linux_wiki:redis

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:redis [2018/09/17 22:23]
billdozor [Bind Interface] 		linux_wiki:redis [2019/05/25 23:50]
Line 1: Line 1:
-====== Redis ====== 
- 
-**General Information** 
- 
-Redis is "an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker."  
- 
-Official Site: https://redis.io/ 
- 
-**Checklist** 
-  * Enterprise Linux 7 
- 
----- 
- 
-====== Server: Install ====== 
- 
-[[linux_wiki:repos#epel|Install/enable the EPEL repo.]] 
- 
-\\ 
-Install redis 
-<code bash> 
-yum install redis 
-</code> 
- 
-\\ 
-Start and Enable 
-<code bash> 
-systemctl enable redis 
-systemctl start redis 
-</code> 
- 
-\\ 
-Verify service is available locally 
-<code bash> 
-[root@server01 ~]# redis-cli 
-127.0.0.1:6379> exit 
-</code> 
-  * By default, redis will listen on localhost (127.0.0.1) only 
- 
----- 
- 
-====== Server: Configure ====== 
- 
-Different Redis server options to configure that are not defaults. 
- 
-\\ 
-**The config file is located at**: /etc/redis.conf 
- 
----- 
- 
-===== Bind Interface ===== 
- 
-The default bind/listen interface is localhost (127.0.0.1). 
- 
-If you would like clients to be able to connect over the network, you will need to change this. 
-  * **Caution**: There is no security/encryption by default, but a number of protection measures to take if changing the bind interface. See the security section. 
- 
-\\ 
-Change the bind interface 
-<code bash> 
-bind 192.168.1.100 
-</code> 
- 
----- 
- 
-===== Security ===== 
- 
-Redis was designed to be deployed on trusted networks. It is recommended to NOT expose Redis to the internet. 
- 
-That being said, there are some protection measures that can be taken. 
- 
-\\ 
-**Firewall** 
-  * Use firewalld to only allow certain networks access to the Redis port<code bash># Allow only the 192.168.1.0/24 network 
-firewall-cmd --zone=internal --add-source=192.168.1.0/24 --permanent 
- 
-# To the Redis port 
-firewall-cmd --zone=internal --add-port=6379/tcp --permanent 
- 
-# Reload rules 
-firewall-cmd --reload</code> 
- 
-\\ 
-**Authentication (password) for clients** 
-  * Clients must authenticate before sending commands<code bash>requirepass c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2</code> 
-    * Recommended to use the hash of something to set a complicated password that can't be memorized if seen. Example<code bash>echo "this is the coolest password ever" | sha256sum  
-c5bdeb2b550e038740466ec0c8dc03df3e8bb629bde539251840da1af6ee62d2</code> 
- 
-\\ 
-**Disable Certain Commands** 
-  * Certain commands can be disabled for clients by renaming them 
-    * Renamed command for hard to guess CONFIG<code bash>rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52</code> 
-    * Disabling the CONFIG command completely<code bash>rename-command CONFIG ""</code> 
- 
-\\ 
-**Encryption Tunneling** 
-  * Redis traffic can be piped through an encrypted tunnel using spiped 
- 
----- 
- 
-===== General ===== 
- 
----- 
  
  • linux_wiki/redis.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)