Redis is an open-source in-memory data structure store. You can use it as a Memcached alternative to store simple key-value pairs, as a NoSQL database, or even a message broker with the Pub-Sub pattern. This guide will show you how to install, configure, fine-tune, and secure Redis on CentOS 8.
The Remi’s RPM repo is a long-time and community-trusted repo for CentOS. Its Redis package is usually newer than CentOS’s Redis package.
$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
$ dnf module list | grep redis
The result should look like this:
redis 5 [d] common [d] Redis persistent key-value database
redis remi-5.0 common [d] Redis persistent key-value database
redis remi-6.0 common [d] Redis persistent key-value database
The values in the second column above correspond to major versions of Redis.
$ sudo dnf module install redis:remi-6.0 -y
$ sudo systemctl enable redis.service
$ sudo systemctl start redis.service
$ sudo nano /etc/redis.conf
By default, when maxmemory is reached, Redis will stop writing new data. If you want Redis to write new data by removing old data automatically, you have to tell Redis how to remove it. The allkeys-lru eviction policy is a good choice for most users. Add the following line:
Learn more about eviction methods here.
By default, Redis will save its in-memory data on disk after a specified period or a specified number of write operations against the DB. The default settings are:
save 900 1
save 300 10
save 60 10000
That means saving will occur:
With the default settings above, Redis will load the saved data into memory every time it restarts. So your previous in-memory data will be restored. If you don’t need this feature, you can disable it entirely by commenting out those lines:
# save 900 1
# save 300 10
# save 60 10000
If you decide to keep this feature, you should upgrade the server to a bigger plan or add an appropriate Linux swap file to ensure that Redis’s memory is double the maxmemory declared above. Otherwise, in the worst-case scenario, when the maxmemory is reached, the saving process can cause your server to run out of memory.
$ sudo systemctl restart redis.service
$ sudo tail /var/log/redis/redis.log
You will see some information like this:
5228:M 15 Aug 2020 04:14:29.133 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
5228:M 15 Aug 2020 04:14:29.133 # Server initialized
5228:M 15 Aug 2020 04:14:29.133 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
5228:M 15 Aug 2020 04:14:29.133 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
$ echo 'net.core.somaxconn = 512' | sudo tee -a /etc/sysctl.conf > /dev/null
$ echo 'vm.overcommit_memory = 1' | sudo tee -a /etc/sysctl.conf > /dev/null
$ sudo sysctl -p
Create a new script file:
$ sudo nano /usr/bin/disable-transparent-hugepage
Paste the following text into the file:
echo never > /sys/kernel/mm/transparent_hugepage/enabled
Save and close the file, then make it runnable and owned by the root account:
$ sudo chown root:root /usr/bin/disable-transparent-hugepage
$ sudo chmod 770 /usr/bin/disable-transparent-hugepage
Next, create the configuration file for the systemd service that will call the script at boot time:
$ sudo nano /etc/systemd/system/disable-transparent-hugepage.service
Description=Disable Transparent Huge Pages (THP) for Redis.
Save and close the file, then enable the service:
$ sudo systemctl enable disable-transparent-hugepage.service
$ sudo reboot
$ redis-cli -h 127.0.0.1 -p 6379
If the connection succeeds, you will see the Redis command prompt:
set testkey testvalue
If you see the following result, then Redis is working correctly.
127.0.0.1:6379> set testkey testvalue
127.0.0.1:6379> get testkey
If you set up a production environment with multiple servers for your application, the application servers need access to the Redis server. It’s recommended to use a private network for safety.
$ sudo firewall-cmd --permanent --zone=trusted --change-interface=ens7
$ sudo nano /etc/systemd/system/redis.service.d/wait-for-ips.conf
Paste the following text into the file, then save and close it:
bind 127.0.0.1 192.168.0.100
$ sudo dnf install redis
$ redis-cli -h 192.168.0.100 -p 6379
$ sudo dnf remove redis
To learn more about Redis, see these resources:
Powered by BetterDocs