Learn how to install and secure Redis on Ubuntu 24.04 with authentication, firewall rules, and production-ready configuration steps.
What Is Redis?
Redis (Remote Dictionary Server) is an open-source, in-memory data store used as a cache, database, and message broker. It stores data in memory for extremely fast read and write operations, making it ideal for session storage, real-time analytics, rate limiting, queues, and caching layers in modern web applications.
Redis supports data structures such as strings, hashes, lists, sets, and sorted sets, and is widely used in high-performance systems where low latency is critical.
Prerequisites
Before we begin, let’s ensure we have the following in place:
- A Ubuntu 24.04 dedicated server or KVM VPS.
- A basic programming knowledge.
Learn how to install and secure Redis on Ubuntu 24.04
Step 1: Update Ubuntu 24.04
We begin with a clean and updated system.
sudo apt update
sudo apt upgrade -y
This ensures all system libraries and dependencies are current before installing Redis.
Step 2: Install Redis Server
Ubuntu 24.04 includes Redis in its official repositories.
sudo apt install redis-server -y
After installation, verify the version:
redis-server --version
Redis should now be installed and registered as a systemd service.
Step 3: Enable and Start Redis
Ubuntu uses systemd to manage services.
sudo systemctl enable redis-server
sudo systemctl start redis-server
Verify the service status:
sudo systemctl status redis-server
If everything is correct, we should see:
Active: active (running)
Step 4: Verify Redis Is Working
Run the Redis CLI:
redis-cli
Then execute:
ping
Expected output:
PONG
Type exit to leave the CLI.
Redis is now installed and running. Now comes the part most people skip: security.
Securing Redis in Ubuntu 24.04
By default, Redis binds to 127.0.0.1 and runs without authentication. That is acceptable for isolated development but not for production.
We will harden it properly.
Step 5: Configure Bind Address
Open the Redis configuration file:
sudo nano /etc/redis/redis.conf
Find:
bind 127.0.0.1 ::1
If Redis is only used locally, keep it as-is.
If Redis must be accessed remotely (for example, from an application server), change it to:
bind 127.0.0.1 <SERVER_PRIVATE_IP>
Avoid binding to 0.0.0.0 unless absolutely required.
Step 6: Enable Redis Authentication (Critical)
Inside redis.conf, locate:
# requirepass foobared
Uncomment and set a strong password:
requirepass StrongRedisPasswordHere
Use a strong password generated with:
openssl rand -base64 32
Save the file.
Restart Redis:
sudo systemctl restart redis-server
Now test authentication:
redis-cli
Inside CLI:
auth StrongRedisPasswordHere
ping
We should receive:
OK
PONG
Without authentication, Redis will now deny access.
Good. That’s how it should behave.
Step 7: Disable Dangerous Commands (Recommended for Production)
Redis allows command renaming for additional security.
In redis.conf, add:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command DEBUG ""
rename-command CONFIG ""
This disables these high-risk commands entirely.
Restart Redis again:
sudo systemctl restart redis-server
This prevents accidental or malicious data deletion.
Step 8: Configure Redis to Run as a Supervised Service
Ensure this line exists in redis.conf:
supervised systemd
Ubuntu 24.04 uses systemd, so this ensures proper process management.
Step 9: Configure Firewall Rules (UFW)
If Redis must not be publicly accessible, do not expose port 6379.
Check UFW status:
sudo ufw status
If Redis is local only, ensure port 6379 is not allowed.
If remote access is required from a specific IP:
sudo ufw allow from <TRUSTED_IP> to any port 6379
Never allow:
sudo ufw allow 6379
That exposes Redis to the internet. And the internet does not forgive.
Step 10: Enable Protected Mode
In redis.conf, confirm:
protected-mode yes
Protected mode prevents Redis from accepting external connections when not properly configured.
Step 11: Configure Persistence (Recommended)
Redis supports RDB and AOF persistence.
For production durability, enable AOF:
In redis.conf:
appendonly yes
Restart Redis:
sudo systemctl restart redis-server
This ensures data survives server restarts.
Step 12: Monitor Redis Logs
Redis logs are located at:
/var/log/redis/redis-server.log
View logs:
sudo tail -f /var/log/redis/redis-server.log
Monitoring logs helps detect authentication failures or abnormal behavior.
Optional: Secure Redis with TLS (Advanced Production Setup)
If Redis is exposed across servers, consider enabling TLS.
Install OpenSSL dependencies:
sudo apt install build-essential tcl pkg-config libssl-dev -y
For most production setups behind private networks or VPNs, password authentication + firewall restrictions are sufficient.
For high-compliance environments, TLS termination via stunnel or reverse proxy may be implemented.
Final Verification Checklist
Before calling this production-ready, verify:
- Redis is running via systemd
- requirepass is enabled
- Dangerous commands are disabled
- Firewall restricts port 6379
- Protected mode is enabled
- Persistence is configured
- Logs are accessible
If all items above are correctly configured, Redis on Ubuntu 24.04 is secure and ready for deployment.
Conclusion
Installing Redis on Ubuntu 24.04 is straightforward. Securing it properly is what differentiates a development setup from a production-grade deployment.
By following the steps above, we ensure:
- Controlled access
- Authenticated usage
- Reduced attack surface
- Safe persistence
- Firewall-level protection
This approach aligns with current infrastructure security best practices and is suitable for VPS, cloud, and dedicated server environments.
Redis is lightweight. Security is not optional.
