Redis Cache Database

Table of Contents

• What is a Cache Database
• Benefits of a Cache Database
• Installing Redis under Ubuntu 22.04
• Securing Redis with TLS and a Password
• Configuring Redis for Remote Access

A cache database is a high-speed data storage layer that stores a subset of data, typically transient in nature, so that future requests for that data are served up faster than if the data were to be fetched from the primary data store.

• Speed: Cache databases are designed to be fast. They store data in memory, which is much faster than reading from disk.
• Scalability: Cache databases can be easily scaled horizontally by adding more servers.
• Reliability: Cache databases are designed to be highly available and fault-tolerant.
• Reduced Load on Primary Database: By caching frequently accessed data, cache databases can reduce the load on the primary database, improving performance.
• Improved User Experience: By serving up data faster, cache databases can improve the user experience of your application.

A Cache Database with a Garbage Collected Language like JavaScript

JavaScript has a garbage collector that automatically frees up memory that is no longer being used. This is a good thing because it means you don’t have to worry about memory management in your code. When designing a game, you need to be aware of how the garbage collector works. Extra memory usage can cause the garbage collector to run more frequently, causing performance issues.

You can use a cache database to store data that is frequently accessed. This can help reduce the load on the garbage collector and improve performance.

Install the Redis Server

apt install redis-server

If you’re using Ubuntu 22.04, you’ll need to change the configuration file to use systemd.

Edit the configuration file for Redis with your editor of choice.

nano /etc/redis/redis.conf

Find the line that says supervised no and change it to supervised systemd.

supervised systemd

And restart the Redis service.

systemctl restart redis.service

1. Generate a long password

openssl rand 36 | openssl base64 -A

You’ll want a much longer password than this. This is just an example.

Add the generated password to the Config file

requirepass WNFRFI9p+9qoeohQlrXzHrlVzhjpUlYz2eCIOBr60HZpv/m+

2. Rename any dangerous commands you want to disable.

FLUSHDB, FLUSHALL, KEYS, PEXPIRE, DEL, CONFIG, SHUTDOWN, BGREWRITEAOF, BGSAVE, SAVE, SPOP, SREM, RENAME, and DEBUG

rename-command FLUSHDB ""
rename-command FLUSHALL "DB_CMD_FLUSH_ALL"

3. Restart the redis service

systemctl restart redis.service

4. Create a Certificate Authority (CA): This will be used to sign your SSL certificate.

openssl req -new -x509 -days 365 -keyout ca.key -out ca.crt -subj "/CN=Redis CA"

5. Generate a Server Certificate and Private Key:

openssl genrsa -out redis.key 4096
openssl req -new -key redis.key -out redis.csr -subj "/CN=redis.example.com"
openssl x509 -req -in redis.csr -CA ca.crt -CA key ca.key -CA createserial -out redis.crt -days 365

6. Edit the Redis configuration file to use the certificates.

port 0
tls-port 6379
tls-cert-file /path/to/redis.crt
tls-key-file /path/to/redis.key
tls-ca-cert-file /path/to/ca.crt

Whitelist IP CIDR range for safe access to Redis from the internet.

You can use the following nftables rules to allow access to Redis from specific IP ranges.

Use a range that is appropriate for your network or Internet Service Provider (ISP)

nft add rule filter INPUT ip saddr 192.168.1.0/24 tcp dport 6379 accept
nft add rule filter INPUT ip saddr 192.168.2.0/24 tcp dport 6379 accept
nft add rule filter INPUT tcp dport 6379 drop

Enable and start the nftables service

systemctl enable nftables
systemctl start nftables

allow for remote connections

This step can be dangerous if the other steps are not done correctly

bind 0.0.0.0
protected-mode no

Restart the Redis service

systemctl restart redis.service