Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

Redis Installation and Security (Ubuntu)

What will you learn in this guide?

In this guide, you will learn how to install Redis on an Ubuntu server and secure it for the production environment.
We will implement ACL, TLS, firewall, memory management and persistent data settings step by step.

🧠 Technical Summary

Subject: Redis installation and security configuration on Ubuntu.
Problem: The default Redis installation is vulnerable to unauthorized access.
Steps: Installation → Testing → ACL → TLS → Firewall → Hardening → Monitoring → Persistence.

Prerequisites

  • Server with Ubuntu 20.04 installed
  • sudo authorized user
  • ufw active firewall

1️⃣ Redis Installation

  1. We install Redis from Ubuntu repositories.
sudo apt update
sudo apt install redis-server
  • This command installs Redis and its dependencies.
  1. Check the version:

redis-server --version
  • This command shows the installed Redis version.
  1. systemd integration
  • We are configuring Redis to work correctly as a service.

sudo nano /etc/redis/redis.conf
  • Update the following line:

supervised systemd
  • This setting allows Redis to be managed with systemd.

Restart the service:


sudo systemctl restart redis

2️⃣ Is Redis Working?

  1. Check service status.

sudo systemctl status redis
  1. Connect to Redis and test:

redis-cli

ping
  • This command tests the Redis connection.

set test "calisiyor"
get test
  • These commands test data writing and reading.

3️⃣ Connecting to Localhost

  1. Redis should only be open to local connections.

sudo nano /etc/redis/redis.conf
  • The following line must be active:

bind 127.0.0.1 ::1
  • This setting closes Redis to the outside world.

sudo systemctl restart redis

4️⃣ User Management with ACL

  1. Modern Redis security is provided by ACL.

1.2 Generate strong password


openssl rand 60 | openssl base64 -A
  • This command generates a random strong password.

ACL configuration


sudo nano /etc/redis/redis.conf
  • Add the following:

user default off
user appuser on >STRONG_PASSWORD ~* &* +@all
  • This setting turns off the default user.

sudo systemctl restart redis

Test the connection:


redis-cli --user appuser --askpass

5️⃣ Encryption with TLS

  1. Redis traffic must be encrypted.

sudo mkdir /etc/redis/tls
  1. Creating a certificate:

sudo openssl genrsa -out /etc/redis/tls/ca.key 4096
sudo openssl req -x509 -new -nodes -key /etc/redis/tls/ca.key -days 365 -out /etc/redis/tls/ca.crt
  1. Redis TLS configuration:

port 0
tls-port 6379
tls-cert-file /etc/redis/tls/redis.crt
tls-key-file /etc/redis/tls/redis.key
tls-ca-cert-file /etc/redis/tls/ca.crt
  • This setting turns off the unencrypted port.

6️⃣ Firewall and Remote Access

  1. Never open the Redis port to everyone.

sudo ufw allow from 203.0.113.10/32 to any port 6379 proto tcp
  • This rule only allows secure IP.

Safe alternatives

  1. VPN (WireGuard / OpenVPN)
  • SSH Tunnel

ssh -L 8000:127.0.0.1:6379 user@sunucu_ip
  • This command creates a secure tunnel.

7️⃣ Additional Security Settings

  1. Restrict dangerous commands

user appuser on >STRONG_PASSWORD ~* &* +@read +@write -@dangerous
  • This setting blocks risky commands.
  1. Memory limit

maxmemory 2gb
maxmemory-policy allkeys-lru
  • This setting prevents DoS attacks.
  1. Unix socket

unixsocket /var/run/redis/redis.sock
unixsocketperm 770
  • This structure makes local connections more secure.

8️⃣ Log and Monitor


sudo journalctl -u redis-server -f
  • This command provides live log tracking.
  1. Slow log setting:

slowlog-log-slower-than 10000
slowlog-max-len 128

redis-cli SLOWLOG GET
  • This command shows slow queries.

9️⃣ Persistent Data and Backup

AOF activation:


appendonly yes
  • Check the data directory:

ls -l /var/lib/redis
  • Store backups in an encrypted and remote location.

Frequently Asked Questions (FAQ)

1. Why shouldn't Redis be open to the internet? Brute-force and exploit risks are very high.

2. ACL or requirepass? ACL provides more secure and granular authorization.

3. Is TLS required? Yes, otherwise the data goes in plain text.

4. RDB or AOF? Both are recommended for production.

5. Is AppArmor sufficient? Yes, it is automatically active in Ubuntu.

Result

With this guide, you have made Redis safe and production compatible on Ubuntu. For higher performance and scalability, you can try it now on GenixNode VDS infrastructure.