How to Install and Secure Redis on CentOS 8

Redis, an open-source, in-memory data structure store, is widely used as a database, cache, and message broker. Its speed and flexibility make it a favorite among developers wanting to optimize performance for their applications. In this blog post, we’ll guide you through the processes of installing and securing Redis on a CentOS 8 server.

Prerequisites

Before we start, make sure you have:

• A CentOS 8 server with root or sudo access.
• Basic knowledge of the Linux command line.

Step 1: Install EPEL Repository

Redis is not included in the default CentOS repositories, so the first step is to enable the EPEL (Extra Packages for Enterprise Linux) repository.

Open your terminal and run:

sudo dnf install epel-release -y

Step 2: Install Redis

With the EPEL repository enabled, you can now install Redis. Run the following command:

sudo dnf install redis -y

Once the installation is complete, you can verify the Redis installation by checking the version:

redis-server --version

Step 3: Start and Enable Redis

Next, you will want to start the Redis service and enable it to start on boot:

sudo systemctl start redis
sudo systemctl enable redis

To check if Redis is running properly, you can use the following command:

sudo systemctl status redis

You should see output indicating that Redis is active and running.

Step 4: Secure Redis Configuration

By default, Redis can be accessed by anyone on the same network, which poses security risks. Let’s make some configurations to secure it.

4.1: Edit the Redis Configuration File

Open the Redis configuration file with your preferred text editor, for example, nano or vim.

sudo nano /etc/redis.conf

4.2: Change the Bind Address

Find the line that starts with bind. By default, Redis will bind to all available interfaces, which you should change to bind only to the localhost (127.0.0.1) if you are not exposing Redis outside of your server.

Change:

bind 127.0.0.1 ::1

4.3: Set a Password

To prevent unauthorized access, set a password by uncommenting and modifying the following line:

# requirepass your_password_here

Change it to:

requirepass your_secure_password

Replace your_secure_password with a strong password of your choosing.

4.4: Disable Redis from being exposed to the internet

Another method to secure Redis is by ensuring that you do not allow it to be accessed from external systems. You can restrict access using firewall rules.

For example, to only allow connections from localhost, you can use the following firewall rule:

sudo firewall-cmd --zone=public --remove-service=redis --permanent
sudo firewall-cmd --zone=internal --add-service=redis --permanent
sudo firewall-cmd --reload

Step 5: Restart Redis Service

After making the changes, you will need to restart Redis for the configuration to take effect:

sudo systemctl restart redis

Step 6: Test Redis Access

To test that Redis is working and that the password setting is functioning, connect using the Redis CLI:

redis-cli

If you set a password, you will need to authenticate:

127.0.0.1:6379> auth your_secure_password

Replace your_secure_password with the password you set earlier. If it was successful, you should see:

OK

Final Thoughts

Redis is a powerful tool that can dramatically improve the performance of your applications. However, securing your Redis installation is crucial for protecting your data and server. By following these steps, you’ll have a fully functional and secure Redis installation on your CentOS 8 server.

If you have any questions or need further assistance, feel free to comment below. Happy coding!

For more tips, tutorials, and guides, stay tuned to the Greenhost.Cloud blog!