Redis article thumbnail image.

Redis is an open-source, in-memory data structure store. It is often used as a database, cache, and/or message broker.

In this article, we'll go over how to install, configure, and secure a Redis database on your Ubuntu 19.04 machine.

Let's get started!

Table Of Contents

Install & Configure Redis

Since you're using the Ubuntu 19.04 operating system, we can simply use apt to get the latest stable version of Redis from the official Ubuntu repository lists.

First, we need to run the apt update command to update the list of available packages and their versions on your machine. This won't install any packages yet.

sudo apt update

When that's done, we can install Redis with this command:

sudo apt install redis-server

When that command is completed, Redis and its dependencies will be installed on your machine.

Test Redis

Whenever you install new software onto your machine, it's a good idea to make sure it's working properly. In this step, we'll go over a few quick ways to make sure Redis is working as expected.

First, make sure the service is running:

sudo systemctl status redis

If your Redis instance is running without any errors, you should see an output similar to this:

● redis-server.service - Advanced key-value store
    Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2019-07-18 18:35:29 CDT; 2min 2s ago
      Docs: http://redis.io/documentation,
        man:redis-server(1)
    Process: 28673 ExecStartPost=/bin/run-parts --verbose /etc/redis/redis-server.post-up.d (code=exited, status=0/S
  . . .

In the output, you can see that Redis is running and will start up every time your server reboots via systemctl (execute the sudo systemctl disable redis command to stop systemctl from starting Redis on boot).

Next, we should test some of the Redis functionality by using the Redis command-line interface.

Start the command-line client with this command:

redis-cli

Then, add a value to the database by using the set command:

set message "Hello World!"

And retrieve the value:

get message

If everything is working, you should get this output:

"Hello World!"

Last, we'll confirm that Redis can persist data after it's been stopped or restarted.

Exit the redis-cli prompt by executing the exit command:

exit

And then restart the systemctl service that's running Redis:

sudo systemctl restart redis

When it has restarted, open the Redis command-line interface again and confirm that the message value still exists and returns the same value:

redis-cli

And retrieve the message key value again:

get message

The value of the message key should still exist:

"Hello World!"

You can exit the shell when you're finished:

exit

Your Redis server is now running, configured, and ready to use!

But some of the default configuration settings are insecure. And, if your machine is a server, it will give malicious actors opportunities to attack the data in your server's database.

So, the remaining steps in this article will go through covering some of those security holes. Although these next steps are optional, they are highly recommended.

Optional: Bind To Local Host

By default, Redis can only be accessed via localhost. But, there is a chance you may have installed Redis using a different tutorial and configured Redis to accept connections from anywhere. That method is not as secure as only allowing localhost connections.

To correct this or verify your Redis database is bound to only localhost, open the Redis configuration file for editing:

sudo nano /etc/redis/redis.conf

Scroll to the "General" section, locate the line below, and verify it is not commented out (remove the # if it exists):

bind 127.0.0.1

Save and exit the file when you are finished (CTRL + X, Y, ENTER).

If you made any changes to the configuration file, make sure you restart Redis for the changes to go into effect:

sudo systemctl restart redis

Make sure the changes have gone into effect with the netstat command:

sudo netstat -lnp | grep redis

You should get a similar output to this:

tcp        0        0 127.0.0.1:6379        0.0.0.0:*        LISTEN        29053/redis-server

The output shows that the redis-server program is bound to localhost (127.0.0.1). If you see another IP address in that column, then you should double-check that you uncommented the correct line and/or updated the line correctly. Then restart the Redis service again.

Now that your Redis service is bound to localhost, it will be more difficult for malicious actors to make remote requests to your database or gain access to your server. But, the Redis database isn't currently set up to authenticate users before they make changes to Redis configuration files or the data it holds. In the next step, we'll update Redis to require users to authenticate with a password.

Optional: Configure Redis Password

In this section, we're going to use the auth command to enable a Redis password.

To configure the password, we need to update the /etc/redis/redis.conf Redis configuration file. So open that file again:

sudo nano /etc/redis/redis.conf

Scroll to the SECURITY section and look for a commented section that shows:

# requirepass foobared

Uncomment that section by removing the #. And replace foobared with a new and secure password.

If you look above the requirepass section, you'll notice this message about password strength:

# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.

So, it's super important to use a VERY strong and long password if your Redis database is running on an import server or if it holds any sensitive data. Instead of making up a password yourself, you can use the openssl command to generate a long and random password.

Use the following command to generate one:

openssl rand 60 | openssl base64 -A

The output should look similar to this:

yq1w4q5sf9FKNxEwXQrJ5HHCB5KkjsLRBF2uJquImA+C2IGhd1sTKNpHWRBMpYEhUw7mcj+XSp4l1VF

Then, copy and paste the output as the new value for requirepass. It should read like this:

requirepass yq1w4q5sf9FKNxEwXQrJ5HHCB5KkjsLRBF2uJquImA+C2IGhd1sTKNpHWRBMpYEhUw7mcj+XSp4l1VF

After changing the password, save and close the /etc/redis/redis.conf file and restart Redis:

sudo systemctl restart redis

To test the new password, open the command-line:

redis-cli

And attempt to set a value in the database without first authenticating:

set testKey "Test Value"

This won't work without authenication. Your output will look like this:

(error) NOAUTH Authentication required.

To authenticate with the password you set in the Redis configuration file, run this command (make sure you use your password value):

auth YOUR_PASSWORD

And Redis will respond with this:

OK

Then, retry the previous command of setting a test key and value:

set testKey "test value"

If everything went well, that should have been successful:

OK

And for testing purposes, retrieve the key:

get testKey

Will get this output:

"Test Key"

After confirming the above commands work with authentication, you can close the redis-cli client:

exit

That was the last step in this guide.

Conclusion

In this tutorial, we installed and configured Redis on a Ubuntu 19.04 operating system, tested that Redis was working post-installation, made sure Redis was bound to localhost and configured Redis with authentication.

Thanks for reading and happy coding!

About the author

Hi, I'm Nick Major. I'm a software developer from Wisconsin, United States.

I create free and premium courses, have published hundreds of informational coding articles, and am currently a Frontend Software Engineer at RoundingWell.

You can read more about me here.

Picture of Nick Major.