Introduction
Redis is an open-source in-memory data structure store. You can use it as a Memcached alternative to store simple key-value pairs, as a NoSQL database, or even a message broker with the Pub-Sub pattern. This guide will show you how to install, configure, fine-tune, and secure Redis on CentOS 8.
Prerequisites
A CentOS 8 server with enough free memory for Redis. 1 million small Key -> String-Value pairs use ~ 85 MB.
Follow RCS's best practices guides:
1. Install Redis
The Remi's RPM repo is a long-time and community-trusted repo for CentOS. Its Redis package is usually newer than CentOS's Redis package.
Enable the repo:
$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
List all available Redis packages in the Remi repo.
$ dnf module list | grep redis
The result should look like this:
redis 5 [d] common [d] Redis persistent key-value database redis remi-5.0 common [d] Redis persistent key-value database redis remi-6.0 common [d] Redis persistent key-value database
The values in the second column above correspond to major versions of Redis.
Assuming the latest major version is 6.0, install that version:
$ sudo dnf module install redis:remi-6.0 -y
Enable the Redis service to start at boot time.
$ sudo systemctl enable redis.service
Start Redis.
$ sudo systemctl start redis.service
2. Configure Redis
Open the Redis configuration file in your favorite editor:
$ sudo nano /etc/redis.conf
Set the desired memory capacity for your application.
maxmemory 128mb
By default, when maxmemory is reached, Redis will stop writing new data. If you want Redis to write new data by removing old data automatically, you have to tell Redis how to remove it. The allkeys-lru eviction policy is a good choice for most users. Add the following line:
maxmemory-policy allkeys-lru
Learn more about eviction methods here.
Set the save-to-disk policy.
By default, Redis will save its in-memory data on disk after a specified period or a specified number of write operations against the DB. The default settings are:
save 900 1 save 300 10 save 60 10000
That means saving will occur:
after 900 sec (15 min) if at least 1 key changed
after 300 sec (5 min) if at least 10 keys changed
after 60 sec if at least 10000 keys changed
With the default settings above, Redis will load the saved data into memory every time it restarts. So your previous in-memory data will be restored. If you don't need this feature, you can disable it entirely by commenting out those lines:
# save 900 1 # save 300 10 # save 60 10000
If you decide to keep this feature, you should upgrade the server to a bigger plan or add an appropriate Linux swap file to ensure that Redis's memory is double the maxmemory declared above. Otherwise, in the worst-case scenario, when the maxmemory is reached, the saving process can cause your server to run out of memory.
Save and close the configuration file, then restart Redis to apply the changes.
$ sudo systemctl restart redis.service
3. Fine-Tune the System
Check the Redis log file:
$ sudo tail /var/log/redis/redis.log
You will see some information like this:
5228:M 15 Aug 2020 04:14:29.133 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. 5228:M 15 Aug 2020 04:14:29.133 # Server initialized 5228:M 15 Aug 2020 04:14:29.133 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 5228:M 15 Aug 2020 04:14:29.133 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
To fix the first warning, enter the following command.
$ echo 'net.core.somaxconn = 512' | sudo tee -a /etc/sysctl.conf > /dev/null
To fix the second warning, enter the following command.
$ echo 'vm.overcommit_memory = 1' | sudo tee -a /etc/sysctl.conf > /dev/null
Reload the sysctl values.
$ sudo sysctl -p
To fix the last warning, you need to disable transparent hugepages at boot time before starting the Redis service.
Create a new script file:
$ sudo nano /usr/bin/disable-transparent-hugepage
Paste the following text into the file:
#!/bin/bash echo never > /sys/kernel/mm/transparent_hugepage/enabled exit 0
Save and close the file, then make it runnable and owned by the root account:
$ sudo chown root:root /usr/bin/disable-transparent-hugepage $ sudo chmod 770 /usr/bin/disable-transparent-hugepage
Next, create the configuration file for the systemd service that will call the script at boot time:
$ sudo nano /etc/systemd/system/disable-transparent-hugepage.service
Paste the following text into the file:
[Unit] Description=Disable Transparent Huge Pages (THP) for Redis. Before=redis.service [Service] Type=exec ExecStart=/usr/bin/disable-transparent-hugepage [Install] WantedBy=multi-user.target
Save and close the file, then enable the service:
$ sudo systemctl enable disable-transparent-hugepage.service
4. Verify the Setup
Restart the Redis server:
$ sudo reboot
After the server restarts, check the Redis log file to ensure there are not any warnings:
$ sudo tail /var/log/redis/redis.log
Use the redis-cli program to connect to Redis through the default loopback IP 127.0.0.1 and port 6379.
$ redis-cli -h 127.0.0.1 -p 6379
If the connection succeeds, you will see the Redis command prompt:
127.0.0.1:6379>
Enter some Redis commands to ensure it works:
set testkey testvalue get testkey exit
If you see the following result, then Redis is working correctly.
127.0.0.1:6379> set testkey testvalue OK 127.0.0.1:6379> get testkey "testvalue" 127.0.0.1:6379> exit
5. (Optional) Configure Redis for Private Network Access
If you set up a production environment with multiple servers for your application, the application servers need access to the Redis server. It's recommended to use a private network for safety.
Configure the private network
Follow this guide to enable and configure a private network for this Redis server and the application servers that need to communicate with Redis.
Update the firewalld service to allow incoming connections from the private network:
$ sudo firewall-cmd --permanent --zone=trusted --change-interface=ens7
Create a systemd service to delay the Redis start-up until the private interface is up and IP address is assigned.
$ sudo nano /etc/systemd/system/redis.service.d/wait-for-ips.conf
Paste the following text into the file, then save and close it:
[Unit] After=network-online.target Wants=network-online.target
Edit the Redis configuration file.
$ sudo nano /etc/redis.conf
Add the private IP address that Redis should bind to. For example, if Redis should bind to both the internal loopback (127.0.0.1) and a private IP address (192.168.0.100):
bind 127.0.0.1 192.168.0.100
Save and close the configuration file.
Restart Redis to apply the changes.
$ sudo systemctl restart redis.service
Test the private network
Connect to one of your application servers on your private network via SSH.
Assuming the application server is also CentOS 8, temporarily install Redis to get the redis-cli software.
$ sudo dnf install redis
Use the redis-cli program to connect to the Redis server.
$ redis-cli -h 192.168.0.100 -p 6379
If the connection succeeds, you will see the Redis command prompt:
192.168.0.100:6379>
Enter some Redis commands to ensure it works:
set testkey testvalue get testkey exit
If you see the following result, then Redis is working correctly.
127.0.0.1:6379> set testkey testvalue OK 127.0.0.1:6379> get testkey "testvalue" 127.0.0.1:6379> exit
Uninstall the redis package on the application server.
$ sudo dnf remove redis
Conclusion
To learn more about Redis, see these resources: