Configuration & Security

In Redis there is configuration file (redis.conf) available at root directory of /etc/redis or /etc directory. Although you can get and set all redis configurations by redis CONFIG command.

Syntax

Basic syntax of redis CONFIG command is shown below:

redis 127.0.0.1:6379> CONFIG GET CONFIG_SETTING_NAME

Example

redis 127.0.0.1:6379> CONFIG GET loglevel

1) "loglevel"
2) "notice"

To get all configuration settings just use * in place of CONFIG_SETTING_NAME

Example

127.0.0.1:6379> config get *
  1) "dbfilename"
  2) "dump.rdb"
  3) "requirepass"
  4) ""
  5) "masterauth"
  6) ""
  7) "unixsocket"
  8) ""
  9) "logfile"
 10) "/var/log/redis/redis-server.log"
 11) "pidfile"
 12) "/var/run/redis/redis-server.pid"
 13) "maxmemory"
 14) "0"
 15) "maxmemory-samples"
 16) "5"
 17) "timeout"
 18) "0"
 19) "tcp-keepalive"
 20) "0"
 21) "auto-aof-rewrite-percentage"
 22) "100"
 23) "auto-aof-rewrite-min-size"
 24) "67108864"
 25) "hash-max-ziplist-entries"
 26) "512"
 27) "hash-max-ziplist-value"
 28) "64"
 29) "list-max-ziplist-entries"
 30) "512"
 31) "list-max-ziplist-value"
 32) "64"
 33) "set-max-intset-entries"
 34) "512"
 35) "zset-max-ziplist-entries"
 36) "128"
 37) "zset-max-ziplist-value"
 38) "64"
 39) "hll-sparse-max-bytes"
 40) "3000"
 41) "lua-time-limit"
 42) "5000"
 43) "slowlog-log-slower-than"
 44) "10000"
 45) "latency-monitor-threshold"
 46) "0"
 47) "slowlog-max-len"
 48) "128"
 49) "port"
 50) "6379"
 51) "tcp-backlog"
 52) "511"
 53) "databases"
 54) "16"
 55) "repl-ping-slave-period"
 56) "10"
 57) "repl-timeout"
 58) "60"
 59) "repl-backlog-size"
 60) "1048576"
 61) "repl-backlog-ttl"
 62) "3600"
 63) "maxclients"
 64) "4064"
 65) "watchdog-period"
 66) "0"
 67) "slave-priority"
 68) "100"
 69) "min-slaves-to-write"
 70) "0"
 71) "min-slaves-max-lag"
 72) "10"
 73) "hz"
 74) "10"
 75) "cluster-node-timeout"
 76) "15000"
 77) "cluster-migration-barrier"
 78) "1"
 79) "cluster-slave-validity-factor"
 80) "10"
 81) "repl-diskless-sync-delay"
 82) "5"
 83) "cluster-require-full-coverage"
 84) "yes"
 85) "no-appendfsync-on-rewrite"
 86) "no"
 87) "slave-serve-stale-data"
 88) "yes"
 89) "slave-read-only"
 90) "yes"
 91) "stop-writes-on-bgsave-error"
 92) "yes"
 93) "daemonize"
 94) "yes"
 95) "rdbcompression"
 96) "yes"
 97) "rdbchecksum"
 98) "yes"
 99) "activerehashing"
100) "yes"
101) "repl-disable-tcp-nodelay"
102) "no"
103) "repl-diskless-sync"
104) "no"
105) "aof-rewrite-incremental-fsync"
106) "yes"
107) "aof-load-truncated"
108) "yes"
109) "appendonly"
110) "no"
111) "dir"
112) "/var/lib/redis"
113) "maxmemory-policy"
114) "noeviction"
115) "appendfsync"
116) "everysec"
117) "save"
118) "900 1 300 10 60 10000"
119) "loglevel"
120) "notice"
121) "client-output-buffer-limit"
122) "normal 0 0 0 slave 268435456 67108864 60 pubsub 33554432 8388608 60"
123) "unixsocketperm"
124) "0"
125) "slaveof"
126) ""
127) "notify-keyspace-events"
128) ""
129) "bind"
130) "127.0.0.1"
127.0.0.1:6379> 

Edit configuration

To update configuration you can edit redis.conf file directly or can update configurations via CONFIG set command

Syntax

Basic syntax of CONFIG SET command is shown below:

redis 127.0.0.1:6379> CONFIG SET CONFIG_SETTING_NAME NEW_CONFIG_VALUE

Example

redis 127.0.0.1:6379> CONFIG SET loglevel "notice"
OK
redis 127.0.0.1:6379> CONFIG GET loglevel

1) "loglevel"
2) "notice"

Securing Redis

For better security we will enable requirepass which requires all clients to authenticate before being able to pull or put data from the redis instance.

>> vi /etc/redis/redis.conf

OR

>> vi /etc/redis.conf

Find:

# requirepass foobared

Remove Comment i.e,   "#" from infront of requirepass

requirepass <yourpass>

Example:

requirepass w3clan

Restart the redis service

Upon installation redis-server is started automatically, in order for our configuration changes to take effect we will need to restart the instance. Depending upon your Operating System. It should get started.

/etc/init.d/redis-server restart

or

service redis restart

or

service redis-service restart

Verify

>> redis-cli
127.0.0.1:6379>PING
auth require

Authenticate Verify with Password

>> redis-cli
127.0.0.1:6379>auth your_password_here
OK
127.0.0.1:6379>PING
PONG
Exit the Program
127.0.0.1:6379>quit

Bind Address

Find bind-address

#bind-address 127.0.0.1

Remove "#" before bind-address

bind-address 127.0.0.1

You can further do "iptable" restriction or further more install SSL etc., , "stunnel"


Loading ...

Related Results :

  1. Configuration & Security
Note :
  • Related Posts are generally User Blog posts.
  • or Other tutorials from other networks of w3clan.com.
  • Any registered user can create related posts based on search term tags.

About the Author