Installing & Configuring Redis
Redis (which stands for “Remote Dictionary Server”) is an in-memory data store (a database that keeps all its data in RAM instead of on disk, which makes it extremely fast). People use it as a cache (a fast temporary store for data that is slow to fetch), a message broker (a middleman that passes messages between parts of an app), and a session store (where login sessions are kept). On this page you will install Redis on Ubuntu, walk through the most important settings in its config file, and lock it down so it is never left wide open on the internet.
When to use Redis
Redis is the right tool when you need answers in microseconds and the data fits comfortably in memory. Think of caching database query results, rate limiting (counting how many requests a user makes), leaderboards, or storing short-lived login sessions.
It is not a replacement for a primary database like PostgreSQL or MySQL. Because Redis lives in RAM, memory is limited and more expensive than disk, and if the server loses power you can lose data unless persistence is configured. Use Redis alongside a real database, not instead of one.
| Use case | Use Redis? | Why |
|---|---|---|
| Cache slow query results | Yes | Microsecond reads, simple to expire keys |
| Store user sessions | Yes | Fast, supports automatic expiry |
| Rate limiting / counters | Yes | Atomic increment operations |
| System of record (orders, users) | No | Memory-bound, weaker durability than SQL |
| Large analytical datasets | No | Data must fit in RAM |
Installing Redis on Ubuntu
Ubuntu’s package manager apt ships a recent Redis in its repositories, so installation is one command. We are targeting Ubuntu 22.04 LTS and 24.04 LTS (“LTS” means Long Term Support, the versions Canonical maintains for years).
First refresh the package list, then install the server package:
sudo apt update
sudo apt install redis-server -yThe package includes a systemd service (systemd is the program Ubuntu uses to start and manage background services). Confirm Redis is running:
sudo systemctl status redis-serverOutput:
● redis-server.service - Advanced key-value store
Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; preset: enabled)
Active: active (running) since Mon 2026-06-15 10:12:04 UTC; 5s ago
Main PID: 4821 (redis-server)
Tasks: 5 (limit: 4915)
Memory: 2.8Mactive (running) means it started, and enabled means it will start automatically after a reboot.
Editing redis.conf
Redis reads its settings from a single config file. On Ubuntu it lives at /etc/redis/redis.conf. Open it with a text editor (we use nano here):
sudo nano /etc/redis/redis.confThe file is long and well-commented, but only a handful of settings matter for a safe, useful setup.
bind — which network addresses Redis listens on
The bind directive controls which IP addresses Redis accepts connections on. By default Redis listens only on 127.0.0.1 (localhost, meaning “this machine only”), which is what you want. Make sure it reads:
bind 127.0.0.1 -::1This means Redis is reachable only from apps running on the same server. Do not change this to 0.0.0.0 (all network interfaces) unless you fully understand the security consequences described below.
requirepass — set a password
By default Redis has no password, so anyone who can reach it has full access. Set a strong password with requirepass. Generate one and paste it in:
openssl rand -base64 32Output:
8f3Kq2pZ9vXmR4tLwYbN7cQ1aE6sUjD0hHgPiOoKlM=Then in redis.conf, find the commented # requirepass line and set it:
requirepass 8f3Kq2pZ9vXmR4tLwYbN7cQ1aE6sUjD0hHgPiOoKlM=maxmemory and eviction policy
maxmemory caps how much RAM Redis may use. Without it, a busy cache can consume all memory and crash the server. Set a limit (for example 256 MB) and tell Redis what to do when full with an eviction policy (the rule for which keys to delete when memory runs out):
maxmemory 256mb
maxmemory-policy allkeys-lruallkeys-lru removes the Least Recently Used keys first, which is the standard choice for a cache.
| Policy | Behavior | When to use |
|---|---|---|
noeviction | Reject writes when full | Redis as a durable store, not a cache |
allkeys-lru | Evict least recently used keys | General-purpose cache |
volatile-lru | Evict LRU keys that have an expiry set | Mix of cached and permanent keys |
allkeys-lfu | Evict least frequently used keys | Cache with clear hot/cold access patterns |
supervised systemd
So that systemd can track Redis correctly (clean starts, stops, and status), set the supervision mode. On Ubuntu this should be:
supervised systemdRestarting and testing
Config changes only take effect after a restart. Save the file (in nano, press Ctrl+O then Enter, then Ctrl+X) and restart the service:
sudo systemctl restart redis-serverNow test the connection with redis-cli, the command-line client that ships with Redis. Because you set a password, log in with it and run PING:
redis-cli -a '8f3Kq2pZ9vXmR4tLwYbN7cQ1aE6sUjD0hHgPiOoKlM=' pingOutput:
PONGPONG means Redis is alive and your password is correct. If you connect without the password, you will instead see an authentication error:
redis-cli pingOutput:
(error) NOAUTH Authentication required.That error is good news — it proves the password is being enforced.
Security: never expose Redis to the internet
This is the single most important point on this page. A default Redis with no password, bound to a public IP, is one of the most commonly compromised services on the internet. Attackers scan for open Redis on port 6379 and use it to plant cryptocurrency miners or wipe data.
Warning: Never run Redis on a public IP without a password. The combination of
bind 0.0.0.0and norequirepassis an open door. If an app on another server must reach Redis, prefer a private network, an SSH tunnel, or TLS — and always keeprequirepassset.
If you genuinely need remote access, also lock down the firewall with ufw (Uncomplicated Firewall, Ubuntu’s simple firewall tool) so only trusted IPs can reach port 6379:
sudo ufw allow from 10.0.0.5 to any port 6379Replace 10.0.0.5 with the private IP of the one server allowed to connect. Everyone else stays blocked.
Best Practices
- Always set
requirepasswith a long random password, even on a private network. - Keep
bind 127.0.0.1unless you have a specific, firewalled reason to open it. - Set
maxmemoryand amaxmemory-policyso a runaway cache can never crash the host. - Use
supervised systemdso the service is managed cleanly by Ubuntu. - Restrict port 6379 with
ufwand never rely on “no one knows the IP” as security. - Keep Redis updated with
sudo apt upgradeto pick up security fixes. - Treat Redis as a cache, not your only copy of important data — back the data with a real database.