Do you need support in installing Redis on Centos 7? We offer installation services on CentOS.
Setting up Redis on CentOS 7 is not just about going through the normal Installation process but there are key security, firewall as well as file permissions implementations which must be done to improve security.
We do Redis installation for numerous customers on a daily basis as part of our Linux Server Services.
In this context, we shall look into the processes taken to setup Redis.
How to install Redis on Centos7?
To get Redis installed, it is important to add the Extra Packages for Enterprise Linux (EPEL) repository to the Server's environment package list.
Next, With the yum command, install EPEL;
sudo yum install epel-release
Then, proceed with the installation of Redis with the command below;
sudo yum install redis -y
This process normally take some few minutes, so be patient as the installation goes through. As soon as the installation process is completed, then start the Redis service with the command below;
sudo systemctl start redis.service
sudo systemctl enable redis
To verify if the redis service has started successfully, use the command below;
sudo systemctl status redis.service
Now you will see that Redis is running on your server. The next step is to configure it to improve server security.
Configuring Firewall for Redis
By default, Redis is not great at providing security. This is why it is important to set a firewall for it so as to protect the server in general. To implement this, locate the Redis configuration file /etc/redis.conf and modify it by uncommenting the bind line with the following command;
sudo vi /etc/redis.conf
It is recommended that you do not use a public IP address to avoid vulnerability by eternal threats. Therefore using a private IP address is better.
Making Redis accessible from another host is made possible by using the firewall-cmd command which will help to modify the firewalld configuration. Start by adding a dedicated Redis zone to the firewalld policy as shown below;
sudo firewall-cmd –permanent –new-zone=redis
Tell the server the port (The default port for Redis is 6379) you want Redis to use with the command below;
sudo firewall-cmd –permanent –zone=redis –add-port=6379/tcp
As recommended previously, the firewall should be mapped to a Private IP address to be used by Redis. Use the command below;
sudo firewall-cmd –permanent –zone=redis –add-source=client_server_private_IP
The next step is to reload the firewall to effect the new rule changes with the command below;
sudo firewall-cmd –reload
Setting a Strong Password for Redis on Centos 7
To further strengthen the security of the Server, it is recommended to use a very strong password in Redis configuration file to prevent unauthorized users from gaining access to the Server's database. To implement this, head to the configuration file /etc/redis.conf. Use the command below to edit the file;
sudo vi /etc/redis.conf
look out for the Security area for the requirepass directive which is commented by default. You should uncomment it and use a stronger password;
# requirepass password
After changing the password, save the file and restart Redis. Confirm that the password is working with the command below;
To authenticate the password specified in the Redis configuration file, use the command below;
127.0.0.1:6379> auth specified_redis_password
To complete this process, run the key1 command below;
127.0.0.1:6379> set key1 10
Other vital settings to apply on your Redis installation on CentOS 7
You can choose to change the permission and ownership of the Redis to enhance the security profile of the Redis Installation. The user of the Redis must have a read access permission to read its data.
To allow only the Redis user to access the folder and all its contents, modify the permissions via the command below;
sudo chmod 770 /var/lib/redis
By default the Redis configuration file has a file permission of 644 owned by root. This is not good as it poses a security threat as the password in the configuration file is unencrypted. To modify this to allow the Redis user assume ownership, use the command below;
sudo chown redis:redis /etc/redis.conf
After this, ensure that only the Redis user can read and/or write to the configuration file with the command below;
sudo chmod 600 /etc/redis.conf
Finally, you can restart the Redis service to effect changes.