Redis Installation and Production Environment Security in Ubuntu

What will you learn in this guide?

In this guide, you will learn how to install Redis on Ubuntu and secure it for a production environment.
Topics such as ACL (Access Control Lists), TLS encryption, firewall configuration, memory limit and data persistence are covered step by step.

Our goal: To make Redis high-performance, secure and sustainable 🚀

1. What is Redis and Why is Security Needed?

Redis is a memory-based key-value data store.
It is used in scenarios requiring high performance such as caching, message queues, session management.

But the default Redis installation is:

Open to unauthorized access,
Transmits data without encryption,
It is vulnerable to dangerous commands.

This guide contains all the steps required to bring Redis to production environment security standards.

2. Requirements

Ubuntu 20.04 or above system
non-root user with sudo authority
UFW (Uncomplicated Firewall) must be active

3. Redis Installation and Initial Configuration

3.1. Update Packages

sudo apt update

Updates the list of available packages on your system.

3.2. Install Redis Server

sudo apt install redis-server -y

Downloads and installs Redis and its dependencies.

3.3. Managing Redis with Systemd

Open the configuration file:

sudo nano /etc/redis/redis.conf

Find the supervised directive and change it to this:

supervised systemd

This allows Redis to be monitored by systemd.

3.4. Restart the Service

sudo systemctl restart redis.service

4. Testing That Redis is Working

4.1. Check Service Status

sudo systemctl status redis

If it appears active, the installation is successful.

4.2. Connection Testing from Command Line

redis-cli
ping

Output:

PONG

4.3. Data Writing and Reading Test

set test "GenixNode'ta Çalışıyor!"
get test

Output:

"GenixNode'ta Çalışıyor!"

Verifies that Redis has successfully stored and read data.

5. Restricting Access via Local Network

Redis should only be accessible via localhost.

5.1. Check redis.conf File

sudo nano /etc/redis/redis.conf

Make sure the following line is active:

bind 127.0.0.1 ::1

5.2. Restart the Service

sudo systemctl restart redis

5.3. verification

sudo netstat -lnp | grep redis

Only 127.0.0.1:6379 should appear in the output.

6. User Authorization with ACL

6.1. Create a Strong Password

openssl rand 60 | openssl base64 -A

6.2. Define New User

sudo nano /etc/redis/redis.conf

Add the following lines:

user default off
user genix_user on >güçlü_parolanız ~* &* +@all

This turns off the default user and only activates the “genix_user” account.

Restart the service:

sudo systemctl restart redis

6.3. Test it

redis-cli ping
# (error) NOAUTH Authentication required
redis-cli --user genix_user --askpass
ping
# PONG

7. Encrypted Traffic with TLS

Use TLS to protect Redis' network traffic.

7.1. Create Certificate Files

sudo mkdir /etc/redis/tls
cd /etc/redis/tls
sudo openssl genrsa -out ca.key 4096
sudo openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.crt
sudo openssl genrsa -out redis.key 2048
sudo openssl req -new -key redis.key -out redis.csr
sudo openssl x509 -req -in redis.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out redis.crt -days 365 -sha256
sudo chmod 640 /etc/redis/tls/*
sudo chown redis:redis /etc/redis/tls/*

7.2. Configure TLS Settings

sudo nano /etc/redis/redis.conf

Add the following lines:

port 0
tls-port 6379
tls-cert-file /etc/redis/tls/redis.crt
tls-key-file /etc/redis/tls/redis.key
tls-ca-cert-file /etc/redis/tls/ca.crt

Restart the service:

sudo systemctl restart redis

7.3. TLS Connection Test

redis-cli --user genix_user --askpass --tls --cacert /etc/redis/tls/ca.crt

8. Firewall and Remote Access

8.1. Basic Rules

sudo ufw allow OpenSSH
sudo ufw enable

8.2. Access Permission to Specific IP Address

sudo ufw allow from 203.0.113.55 to any port 6379 proto tcp

8.3. Secure Remote Connection Alternatives

VPN: Create a private network with WireGuard or OpenVPN. SSH Tunnel:

ssh -L 8000:127.0.0.1:6379 user@redis-sunucu

With this method, you can connect to Redis securely from the local 8000 port.

9. Additional Security Measures

9.1. Blocking Dangerous Commands

user genix_user on >güçlü_parolanız ~* &* +@read +@write +@connection -@dangerous -FLUSHALL

9.2. Memory Limit and Policy

maxmemory 2gb
maxmemory-policy allkeys-lru

This protects against DoS attacks and deletes the least used keys.

9.3. Unix Socket Usage

unixsocket /var/run/redis/redis.sock
unixsocketperm 770

9.4. Timeout

timeout 300

9.5. AppArmor Protection

sudo aa-status | grep redis

Limits Redis processes' access to system resources.

10. Monitoring and Log Management

10.1. Monitor System Logs

sudo journalctl -u redis-server.service -f

Watch for failed attempts or errors.

10.2. Slow Log Enabling

slowlog-log-slower-than 10000
slowlog-max-len 128

It is used to detect long running queries.

11. Persistence and Backup

11.1. Difference Between RDB and AOF

RDB: Takes snapshots. It is fast.

AOF: Records every write operation, is more secure.

Use both methods together for best results.

11.2. Backup Strategy

Data files are usually located in the /var/lib/redis directory.

File ownership must be redis:redis.

Encrypt backups and transfer them to external media.

Perform regular recovery tests.

Frequently Asked Questions (FAQ)

Why use ACL instead of requirepass?

ACL offers multiple user and custom permission management. It supports the principle of “least privilege”.

Can self-signed certificates be used in production?

Only on private networks. CA certificates such as Let's Encrypt are recommended in environments with internet access.

How can I limit Redis memory?

Set the limit and cleaning policy with the maxmemory and maxmemory-policy directives.

How do I prevent data loss?

Use RDB + AOF together. This way you balance speed and endurance.

Why shouldn't I expose Redis directly to the internet?

An open port invites brute-force and exploit attacks. Use SSH tunnel or VPN.

🎯 Result

Now you've not only installed Redis, you've hardened it for the production environment. You have completed the ACL, TLS, firewall, memory management and log monitoring steps.

Protect your data, increase your performance. Create your secure Redis instances on the GenixNode Platform now!

What will you learn in this guide?​

1. What is Redis and Why is Security Needed?​

2. Requirements​

3. Redis Installation and Initial Configuration​

3.1. Update Packages​

3.2. Install Redis Server​

3.3. Managing Redis with Systemd​

3.4. Restart the Service​

4. Testing That Redis is Working​

4.1. Check Service Status​

4.2. Connection Testing from Command Line​

4.3. Data Writing and Reading Test​

5. Restricting Access via Local Network​

5.1. Check redis.conf File​

5.2. Restart the Service​

5.3. verification​

6. User Authorization with ACL​

6.1. Create a Strong Password​

6.2. Define New User​

6.3. Test it​

7. Encrypted Traffic with TLS​

7.1. Create Certificate Files​

7.2. Configure TLS Settings​

7.3. TLS Connection Test​

8. Firewall and Remote Access​

8.1. Basic Rules​

8.2. Access Permission to Specific IP Address​

8.3. Secure Remote Connection Alternatives​

9. Additional Security Measures​

9.1. Blocking Dangerous Commands​

9.2. Memory Limit and Policy​

9.3. Unix Socket Usage​

9.4. Timeout​

9.5. AppArmor Protection​

10. Monitoring and Log Management​

10.1. Monitor System Logs​

10.2. Slow Log Enabling​

11. Persistence and Backup​

11.1. Difference Between RDB and AOF​

11.2. Backup Strategy​

Frequently Asked Questions (FAQ)​

🎯 Result​