Introduction
Redis is an open-source, in-memory data store that serves as a cache, message broker, and lightweight database. By keeping data in RAM instead of on disk, Redis delivers sub-millisecond response times for read and write operations — making it the go-to choice for session storage, page caching, rate limiting, and real-time leaderboards.
Redis supports a wide range of data structures beyond simple key-value pairs: strings, lists, sets, sorted sets, hashes, streams, and bitmaps. This versatility is why Redis powers critical infrastructure at companies of every size. If you run WordPress, Redis object caching can cut database queries by 80% or more. If you run a Node.js or Django application, Redis handles sessions and job queues faster than any relational database.
In this tutorial, you will install Redis from the default Ubuntu repository, verify the service is running, secure Redis with password authentication and bind address restrictions, configure basic persistence settings, test the installation with common operations, and tune the firewall for local-only access. On our Raff Tier 2 VM, Redis handles over 100,000 operations per second out of the box — the combination of AMD EPYC single-thread performance and DDR5 RAM keeps latency consistently under 1 millisecond.
Step 1 — Install Redis
Redis is available in Ubuntu 24.04's default repository. Update your package index and install the Redis server:
bashsudo apt update
sudo apt install -y redis-server
This installs the Redis server daemon and the redis-cli command-line client. Verify the installed version:
bashredis-server --version
Expected output:
Redis server v=7.0.15 sha=00000000:0 malloc=jemalloc-5.3.0 bits=64 build=...
Note
Ubuntu 24.04 ships Redis 7.0.x. This is a stable release with support for Redis Functions, ACLs, and multi-part AOF persistence. If you need Redis 7.2+, you can add the official Redis repository — but for most workloads, the default version is recommended.
Step 2 — Verify the Redis Service
Redis starts automatically after installation and registers as a systemd service. Confirm it is running:
bashsudo systemctl status redis-server
You should see active (running) in the output.
Test that Redis is responding to commands:
bashredis-cli ping
Expected output:
PONG
If you see PONG, Redis is installed and accepting connections. Here are the essential service management commands:
bashsudo systemctl start redis-server # Start Redis
sudo systemctl stop redis-server # Stop Redis
sudo systemctl restart redis-server # Restart Redis
sudo systemctl enable redis-server # Enable start at boot
sudo systemctl status redis-server # Check status
Step 3 — Configure Redis Security
By default, Redis on Ubuntu binds to 127.0.0.1 (localhost only) and requires no password. The bind address is safe, but adding a password prevents unauthorized access from any application running on the same server.
Open the Redis configuration file:
bashsudo nano /etc/redis/redis.conf
Set a Password
Find the requirepass directive (it is commented out by default):
# requirepass foobared
Uncomment it and set a strong password:
requirepass your_strong_redis_password
Replace your_strong_redis_password with a long, random string. Redis is designed for speed — it can process hundreds of thousands of requests per second, which means a weak password can be brute-forced quickly.
Tip
Generate a strong password with openssl rand -base64 32. Redis passwords can be very long since you typically set them once in application configuration files, not type them by hand.
Verify the Bind Address
Confirm that Redis only listens on localhost. Find the bind directive and ensure it reads:
bind 127.0.0.1 -::1
This restricts Redis to connections from the local machine only. Do not change this to 0.0.0.0 unless you have a specific need for remote access AND have configured proper firewall rules and TLS encryption.
Warning
Exposing Redis to the public internet without authentication and encryption is one of the most common server compromises. Attackers scan for open Redis instances and use the CONFIG SET command to write SSH keys to the server, gaining full access. Always keep Redis bound to localhost or a private network.
Disable Dangerous Commands
Redis includes commands that can be destructive in production. Rename or disable them by adding these lines at the end of the configuration file:
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command CONFIG "REDIS_CONFIG_b4f8e2a1"
This disables FLUSHDB and FLUSHALL (which delete all data) and renames CONFIG to a secret string that only administrators know. If you need to use CONFIG later, use the renamed version.
Save and close the file. Restart Redis to apply the changes:
bashsudo systemctl restart redis-server
Step 4 — Test Password Authentication
Verify that Redis now requires a password. Try a command without authenticating:
bashredis-cli ping
You should see:
(error) NOAUTH Authentication required.
Now authenticate and try again:
bashredis-cli
At the Redis prompt:
127.0.0.1:6379> AUTH your_strong_redis_password
OK
127.0.0.1:6379> ping
PONG
You can also authenticate inline:
bashredis-cli -a your_strong_redis_password ping
Expected output:
PONG
Note
The -a flag passes the password on the command line, which may be visible in your shell history. For scripting, use the REDISCLI_AUTH environment variable instead: export REDISCLI_AUTH=your_strong_redis_password.
Step 5 — Test Basic Redis Operations
Verify Redis is working correctly with some common operations. Connect with authentication:
bashredis-cli -a your_strong_redis_password
Set and retrieve a string value:
127.0.0.1:6379> SET greeting "Hello from Redis on Raff"
OK
127.0.0.1:6379> GET greeting
"Hello from Redis on Raff"
Set a key with an expiration (useful for session storage and caching):
127.0.0.1:6379> SET session:user123 "session_data_here" EX 3600
OK
127.0.0.1:6379> TTL session:user123
(integer) 3599
The EX 3600 flag sets the key to expire after 3,600 seconds (1 hour). The TTL command shows the remaining time to live.
Work with a hash (useful for storing objects):
127.0.0.1:6379> HSET user:1 name "Alice" email "alice@example.com" plan "tier-3"
(integer) 3
127.0.0.1:6379> HGETALL user:1
1) "name"
2) "Alice"
3) "email"
4) "alice@example.com"
5) "plan"
6) "tier-3"
Check memory usage:
127.0.0.1:6379> INFO memory
Look for used_memory_human to see how much RAM Redis is currently consuming. On a fresh install with minimal data, this will be around 1-2 MB.
Exit the Redis CLI:
127.0.0.1:6379> EXIT
Step 6 — Configure Persistence
Redis offers two persistence mechanisms that control how data survives a server restart.
RDB snapshots (enabled by default) — Redis periodically saves a snapshot of the entire dataset to disk. This is fast and compact but can lose data created since the last snapshot.
AOF (Append Only File) — Redis logs every write operation. On restart, it replays the log to rebuild the dataset. This provides stronger durability at the cost of a larger file on disk.
Open the configuration file:
bashsudo nano /etc/redis/redis.conf
To enable AOF alongside the default RDB snapshots, find the appendonly directive and change it:
appendonly yes
The default appendfsync setting is everysec, which flushes the AOF to disk every second. This is a good balance between durability and performance — you lose at most one second of data in a crash.
For pure caching workloads where data loss on restart is acceptable, you can disable persistence entirely by commenting out all save directives and keeping appendonly no. This gives maximum performance since Redis never writes to disk.
Save the file and restart Redis:
bashsudo systemctl restart redis-server
Verify the persistence configuration:
bashredis-cli -a your_strong_redis_password CONFIG GET save
redis-cli -a your_strong_redis_password CONFIG GET appendonly
Note
If you renamed the CONFIG command in Step 3, use the renamed version: redis-cli -a your_strong_redis_password REDIS_CONFIG_b4f8e2a1 GET save.
Redis persistence files are stored in /var/lib/redis/. The RDB file is dump.rdb and the AOF directory is appendonlydir/. Include this directory in your backup strategy — or combine with Raff VM snapshots for full server-level protection.
Step 7 — Configure the Firewall
If UFW is enabled, Redis should not need any additional firewall rules when bound to localhost. Verify that port 6379 is not exposed:
bashsudo ufw status
You should NOT see port 6379 listed. This is correct — Redis only accepts local connections.
If you need to allow Redis connections from another Raff VM on the same private network, restrict the rule to that specific subnet:
bashsudo ufw allow from 10.0.0.0/24 to any port 6379
Warning
Never run sudo ufw allow 6379 without an IP restriction. This exposes Redis to the entire internet. Even with password authentication, unencrypted Redis should only be accessible from trusted networks.
Conclusion
You have installed Redis on your Raff Ubuntu 24.04 VM, secured it with password authentication and bind address restrictions, disabled dangerous commands, configured persistence, and verified the setup with basic data operations. Your server now has a high-performance caching layer ready for production use.
From here, you can:
- Enable Redis object caching in WordPress using a plugin like Redis Object Cache to dramatically reduce database load
- Use Redis as a session store for Node.js (connect-redis), Django (django-redis), or Laravel (predis) applications
- Set up Redis as a message broker for background job queues with tools like Sidekiq, Bull, or Celery
- Configure MySQL or PostgreSQL alongside Redis for a complete database and caching stack
Raff VMs use DDR5 RAM and NVMe SSD storage, both of which directly benefit Redis performance — DDR5 for fast in-memory operations and NVMe for persistence I/O when RDB snapshots or AOF writes flush to disk.
This tutorial was tested by our systems engineering team on a Raff CPU-Optimized Tier 2 VM with Redis 7.0.