How to Install Redis on RHEL 7

How to Install Redis on RHEL 7

Redis is an open-source, in-memory data structure store used as a database, cache, message broker, and streaming engine. Its sub-millisecond response times make it the go-to solution for session caching, real-time leaderboards, pub/sub messaging, and rate limiting in high-performance web applications. On RHEL 7, Redis is available through the Extra Packages for Enterprise Linux (EPEL) repository, making installation straightforward. This guide walks you through installing Redis from EPEL, configuring essential settings in /etc/redis.conf including password authentication, memory limits, and persistence, managing the service with systemctl, and securing the installation with firewall rules on RHEL 7.

Prerequisites

• A RHEL 7 server with root or sudo access
• Active RHEL 7 subscription with the base repositories enabled
• EPEL repository configured (or access to install it)
• firewalld running if remote Redis connections are required
• At least 512 MB of free RAM (more for production workloads)

Step 1: Install and Enable the EPEL Repository

Redis is distributed through the EPEL repository for RHEL 7. Install the EPEL release package first:

sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Alternatively, if you have access to the EPEL package in a local mirror:

sudo yum install -y epel-release

Confirm the EPEL repository is enabled:

sudo yum repolist | grep epel

Step 2: Install Redis

With EPEL enabled, install Redis using yum:

sudo yum install -y redis

Yum installs Redis and any required dependencies. Confirm the version that was installed:

redis-server --version
# Redis server v=3.2.12 sha=00000000:0 malloc=jemalloc-3.6.0 bits=64 build=7897e7d0e13773f

EPEL 7 ships Redis 3.2. If your application requires Redis 5 or 6, you can use the Software Collections (SCL) repository or compile from source. Redis 3.2 is stable and suitable for most caching use cases on RHEL 7.

Step 3: Configure /etc/redis.conf

The main Redis configuration file is located at /etc/redis.conf. Back it up before making changes:

sudo cp /etc/redis.conf /etc/redis.conf.bak

Open the configuration file for editing:

sudo vi /etc/redis.conf

Bind Address

By default, Redis binds to 127.0.0.1 only, which is the safest configuration. For a cache that only serves local application processes, leave this unchanged:

bind 127.0.0.1

To accept connections from a specific remote IP in addition to localhost:

bind 127.0.0.1 192.168.1.10

Require Password (requirepass)

Set a strong password to protect the Redis instance from unauthorized access. Redis uses a single flat password (no username by default in version 3.2):

requirepass "R3d1s#Str0ng!Pass2024"

Choose a long, random password — Redis can process hundreds of thousands of requests per second, making it vulnerable to brute-force attacks if you use a weak password.

Maximum Memory and Eviction Policy

Set a memory limit to prevent Redis from consuming all available RAM. The maxmemory-policy setting determines what happens when the limit is reached:

# Set maximum memory to 512 megabytes
maxmemory 512mb

# Eviction policy: remove least-recently-used keys when memory is full
# Options: noeviction, allkeys-lru, volatile-lru, allkeys-random,
#          volatile-random, volatile-ttl, allkeys-lfu, volatile-lfu
maxmemory-policy allkeys-lru

For a pure cache (all keys may be evicted), use allkeys-lru. For a mix of persistent and cached data, use volatile-lru to only evict keys that have an expiry set.

Persistence Settings

Redis supports two persistence mechanisms: RDB snapshots and AOF (Append-Only File). For a cache-only deployment, you may disable persistence entirely for better performance:

# RDB snapshot configuration (save to disk periodically)
# Format: save  
save 900 1      # Save if at least 1 key changed in 900 seconds
save 300 10     # Save if at least 10 keys changed in 300 seconds
save 60 10000   # Save if at least 10000 keys changed in 60 seconds

# RDB dump file name and directory
dbfilename dump.rdb
dir /var/lib/redis

# To disable RDB snapshots entirely (cache-only mode):
# save ""

For applications where data persistence is important, enable AOF:

appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec

Other Important Settings

# TCP backlog (increase for high-connection environments)
tcp-backlog 511

# Timeout for idle client connections (0 = disabled)
timeout 300

# Log level
loglevel notice

# Log file location
logfile /var/log/redis/redis.log

# Number of databases (default 16)
databases 16

# Disable the DANGEROUS commands (optional but recommended for production)
rename-command FLUSHALL ""
rename-command FLUSHDB ""
rename-command CONFIG "CONFIG_9xZm3qK7"
rename-command DEBUG ""

Save and close the configuration file.

Step 4: Start and Enable the Redis Service

Start Redis using systemctl and enable it to launch at boot:

sudo systemctl start redis
sudo systemctl enable redis

Check that Redis is running correctly:

sudo systemctl status redis

Expected output:

● redis.service - Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; ...)
   Active: active (running) since Sun 2024-03-15 13:00:00 UTC; 3s ago
 Main PID: 15432 (redis-server)
   CGroup: /system.slice/redis.service
           └─15432 /usr/bin/redis-server 127.0.0.1:6379

Confirm that Redis is listening on port 6379:

sudo ss -tlnp | grep redis

Step 5: Test with redis-cli

Connect to Redis using the redis-cli command-line client. Because you set a requirepass value, you must authenticate:

redis-cli -a 'R3d1s#Str0ng!Pass2024'

Or connect first and then authenticate:

redis-cli
AUTH R3d1s#Str0ng!Pass2024

Run the PING command to confirm the server is responding:

PING
# PONG

Test basic SET and GET operations:

# Store a simple string value
SET greeting "Hello from RHEL 7 Redis"

# Retrieve the value
GET greeting
# "Hello from RHEL 7 Redis"

# Store a value with an expiry of 60 seconds
SET session:abc123 "user_id=42" EX 60

# Check remaining TTL
TTL session:abc123

# Increment a counter
SET pageviews 0
INCR pageviews
INCR pageviews
INCR pageviews
GET pageviews
# "3"

# Work with hashes (useful for storing objects)
HSET user:1001 name "Alice" email "[email protected]" role "admin"
HGETALL user:1001
HGET user:1001 email

# Work with lists
RPUSH queue:jobs "job1" "job2" "job3"
LRANGE queue:jobs 0 -1
LPOP queue:jobs

Step 6: Test Persistence

With RDB snapshots enabled, Redis saves the data to /var/lib/redis/dump.rdb. Trigger a manual save and verify the file:

redis-cli -a 'R3d1s#Str0ng!Pass2024' SAVE
# OK

# Check that the dump file was written
ls -lh /var/lib/redis/dump.rdb

Use BGSAVE for a non-blocking background save (preferred in production to avoid blocking Redis):

redis-cli -a 'R3d1s#Str0ng!Pass2024' BGSAVE
# Background saving started

# Check when the last save completed
redis-cli -a 'R3d1s#Str0ng!Pass2024' LASTSAVE

Check useful server statistics with the INFO command:

redis-cli -a 'R3d1s#Str0ng!Pass2024' INFO server
redis-cli -a 'R3d1s#Str0ng!Pass2024' INFO memory
redis-cli -a 'R3d1s#Str0ng!Pass2024' INFO stats

Step 7: Configure the Firewall

If your application servers need to connect to Redis remotely, open port 6379 through firewalld. Because Redis has minimal authentication (a single password) and no native TLS in Redis 3.2, it is strongly recommended to restrict firewall access to specific trusted hosts rather than opening the port globally:

# Restrict access to a specific application server IP
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.20/32" port protocol="tcp" port="6379" accept'
sudo firewall-cmd --reload

# Verify the rule
sudo firewall-cmd --list-rich-rules

If you must open port 6379 to a broader subnet, use a network-level access control approach:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.1.0/24" port protocol="tcp" port="6379" accept'
sudo firewall-cmd --reload

Confirm no rule opens port 6379 to the internet (0.0.0.0/0) — Redis instances accidentally exposed to the internet are a common cause of data breaches and ransomware attacks.

Step 8: SELinux and Redis

On RHEL 7 with SELinux in enforcing mode, Redis should work correctly with its default paths. Verify the SELinux context of Redis files:

ls -Z /usr/bin/redis-server
ls -dZ /var/lib/redis
ls -Z /var/log/redis/redis.log

If you change the Redis data directory, apply the correct SELinux label:

sudo semanage fcontext -a -t redis_var_lib_t "/data/redis(/.*)?"
sudo restorecon -Rv /data/redis
sudo chown -R redis:redis /data/redis

Check for AVC denials related to Redis:

sudo ausearch -m avc -ts recent | grep redis

Also ensure the kernel overcommit memory setting is configured as Redis recommends:

# Set at runtime
sudo sysctl vm.overcommit_memory=1

# Persist across reboots
echo "vm.overcommit_memory = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Redis is now fully installed, configured, and secured on your RHEL 7 server. You installed Redis from the EPEL repository, customized the essential settings in /etc/redis.conf including the bind address, password authentication, memory limits, eviction policy, and RDB snapshot persistence, managed the service with systemctl, tested operations using redis-cli, and hardened the installation with targeted firewall rules. For production deployments, consider configuring Redis Sentinel for high availability, enabling TLS through a stunnel proxy for encrypted connections, and setting up monitoring using redis-cli INFO combined with a metrics collection system such as Prometheus with the Redis exporter.