sogLogoWhite
Sign Up
Grid Guides

Explore How System On Grid Can Work For You

Guides Home

Grid Guide Topics

How to Install and Secure Redis on Ubuntu 18.04

Table Of Contents

    ## Table of Contents

    – [Introduction](#introduction
    – [Prerequisites](#prerequisites
    – [Install and Configure Redis](#install-and-configure-redis
    – [Test Redis](#test-redis
    – [Bind to Localhost](#bind-to-localhost
    – [Configure Redis Password](#configure-redis-password
    – [Rename Dangerous Commands](#rename-dangerous-commands
    – [Conclusion](#conclusion

    ## Introduction

    In this guide, we will explain to you how to install, configure and secure Redis on Ubuntu 18.04.

    [Redis](https://redis.io/ is an acronym for Remote Dictionary Service. It is an in-memory data structure project known for its performance, flexibility, and broad language support. It is used as a database, cache and message broker.

    ## Prerequisites

    You should have access to an Ubuntu 18.04 server.
    Create a non-root user with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.

    ## Install and Configure Redis

    To install the latest version of Redis from Ubuntu repositories and update it, use apt command.
    “`
    $ sudo apt update
    $ sudo apt install redis-server
    “`
    Along with the Redis installation, a Redis configuration would be downloaded. You need to make a few changes in the configuration file.

    Open the Redis configuration file using the below command.
    “`
    $ sudo vi /etc/redis/redis.conf
    “`
    Within the file, find the supervised directive. The supervised directive allows you to allocate an init system to manage Redis services so that you can have more control over its operations. By default, the directive is set to ‘no’ and you need to set it to systemd.

    “`

    # If you run Redis from upstart or systemd, Redis can interact with your
    # supervision tree. Options:
    # supervised no – no supervision interaction
    # supervised upstart – signal upstart by putting Redis into SIGSTOP mode
    # supervised systemd – signal systemd by writing READY=1 to $NOTIFY_SOCKET
    # supervised auto – detect upstart or systemd method based on
    # UPSTART_JOB or NOTIFY_SOCKET environment variables
    # Note: these supervision methods only signal “process is ready.”
    # They do not enable continuous liveness pings back to your supervisor.
    supervised systemd

    . . .
    “`
    Save and close the file.

    Now, restart the Redis services to apply the changes that you have made.
    “`
    $ sudo systemctl restart redis.service
    “`

    ## Test Redis

    After installing Redis, it’s time to test the Redis service if it is working well or not. In this guide, we have given a few methods to test the redis changes.

    First, check the status of the Redis service with the below command.
    “`
    $ sudo systemctl status redis
    “`
    Output:

    ![redisserverservice](https://grid.media/assets/images/redis-server-service.png

    You can check the Redis service using the command-line client.
    “`
    $ redis-cli
    “`
    You will be directed to the Redis prompt. Now, check the connectivity using the ping command.
    “`
    127.0.0.1:6379> ping
    “`
    Output:

    ![redisserverconnection](https://grid.media/assets/images/redis-server-connection-is-active.png

    It means your server connection is still active. Now, check if you can set keys using the below command.
    “`
    127.0.0.1:6379> set test “It’s working!”
    “`
    Output:

    ![redissettest](https://grid.media/assets/images/redis-set-test.png

    Redeem the value using the command:
    “`
    127.0.0.1:6379> get test
    “`
    You will redeem the following output if everything is working correctly.

    ![redisgettest](https://grid.media/assets/images/redis-get-test.png

    After ensuring that you are redeeming the value, exit the Redis prompt to go back to the shell.
    “`
    127.0.0.1:6379> exit
    “`
    Now, check if Redis can hold data even after restarting it. Use the below command to restart the Redis service.
    “`
    $ sudo systemctl restart redis
    “`

    Now, again check the Redis service using the command-line client.
    “`
    $ redis-cli
    “`
    You will be directed to Redis prompt and redeem the value using the command:
    “`
    127.0.0.1:6379> get test
    “`
    You will redeem the following output if everything is working correctly.

    ![redisisworking](https://grid.media/assets/images/redis-is-working.png

    After ensuring that you are redeeming the value, exit the Redis prompt to go back to the shell.
    “`
    127.0.0.1:6379> exit
    “`
    ## Bind to Localhost

    Now, you need to make sure that Redis service is accessible only from localhost and blocking all connections from other sources. To do so, open the Redis configuration file using the below command.
    “`
    $ sudo nano /etc/redis/redis.conf
    “`
    Within the file, find the below line and uncomment it (if it’s not.
    “`
    bind 127.0.0.1 ::1
    “`
    Then, save and close the file.

    Restart the Redis service to apply the changes.
    “`
    $ sudo systemctl restart redis
    “`
    Run the below command to check if the changes are applied or not.
    “`
    $ sudo netstat -lnp | grep redis

    “`

    Output:

    ![redischangesapplied](https://grid.media/assets/images/redis-changes-applied.png

    If you don’t get the above output, you need to check if you have uncommented the correct line within the Redis configuration file.

    If you get the above output, it means your Redis server is listening only to the localhost and the changes are applied to the Redis configuration file correctly. So, It will be almost impossible for hackers to gain access to your server. But, you haven’t set Redis to require users to verify their authentication before making changes to its configuration or data.

    ## Configure Redis Password

    Redis has a security feature called auth command, which allows users to verify their authentication to access the database. Configure Redis password enables this auth command. To do so, open Redis configuration file, /etc/redis/redis.conf.
    “`
    $ sudo nano /etc/redis/redis.conf
    “`
    Scroll down to the SECURITY section and find look for the below line.

    “`
    # requirepass foobared
    “`
    Uncomment it by removing ‘#’ and replace foobared with a highly secured password. Then save and close the file.

    Now, restart the Redis service using the below command.
    “`
    $ sudo systemctl restart redis.service
    “`

    Access the Redis command line to check if the password works or not.
    “`
    $ redis-cli
    “`
    You will be directed to Redis prompt and before authentication, you need to set a key to a value.
    “`
    127.0.0.1:6379> set key1 10
    “`
    You will get an error as you didn’t authenticate.

    ![authenticationerror](https://grid.media/assets/images/authentication-error.png

    Now, authenticate with your password using the below command.
    “`
    127.0.0.1:6379> auth your_redis_password
    “`
    Output:

    ![passwordauthentication](https://grid.media/assets/images/password-authentication2.png

    Now, run the previous to check if you get the correct output.
    “`
    127.0.0.1:6379> set key1 10
    “`
    Output:
    ![setkey](https://grid.media/assets/images/set-key-1.png

    Now, check if you get the value of the new key.
    “`
    127.0.0.1:6379> get key1
    “`
    Output:

    ![getkey](https://grid.media/assets/images/get-key-1.png

    Then, exit the Redis prompt with the below command.
    “`
    127.0.0.1:6379> exit
    “`

    ## Rename Dangerous Commands

    To enhance your Redis server’s security, you need to disable or rename specific commands that are considered dangerous. Some of the dangerous commands are FLUSHDB, FLUSHALL, DEBUG, BGSAVE, SAVE, SPOP, RENAME, SREM, SHUTDOWN, CONFIG etc. Disabling or renaming the commands entirely depends on your specific needs. To do so, open the Redis configuration file.
    “`
    $ sudo vi /etc/redis/redis.conf
    “`
    Scroll down to the security section within the file.

    To disable any specific command, rename it to an empty string as shown below.

    . . .
    It is also possible to completely kill a command by renaming it into
    an empty string:
    “`
    rename-command FLUSHDB “”
    rename-command FLUSHALL “”
    rename-command DEBUG “”
    . . .
    “`
    To rename any specific command, give it another name, which you can easily remember, as shown below.

    “`
    # rename-command CONFIG “”
    rename-command SHUTDOWN SHUTDOWN_SOG
    rename-command CONFIG SOG_CONFIG
    . . .
    “`
    Then, save and close the file.

    Now, restart Redis service to apply the changes that you have made.
    “`
    $ sudo systemctl restart redis.service
    “`
    Run the Redis command line to test the new command.
    “`
    $ redis-cli
    “`
    You will be directed to Redis prompt and authenticate with your password.
    “`
    127.0.0.1:6379> auth your_redis_password
    “`
    Output:

    ![passwordauthentication](https://grid.media/assets/images/password-authentication2.png

    Now, run the below command with the original name, CONFIG. You should get an error as you renamed it to SOG_CONFIG.
    “`
    127.0.0.1:6379> config get requirepass
    “`
    Output:

    ![redisrequirepass](https://grid.media/assets/images/redis-requirepass.png

    Now, run the above command with the new name, SOG_CONFIG.
    “`
    127.0.0.1:6379> sog_config get requirepass

    “`
    Output:

    ![redispassword](https://grid.media/assets/images/redis-password.png

    Then, exit the Redis prompt with the below command.
    “`
    127.0.0.1:6379> exit
    “`
    ## Conclusion

    You have successfully installed and configured Redis on Ubuntu 18.04, verified if the Redis service is working correctly and modified some dangerous commands in Redis configuration file to make it less vulnerable from hackers.