Table of Contents
- What is a Cache Database
- Benefits of a Cache Database
- Installing Redis under Ubuntu 22.04
- Securing Redis with TLS and a Password
- Configuring Redis for Remote Access
What is a Cache Database?
A cache database is a high-speed data storage layer that stores a subset of data, typically transient in nature, so that future requests for that data are served up faster than if the data were to be fetched from the primary data store.
Benefits of a Cache Database
- Speed: Cache databases are designed to be fast. They store data in memory, which is much faster than reading from disk.
- Scalability: Cache databases can be easily scaled horizontally by adding more servers.
- Reliability: Cache databases are designed to be highly available and fault-tolerant.
- Reduced Load on Primary Database: By caching frequently accessed data, cache databases can reduce the load on the primary database, improving performance.
- Improved User Experience: By serving up data faster, cache databases can improve the user experience of your application.
A Cache Database with a Garbage Collected Language like JavaScript
JavaScript has a garbage collector that automatically frees up memory that is no longer being used. This is a good thing because it means you don’t have to worry about memory management in your code. When designing a game, you need to be aware of how the garbage collector works. Extra memory usage can cause the garbage collector to run more frequently, causing performance issues.
You can use a cache database to store data that is frequently accessed. This can help reduce the load on the garbage collector and improve performance.
Installing Redis under Ubuntu 22.04
Install the Redis Server #aptinstallredis-server
If you’re using Ubuntu 22.04, you’ll need to change the configuration file to use systemd.
#nano/etc/redis/redis.conf
/etc/redis/redis.confsupervisedsystemd
And restart the Redis service.
#systemctlrestartredis.service
Securing Redis with TLS and a Password
- Generate a long password
#opensslrand36 | opensslbase64-A
You’ll want a much longer password than this. This is just an example.
/etc/redis/redis.confrequirepassWNFRFI9p+9qoeohQlrXzHrlVzhjpUlYz2eCIOBr60HZpv/m+
- Rename any dangerous commands you want to disable.
FLUSHDB, FLUSHALL, KEYS, PEXPIRE, DEL, CONFIG, SHUTDOWN, BGREWRITEAOF, BGSAVE, SAVE, SPOP, SREM, RENAME, and DEBUG
/etc/redis/redis.confrename-commandFLUSHDB""
rename-commandFLUSHALL”DB_CMD_FLUSH_ALL”
- Restart the redis service
#systemctl restart redis.service
- Create a Certificate Authority (CA): This will be used to sign your SSL certificate.
#opensslreq-new -x509 -days365-keyoutca.key-outca.crt-subj”/CN=Redis CA”
- Generate a Server Certificate and Private Key:
#opensslgenrsa-outredis.key4096 #opensslreq-new -keyredis.key-outredis.csr-subj”/CN=redis.example.com” #opensslx509-req -inredis.csr-CAca.crt-CAkeyca.key-CAcreateserial-outredis.crt-days365
- Edit the Redis configuration file to use the certificates.
/etc/redis/redis.confport0
tls-port6379
tls-cert-file/path/to/redis.crt
tls-key-file/path/to/redis.key
tls-ca-cert-file/path/to/ca.crt
Configuring Redis for Remote Access
Whitelist IP CIDR range for safe access to Redis from the internet.
You can use the following nftables rules to allow access to Redis from specific IP ranges.
Use a range that is appropriate for your network or Internet Service Provider (ISP)
#nftadd rule filter INPUT ip saddr192.168.1.0/24tcp dport6379accept #nftadd rule filter INPUT ip saddr192.168.2.0/24tcp dport6379accept #nftadd rule filter INPUT tcp dport6379drop
Enable and start the nftables service
systemctl enable nftables systemctl start nftables
allow for remote connections
This step can be dangerous if the other steps are not done correctly
/etc/redis/redis.confbind0.0.0.0
protected-modeno
Restart the Redis service
#systemctlrestartredis.service