Differences
This shows you the differences between two versions of the page.
linux_wiki:redis [2018/09/17 22:23] billdozor [Bind Interface] |
linux_wiki:redis [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Redis ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Redis is "an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker." | ||
- | |||
- | Official Site: https:// | ||
- | |||
- | **Checklist** | ||
- | * Enterprise Linux 7 | ||
- | |||
- | ---- | ||
- | |||
- | ====== Server: Install ====== | ||
- | |||
- | [[linux_wiki: | ||
- | |||
- | \\ | ||
- | Install redis | ||
- | <code bash> | ||
- | yum install redis | ||
- | </ | ||
- | |||
- | \\ | ||
- | Start and Enable | ||
- | <code bash> | ||
- | systemctl enable redis | ||
- | systemctl start redis | ||
- | </ | ||
- | |||
- | \\ | ||
- | Verify service is available locally | ||
- | <code bash> | ||
- | [root@server01 ~]# redis-cli | ||
- | 127.0.0.1: | ||
- | </ | ||
- | * By default, redis will listen on localhost (127.0.0.1) only | ||
- | |||
- | ---- | ||
- | |||
- | ====== Server: Configure ====== | ||
- | |||
- | Different Redis server options to configure that are not defaults. | ||
- | |||
- | \\ | ||
- | **The config file is located at**: / | ||
- | |||
- | ---- | ||
- | |||
- | ===== Bind Interface ===== | ||
- | |||
- | The default bind/listen interface is localhost (127.0.0.1). | ||
- | |||
- | If you would like clients to be able to connect over the network, you will need to change this. | ||
- | * **Caution**: | ||
- | |||
- | \\ | ||
- | Change the bind interface | ||
- | <code bash> | ||
- | bind 192.168.1.100 | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ===== Security ===== | ||
- | |||
- | Redis was designed to be deployed on trusted networks. It is recommended to NOT expose Redis to the internet. | ||
- | |||
- | That being said, there are some protection measures that can be taken. | ||
- | |||
- | \\ | ||
- | **Firewall** | ||
- | * Use firewalld to only allow certain networks access to the Redis port< | ||
- | firewall-cmd --zone=internal --add-source=192.168.1.0/ | ||
- | |||
- | # To the Redis port | ||
- | firewall-cmd --zone=internal --add-port=6379/ | ||
- | |||
- | # Reload rules | ||
- | firewall-cmd --reload</ | ||
- | |||
- | \\ | ||
- | **Authentication (password) for clients** | ||
- | * Clients must authenticate before sending commands< | ||
- | * Recommended to use the hash of something to set a complicated password that can't be memorized if seen. Example< | ||
- | c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2</ | ||
- | |||
- | \\ | ||
- | **Disable Certain Commands** | ||
- | * Certain commands can be disabled for clients by renaming them | ||
- | * Renamed command for hard to guess CONFIG< | ||
- | * Disabling the CONFIG command completely< | ||
- | |||
- | \\ | ||
- | **Encryption Tunneling** | ||
- | * Redis traffic can be piped through an encrypted tunnel using spiped | ||
- | |||
- | ---- | ||
- | |||
- | ===== General ===== | ||
- | |||
- | ---- | ||