on the /etc/redis/redis.conf file. For example the config below will change the CONFIG commmand with 123aqCONFGG.

rename-command CONFIG 123aqCONFGG

We also can disable a command. To disable the CONFIG command you can put empty quotes ("") as the replacement of CONFIG command

rename-command CONFIG ""

Don’t forget to restart redis-server after changing the configuration by running command below

$ sudo service redis-server restart

Benchmarking Redis

Redis comes with the redis-benchmark tool. You can try benchmarking redis by running redis-benchmark without options

$ redis-benchmark 
====== PING_INLINE ======
  10000 requests completed in 0.17 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

99.08% <= 1 milliseconds
99.51% <= 2 milliseconds
99.83% <= 3 milliseconds
100.00% <= 4 milliseconds
58139.53 requests per second

====== PING_BULK ======
  10000 requests completed in 0.11 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

100.00%  set name "Muhamad Panji"
OK
127.0.0.1:6379> get name
"Muhamad Panji"

The distinguishing feature of Redis is that the value can be a data structure instead of only a value.

We will put four city names using lpush and rpush below from the redis-cli. If you have already set authentication up you will have to authenticate first before running the command below.

$ redis-cli
127.0.0.1:6379> lpush cities "Yogyakarta"
(integer) 1
127.0.0.1:6379> lpush cities "Jakarta"
(integer) 2
127.0.0.1:6379> rpush cities "Bogor"
(integer) 3
127.0.0.1:6379> lpush cities "Bandung"
(integer) 4

Now let’s check the values of cities using the lrange command.

$ redis-cli
127.0.0.1:6379> lrange cities 0 -1
1) "Bandung"
2) "Jakarta"
3) "Yogyakarta"
4) "Bogor"

As you can see above the 2nd and 3rd cities inserted on the left (before the 1st city), and the 4th city inserted from the right (after the 1st city).

Futher Learning Resources

If you want to learn more about how-to use Redis, you can follow some tutorial below :

• Try Redis is online tutorial where you can learn by typing redis command on the website.
• The Little Redis Book
• Redis Cookbook

Summary

In this tutorial we learned how-to install Redis on Ubuntu 14.04 from the Ubuntu repository. We also learned how to manage the Redis service, configuring the service, securing Redis, and also Benchmarking Redis. We also learned the basic usage of Redis.