Step 1 – Install and Enable Remi Repository
Firstly, we will add the Remi repository to the CentOS 7 system. The Remi repository provides the latest version of Redis package for our installation.
Before adding the Remi repository, let’s install the EPEL repository and yum utility packages.
sudo yum install epel-release yum-utils
Now add the Remi repository for CentOS 7 using the yum command below.
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
After that, enable the ‘remi’ repository using the yum-config-manager tool as below.
sudo yum-config-manager --enable remi
The Remi repository has been added and enabled on the CentOS 7 system, check using the yum command below.
yum repolist enabled
And you will get the result as below.
Step 2 – Install Redis on CentOS 7
After installing the Remi repository, we will install the latest Redis package. You can check the available Redis version using the yum command below.
yum search redis yum info redis
Now you will get the Redis 5.0.5 is available on the Remi repository.
Install Redis using the command below.
sudo yum -y install redis
Once the installation is complete, start the redis service and add it to the system boot.
systemctl start redis systemctl enable redis
The Redis service is up and running with the default configuration, check the service status and the port used by the server.
systemctl status redis netstat -plntu
And you will get the result as below.
The Redis server is up and running on CentOS 7 system, running the localhost IP address ‘127.0.0.1’ with default TCP port ‘6379’.
Step 3 – Configure Redis
In this step, we’re going to configure our Redis Server installation on the CentOS 7 server.
Edit the Redis configuration file ‘/etc/redis.conf’ using vim editor.
vim /etc/redis.conf
Now change ‘bind’ address with your internal IP address. If you’re running as a cluster, you can change with the private IP address. It’s recommended to run the Redis Server on private internal IP address.
bind 127.0.0.1
Now change the ‘daemonize’ value to ‘yes’, because we will run the Redis service as a daemon.
daemonize yes
Since we’re using the CentOS 7 server and systemd, so we need to change the ‘supervised’ line configuration to ‘systemd’.
supervised systemd
Save and close.
Now restart the redis service.
systemctl restart redis
The basic configuration of the Redis Server has been completed. Now connect to the Redis Server using the redis-cli command as below.
redis-cli
Run the ping command below.
ping ping "Hello Redis"
If your installation is correct, you will get the ‘PONG’ reply and the message that you write after the command.
Step 4 – Securing Redis Installation
In this step, we’re going to secure our Redis installation. There are 3 things that you must know about securing the Redis Server.
1. Network Security
The Network security for redis server is related with the ‘bind’ configuration on the redis configuration ‘redis.conf’. It’s recommended to use the internal private network for your Redis installation and don’t use the public.
Edit the Redis configuration file ‘/etc/redis.conf’ using vim editor.
vim /etc/redis.conf
On the ‘bind’ section, change the IP address with your own internal network IP address.
bind INTERNAL-IP-ADDRESS
Save and close. And now the redis service will run under the ‘INTERNAL-IP-ADDRESS’.
2. Password Authentication
The password authentication for Redis will give you access control to your Redis server. This is a little layer of security that will enhance your Redis server security, and it is not yet enabled by default installation.
To enable the Password Authentication for Rediser server, you will need to uncomment the ‘requirepass’ section on the ‘redis.conf’ file and type your strong password after it.
requirepass hakase-labs321@#$
Change the ‘hakase-labs321@#$’ with your strong password. And now the password authentication for Redis has been enabled.
3. Disabling Dangerous Redis Command
Redis provides a feature for disabling some specific Redis command. This feature can be used to rename or disable some of the dangerous commands such as ‘FLUSHALL’ for erasing all data, ‘CONFIG’ command to setup configuration parameter through the Redis CLI, etc.
To change or disable the Redis command, you can use the ‘rename-command’ option. Edit the redis configuration file ‘redis.conf’ and add some configurations below.
# rename-command COMMAND "CUSTOM" rename-command CONFIG "REDISCONFIG" rename-command FLUSHALL "DELITALL"
Save and close. Once all is complete, restart the redis service using the systemctl command below.
systemctl restart redis
And the basic Redis security for securing Redis installation has been applied to our host.
Other consideration, you may also need the ‘Data Encryption’ support for Redis, as well as the secure coding needed on the application side.
Step 5 – Testing
In this step, we’re going to test our Redis Server deployment using the ‘redis-cli’ command line.
– Testing Host and Authentication
Connect to the Redis Server using the redis-cli command by specifying the redis server hostname/ IP address and port.
redis-cli -h 10.5.5.15 -p 6379
Change the ‘10.5.5.15’ with your IP address. Once you’re connected to the server, try the ping command.
ping ping "Hello Redis"
If you’re getting ann error because you need to authenticate before invoking any command on the Redis CLI shell.
Run the following command to authenticate against the Redis Server.
AUTH hakase-labs321@#$
Once you’re authenticated, you can try the ping command and you will get a reply from the Redis server.
ping ping "Hello Redis"
Src: https://www.howtoforge.com/how-to-install-and-secure-redis-on-centos-7/