A proper install using an init script is strongly suggested. The following instructions can be used to perform a proper installation using the init script shipped with Redis 2. We suggest calling it with the name of the port where you are running this instance of Redis. For example:. Both the pid file path and the configuration file name depend on the port number. Note: In the above instructions we skipped many Redis configuration parameters that you would like to change, for instance in order to use AOF persistence instead of RDB persistence, or to setup replication, and so forth.
Make sure to read the example redis. Reading this document will help you: Download and compile Redis to start hacking. Use redis-cli to access the server. Use Redis from your application. Understand how Redis persistence works. Install Redis more properly. Find out what to read next to understand more about Redis. After compilation the src directory inside the Redis distribution is populated with the different executables that are part of Redis: redis-server is the Redis Server itself.
Make sure the port Redis uses to listen for connections by default and additionally if you run Redis in cluster mode, plus for Sentinel is firewalled, so that it is not possible to contact Redis from the outside world.
Use a configuration file where the bind directive is set in order to guarantee that Redis listens on only the network interfaces you are using. For example only the loopback interface Use the requirepass option in order to add an additional layer of security so that clients will require to authenticate using the AUTH command.
Use spiped or another SSL tunneling software in order to encrypt traffic between Redis servers and Redis clients if your environment requires encryption. For this kind of usage you have two different choices: Run Redis using screen. Install Redis in your Linux box in a proper way using an init script, so that after a restart everything will start again properly.
Change the port accordingly. We will go over a handful of ways to check that Redis is working correctly in this step. Here, you can see that Redis is running and is already enabled, meaning that it is set to start up every time the server boots. Note: This setting is desirable for many common use cases of Redis. If, however, you prefer to start up Redis manually every time your server boots, you can configure this with the following command:. To test that Redis is functioning correctly, connect to the server using the command-line client:.
This output confirms that the server connection is still alive. To do this, first restart the Redis instance:. Then connect with the command-line client once again and confirm that your test value is still available:. With that, your Redis installation is fully operational and ready for you to use. However, some of its default configuration settings are insecure and provide malicious actors with opportunities to attack and gain access to your server and its data.
The remaining steps in this tutorial cover methods for mitigating these vulnerabilities, as prescribed by the official Redis website. By default, Redis is only accessible from localhost. However, if you installed and configured Redis by following a different tutorial than this one, you might have updated the configuration file to allow connections from anywhere. This is not as secure as binding to localhost.
This output shows that the redis-server program is bound to localhost If you see another IP address in that column 0. Now that your Redis installation is only listening in on localhost , it will be more difficult for malicious actors to make requests or gain access to your server. To remedy this, Redis allows you to require users to authenticate with a password before making changes via the Redis client redis-cli.
Configuring a Redis password enables one of its two built-in security features — the auth command, which requires clients to authenticate to access the database. Uncomment it by removing the , and change foobared to a secure password. Note: Above the requirepass directive in the redis. Rather than make up a password yourself, you can use the openssl command to generate a random one, as in the following example. By piping the output of the first command to the second openssl command, as shown here, it will remove any line breaks produced by that the first command:.
After copying and pasting the output of that command as the new value for requirepass , it should read:. The following shows a sequence of commands used to test whether the Redis password works.
The first command tries to set a key to a value before authentication:. Fields non existing but set to the default value are not added. Comments inside your configuration file are retained. If you plan to use Redis just as a cache where every key will have an expire set, you may consider using the following configuration instead assuming a max memory limit of 2 megabytes as an example :.
In this configuration there is no need for the application to set a time to live for keys using the EXPIRE command or equivalent since all the keys will be evicted using an approximated LRU algorithm as long as we hit the 2 megabyte memory limit. Basically in this configuration Redis acts in a similar way to memcached.
We have more extensive documentation about using Redis as an LRU cache. The self documented redis.
0コメント