Introduction
In the previous tutorial, we have discussed with how to install and configure Redis latest version from source and made it fully functional. If you want to check out that tutorial goes to Redis install from Source. In this article, we will discuss how to install Redis from the official ubuntu repositories.
Before We Begin
- Ubuntu 18.04 server/desktop with root or user with sudo privileges
Step 1 — Installing and Configuring Redis
Here we will use apt package manager to install redis from the official Ubuntu repositories. At the time of writing the version available in the default repositories is 4.0.9
Start by updating the apt packages list by running :
sudo apt update
Then install Redis package by typing:
sudo apt install redis-server
This will download and install Redis and its dependencies (libjemalloc1 ,redis-server ,redis-tools)
After the installation ,Redis service will start automatically. To check the status of the service, enter the following command:
sudo systemctl status redis-server
Output look like :
● redis-server.service – Advanced key-value store
Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-07-25 10:37:25 UTC; 6min ago
Docs: http://redis.io/documentation,
man:redis-server(1)
Main PID: 2212 (redis-server)
Tasks: 4 (limit: 1121)
CGroup: /system.slice/redis-server.service
└─2212 /usr/bin/redis-server 127.0.0.1:6379
Here, you can see that Redis is running and is already enabled, meaning that it is set to start up every time the server boots.
If you want to disable redis on boot time, run the command:
sudo systemctl disable redis
By default, the Redis server listens on the loopback interface (127.0.0.1) and it listens on port 6379 for connections
Redis service will fail to start if IPv6 is disabled on your server.
Check Redis version:
To check the redis version installed run :
redis-server -v
Will get output like :
Redis server v=4.0.9 sha=00000000:0 malloc=jemalloc-3.6.0 bits=64 build=9435c3c2 879311f3
To test that Redis is functioning correctly, connect to the server using redis-cli, Redis’s command-line client:
redis-cli
In the prompt that follows, test connectivity with the ping command:
127.0.0.1:6379 ping
Output :
PONG
This confirms that redis is working properly.Exit out from redis prompt to our shell back again by running:
127.0.0.1:6379> exit
Configure Redis Remote Access
By default, Redis doesn’t allow remote connections. You can connect to the Redis server only from 127.0.0.1 (localhost) – the machine where Redis is running.
Perform the following steps only if you want to connect to your Redis server from remote hosts.
If you are using a single server setup, where the application and Redis are running on the same machine then you should not enable remote access.
To configure Redis to accept remote connections open the Redis configuration file (which was generated automatically during the installation) with your text editor:
sudo nano /etc/redis/redis.conf
Locate the line that begins with
bind 127.0.0.1 ::1and replace127.0.0.1with0.0.0.0or commentout the bind directive
Bydefault after redis installation the bind directive visible without comment.
Save the file and close the editor.
Restart the Redis service for changes to take effect:
sudo systemctl restart redis-server
Use the following command to verify that redis is listening on all interfaces on port 6379:
ss -an | grep 6379
You should see something like below. 0.0.0.0 means all IPv4 addresses on the machine.
tcp LISTEN 0 128 0.0.0.0:6379 0.0.0.0:*
tcp LISTEN 0 128 [::]:6379 [::]:*
check the below screenshot before & after our configuration changes:
Next, you’ll need to add a firewall rule that enables traffic from your remote machines on TCP port 6379.
Assuming you are using UFW to manage your firewall and you want to allow access from the 192.168.121.0/24 subnet you would run the following command:
sudo ufw allow proto tcp from 192.168.121.0/24 to any port 6379
At this point, Redis server will accept remote connections on TCP port 6379.
Make sure your firewall is configured to accept connections only from trusted IP ranges.
To verify that everything is set up properly, you can try to ping the Redis server from your remote machine using the redis-cli utility:
redis-cli -h <REDIS_IP_ADDRESS> ping
Here for this tutorial I am using aws ec2 ubuntu machine.
ubuntu@ip-172-31-58-24:~$ redis-cli -h 172.31.59.187 ping
I am getting below error:
(error) DENIED Redis is running in protected mode because protected mode is enab led, no bind address was specified, no authentication password is requested to c lients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly acc essible from internet if you do so. Use CONFIG REWRITE to make this change perma nent. 2) Alternatively you can just disable the protected mode by editing the Re dis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, r estart it with the '--protected-mode no' option. 4) Setup a bind address or an a uthentication password. NOTE: You only need to do one of the above things in ord er for the server to start accepting connections from the outside.
To fix this change go to our redis configuration file /etc/redis/redis.conf and change
protected-mode yes
into protected-mode no
save and close the file .
Now try to connect to redis server from remote host again:
redis-cli -h 172.31.59.187 ping
Note this is my aws ec2 ubuntu server internal ip of redis
ubuntu@ip-172-31-58-24:~$ redis-cli -h 172.31.59.187 ping
The command should return a response of PONG:
Output:
PONG
Yes.Now our remote server (ip:172.31.58.24) connected to redis server.
However, it is not the best practice. We must enable password authentication to secure redis server.
Step 4 — Configuring a Redis Password
Configuring a Redis password enables one of its two built-in security features — the auth command, which requires clients to authenticate to access the database. The password is configured directly in Redis’s configuration file, /etc/redis/redis.conf, so open that file again with your preferred editor:
sudo nano /etc/redis/redis.conf
Scroll to the SECURITY section and look for a commented directive that reads:
Uncomment it by removing the #, and change foobared to a secure password.
After setting the password, save and close the file, then restart Redis:
sudo systemctl restart redis.service
To test that the password works, open up the Redis client:
redis-cli
The following shows a sequence of commands used to test whether the Redis password works. The first command tries to set a key to a value before authentication:
127.0.0.1:6379> set key1 10
That won’t work because you didn’t authenticate, so Redis returns an error:
The next command authenticates with the password specified in the Redis configuration file:
127.0.0.1:6379 auth your_redis_password
Redis acknowledges:
Output
OKAfter that, running the previous command again will succeed:
get key1 queries Redis for the value of the new key.
After confirming that you’re able to run commands in the Redis client after authenticating, you can exit redis-cli:
If you want to connect redis server with password use the command :
redis-cli -h host -p port_number -a password
redis-cli -h 172.31.59.187 -p 6379 -a redispassword
Now we have connected to redis server remotely with password authentication
Conclusion
In this tutorial, you installed and configured Redis, validated that your Redis installation is functioning correctly, and used its built-in security features to make it less vulnerable .We have also configured redis for remote access with password authentication.