linux_wiki:redis

Redis

General Information

Redis is “an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.”

Official Site: https://redis.io/

Checklist

  • Enterprise Linux 7

Server: Install

Install/enable the EPEL repo.


Install redis

yum install redis


Start and Enable

systemctl enable redis
systemctl start redis


Verify service is available locally

[root@server01 ~]# redis-cli
127.0.0.1:6379> exit
  • By default, redis will listen on localhost (127.0.0.1) only

Server: Configure

Different Redis server options to configure that are not defaults.


The config file is located at: /etc/redis.conf


The default bind/listen interface is localhost (127.0.0.1).

If you would like clients to be able to connect over the network, you will need to change this.

  • Caution: There is no security/encryption by default, but a number of protection measures to take if changing the bind interface. See the security section.


Change the bind interface

bind 192.168.1.100

Redis was designed to be deployed on trusted networks. It is recommended to NOT expose Redis to the internet.

That being said, there are some protection measures that can be taken.


Firewall

  • Use firewalld to only allow certain networks access to the Redis port
    # Allow only the 192.168.1.0/24 network
    firewall-cmd --zone=internal --add-source=192.168.1.0/24 --permanent
     
    # To the Redis port
    firewall-cmd --zone=internal --add-port=6379/tcp --permanent
     
    # Reload rules
    firewall-cmd --reload


Authentication (password) for clients

  • Clients must authenticate before sending commands
    requirepass c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2
    • Recommended to use the hash of something to set a complicated password that can't be memorized if seen. Example
      echo "this is the coolest password ever" | sha256sum 
      c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2


Disable Certain Commands

  • Certain commands can be disabled for clients by renaming them
    • Renamed command for hard to guess CONFIG
      rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
    • Disabling the CONFIG command completely
      rename-command CONFIG ""


Encryption Tunneling

  • Redis traffic can be piped through an encrypted tunnel using spiped
  • FIXME - to do

Daemonize

  • Enable redis to run as a daemon
    daemonize yes

Supervisor Interaction

  • Enable redis to send signals to systemd
    supervised systemd

Append Log

  • Enable append only file
    appendonly yes

File Sync

  • Configure how often memory flushes to disk
    appendfsync everysec

Client: Install

Install the Python Redis client

pip install redis

Client: Configure

Import the Redis module and connect to the Redis server

import redis
 
redis_db.keys()
 
redis_db = redis.StrictRedis(host="192.168.1.151", port=6379, db=0, password="c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2")


Example Client Use

  • String
  • List
  • Hash

  • linux_wiki/redis.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)