How to Install Redis on Rocky Linux 8 or AlmaLinux 8

Redis is a popular in-memory key-value store that can be used as a NoSQL key-value database, message broker as well as a caching solution. It is renowned for its flexibility, scalability, seamless replication, simplicity, and ease of use. Redis is widely used in various fields such as machine learning, real-time analytics, chat, messaging, and gaming leaderboards.

On its own, Redis has no robust features, however, you can still tweak Redis to provide added security and ward off unauthorized users.

In this tutorial, we learn how to install and secure Redis on Rocky Linux 8 or AlmaLinux 8.

Step 1: Install Redis on Rocky Linux or AlmaLinux 8

Redis is available in the AppStream repositories, we can use the DNF package manager to install it.

Run the following DNF command to install Redis:

$ sudo dnf install redis

Once installed, we need to make a slight change to its configuration file to change the way Redis runs. Access the Redis configuration file:

$ sudo vim /etc/redis.conf

Scroll and locate the supervised directive. This allows you to leverage the init system in order to run and effectively manage Redis. By default, this is set to no. Since Rocky / AlmaLinux runs on systemd init system, set the value to systemd as indicated.

Configure Redis on Rocky Linux

And that's it. So, save the changes and exit the text editor. By default, Redis does not start automatically, and therefore, we need to start it as follows.

$ sudo systemctl start redis

In addition, enable the service to start every time when the system is powered on or rebooted.

$ sudo systemctl enable  redis

To confirm that Redis is running, execute the command:

$ sudo systemctl status redis
Check the status of Redis on Rocky Linux

As a test that Redis was successfully installed, send a ping message upon which you will get 'PONG' as a reply.

Step 2: Secure Redis using a password

Security is a high priority for any database system, and Redis is no exception. In this step, we will go a step further and enable authentication to secure Redis and ward off unauthorized parties.

Once again, access the configuration file.

$ sudo vim /etc/redis.conf

Locate the requirepass directive. This is the directive that we will configure to require clients to authenticate before accessing the database.

Uncomment the directive and specify your own password.

requirepass  strong_password
Secure Redis with password

To apply the changes, restart the Redis database.

$ sudo systemctl restart  redis

To test if the authentication has been enabled, access the Redis client:

$  redis-cli

Now try to set a key to a value:

$ set keystudent Mike

This yields the error indicated. This shows that authentication is required.

(error) NOAUTH Authentication required.
Authentication required in Redis

To authenticate, invoke the auth keyword followed by the password. Redis will acknowledge the password and allow you to proceed.

Invoke authentication in Redis

Once authenticated, you can proceed to specify your key-value pairs using the set command. To retrieve the value assigned to the key invoke the command:

get keystudent
Set key-value pairs in Redis

To exit Redis, simply type quit and press ENTER.

 quit

Step 3: Set Proper Data directory ownership and permissions

One other important aspect to consider is the ownership and permissions that you need to keep in mind to ensure your Redis installation is robust. This comprises ensuring that only the user that requires access to Redis has the permission to read its data - and that user, in this case, is the redis user.

You can begin by confirming that the Redis data directory has the right directory ownership and permissions.

$ ls -l /var/lib | grep redis

From the output, we can see that the Redis data directory is owned by Redis user and access granted to Redis group. Additionally, the directory's permissions is set to an octal notation of 750. These are the recommended Redis folder ownership and permissions settings.

If the Redis data directory bears insecure permissions, for instance, if it is readable to global users, you need to ensure that only the Redis user and group have access to the folder and its contents.

To do so, run the command:

$ sudo chmod 750 /var/lib/redis

In addition, ensure that the Redis configuration file is owned by the redis user with the secondary group of root. Also, ensure that it has the Octal permissions of 640 as indicated.

$ ls -l /etc/redis.conf

The Octal notation of 640 ensures that only the redis and root user can read the configuration file. This is crucial since we configured an encrypted password in Step 2 using the requirepass directive. This means that any other user apart from Redis and Root users will not be able to read the file and access the password.

To further enhance security, ensure that the configuration file is owned by Redis user and group.

$ sudo chown  redis:redis /etc/redis.conf

Also, set the permissions of the configuration file such that only the Redis owner can read and write on it.

$ sudo chmod 600  /etc/redis.conf

To apply the changes we have just made, restart Redis server.

$ sudo systemctl restart redis

Step 4: Configure Redis for remote access

Sometimes, you might require to access your Redis instance remotely from another system. To do this, head over to the configuration file.

$ sudo vim  /etc/redis.conf

Locate the bind directive. By default, this is set to listen to localhost.

bind 127.0.0.1

Comment it and specify the remote server's private IP.

bind private_ip

If you are accessing it over the public internet, you can set it to 0.0.0.0 to bind it to public IP addresses.

bind 0.0.0.0

Next, change protected-mode yes to protected-mode no

protected-mode no

Then restart the Redis server to apply the changes.

$ sudo systemctl restart redis

The other step remaining is to configure the Firewall to allow access to our Redis server.

Step 5: Configuring the firewall for redis

If you have Firewalld active and running, consider setting it to allow port 6379 which is the port that Redis listens on.

$ sudo firewall-cmd --add-port=6379/tcp --permanent
$ sudo firewall-cmd --reload

Perfect! Now, to test if we can remotely access the Redis instance remotely, use the -h option followed by the IP address of the Redis server

$ redis-cli  -h  server_IP

In this case:

$ redis-cli  -h  10.128.0.44
Access Redis remotely

Conclusion

And that's it, we have successfully installed and secured Redis on Rocky Linux 8 or AlmaLinux 8. Your feedback on this guide is highly welcome.

Leave a Comment