My 2¢

Redis Install on Ubuntu Server 16.04

Michael Morris -

This is a quick and dirty install for Redis.

What is Redis? If you have to ask you most likely don't want to use it. Just in-case you don't know, but do know you need to use it here's a brief description of what Redis is used for....

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs and geospatial indexes with radius queries. Redis has built-in replication, Lua scripting, LRU eviction, transactions and different levels of on-disk persistence, and provides high availability via Redis Sentinel and automatic partitioning with Redis Cluster.

If you have not installed the build packages for Ubuntu do so now.

sudo apt-get install build-essential automake checkinstall

On to the dirty work of getting it installed.

Step 1 Download and compile the latest version.

wget http://download.redis.io/redis-stable.tar.gz
tar xvzf redis-stable.tar.gz
cd redis-stable
make
sudo make install

Step 2 Testing Redis is online and responding

The first thing to do in order to check if Redis is working properly is sending a PING command using redis-cli:

redis-cli ping
PONG

Step 3 Securing Redis

By default Redis binds to all the interfaces and has no authentication at all. If you use Redis into a very controlled environment, separated from the external internet and in general from attackers, that's fine. However if Redis without any hardening is exposed to the internet, it is a big security concern. If you are not 100% sure your environment is secured properly, please check the following steps in order to make Redis more secure, which are enlisted in order of increased security.

  1. Make sure the port Redis uses to listen for connections (by default 6379 and additionally 16379 if you run Redis in cluster mode, plus 26379 for Sentinel) is firewalled, so that it is not possible to contact Redis from the outside world.
  2. Use a configuration file where the bind directive is set in order to guarantee that Redis listens just in as little network interfaces you are using. For example only the loopback interface (127.0.0.1) if you are accessing Redis just locally from the same computer, and so forth.
  3. Use the requirepass option in order to add an additional layer of security so that clients will require to authenticate using the AUTH command.
  4. Use spiped or another SSL tunnelling software in order to encrypt traffic between Redis servers and Redis clients if your environment requires encryption.

Note that a Redis exposed to the internet without any security is very simple to exploit, so make sure you understand the above and apply at least a firewalling layer. After the firewalling is in place, try to connect with redis-cli from an external host in order to prove yourself the instance is actually not reachable.

Step 4 Configure init for starting Redis on boot

A proper install using an init script is strongly suggested. The following instructions can be used to perform a proper installation using the init script shipped with Redis 2.4 in a Debian or Ubuntu based distribution.

We assume you already copied redis-server and redis-cli executables under /usr/local/bin. Running sudo make install will place the redis executables in the /usr/local/bin directory.

But check to make sure.

ls -al /usr/local/bin

drwxr-xr-x  2 root root    4096 Oct 21 18:23 .
drwxr-xr-x 10 root root    4096 Oct 21 12:49 ..
-rwxr-xr-x  1 root root 2701008 Oct 21 18:23 redis-benchmark
-rwxr-xr-x  1 root root 6161040 Oct 21 18:23 redis-check-aof
-rwxr-xr-x  1 root root 6161040 Oct 21 18:23 redis-check-rdb
-rwxr-xr-x  1 root root 2879704 Oct 21 18:23 redis-cli
lrwxrwxrwx  1 root root      12 Oct 21 18:23 redis-sentinel -> redis-server
-rwxr-xr-x  1 root root 6161040 Oct 21 18:23 redis-server
  • Create a directory where to store your Redis config files and your data:
sudo mkdir /etc/redis
sudo mkdir /var/redis
  • Copy the init script that you'll find in the Redis distribution under the utils directory into /etc/init.d. We suggest calling it with the name of the port where you are running this instance of Redis. For example:
sudo cp utils/redis_init_script /etc/init.d/redis_6379
  • Edit the init script.
sudo nano /etc/init.d/redis_6379

Make sure to modify REDISPORT accordingly to the port you are using. Both the pid file path and the configuration file name depend on the port number.

sudo cp redis.conf /etc/redis/6379.conf

Create a directory inside /var/redis that will work as data and working directory for this Redis instance:

sudo mkdir /var/redis/6379
  • Edit the configuration file, making sure to perform the following changes:
    • Set daemonize to yes (by default it is set to no).
    • Set the pidfile to /var/run/redis_6379.pid (modify the port if needed).
    • Change the port accordingly. In our example it is not needed as the default port is already 6379.
    • Set your preferred loglevel.
    • Set the logfile to /var/log/redis_6379.log
    • Set the dir to /var/redis/6379 (very important step!)
  • Finally add the new Redis init script to all the default runlevels using the following command:

You are done! Now you reboot or start the init script directly.

sudo /etc/init.d/redis_6379 start

Make sure that everything is working as expected:

  • Try pinging your instance with redis-cli.
  • Do a test save with redis-cli save and check that the dump file is correctly stored into /var/redis/6379/ (you should find a file called dump.rdb).
  • Check that your Redis instance is correctly logging in the log file.
  • If it's a new machine where you can try it without problems make sure that after a reboot everything is still working.

Note: In the above instructions we skipped many Redis configuration parameters that you would like to change, for instance in order to use AOF persistence instead of RDB persistence, or to setup replication, and so forth. Make sure to read the example redis.conf file (that is heavily commented) and the other documentation you can find in this web site for more information.

To enable AOF persistence change the following parameter.

appendonly yes