====== Redis ======
**General Information**
Redis is "an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker."
Official Site: https://redis.io/
**Checklist**
* Enterprise Linux 7
----
====== Server: Install ======
[[linux_wiki:repos#epel|Install/enable the EPEL repo.]]
\\
Install redis
yum install redis
\\
Start and Enable
systemctl enable redis
systemctl start redis
\\
Verify service is available locally
[root@server01 ~]# redis-cli
127.0.0.1:6379> exit
* By default, redis will listen on localhost (127.0.0.1) only
----
====== Server: Configure ======
Different Redis server options to configure that are not defaults.
\\
**The config file is located at**: /etc/redis.conf
----
===== Bind Interface =====
The default bind/listen interface is localhost (127.0.0.1).
If you would like clients to be able to connect over the network, you will need to change this.
* **Caution**: There is no security/encryption by default, but a number of protection measures to take if changing the bind interface. See the security section.
\\
Change the bind interface
bind 192.168.1.100
----
===== Security =====
Redis was designed to be deployed on trusted networks. It is recommended to NOT expose Redis to the internet.
That being said, there are some protection measures that can be taken.
\\
**Firewall**
* Use firewalld to only allow certain networks access to the Redis port# Allow only the 192.168.1.0/24 network
firewall-cmd --zone=internal --add-source=192.168.1.0/24 --permanent
# To the Redis port
firewall-cmd --zone=internal --add-port=6379/tcp --permanent
# Reload rules
firewall-cmd --reload
\\
**Authentication (password) for clients**
* Clients must authenticate before sending commandsrequirepass c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2
* Recommended to use the hash of something to set a complicated password that can't be memorized if seen. Exampleecho "this is the coolest password ever" | sha256sum
c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2
\\
**Disable Certain Commands**
* Certain commands can be disabled for clients by renaming them
* Renamed command for hard to guess CONFIGrename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
* Disabling the CONFIG command completelyrename-command CONFIG ""
\\
**Encryption Tunneling**
* Redis traffic can be piped through an encrypted tunnel using spiped
* FIXME - to do
----
===== General =====
**Daemonize**
* Enable redis to run as a daemondaemonize yes
**Supervisor Interaction**
* Enable redis to send signals to systemdsupervised systemd
**Append Log**
* Enable append only fileappendonly yes
**File Sync**
* Configure how often memory flushes to diskappendfsync everysec
----
====== Client: Install ======
Install the Python Redis clientpip install redis
----
====== Client: Configure ======
Import the Redis module and connect to the Redis serverimport redis
redis_db.keys()
redis_db = redis.StrictRedis(host="192.168.1.151", port=6379, db=0, password="c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2")
\\
**Example Client Use**
* String
* List
* Hash
----