Message
Author
Board
Date
January 18, 2025, 01:56:06 AM
January 18, 2025, 12:31:57 AM
January 15, 2025, 10:10:06 PM
January 11, 2025, 01:01:33 PM
January 09, 2025, 11:59:16 PM

Redis installation & configuration

Started by Chen Zhen, December 19, 2024, 01:34:45 AM

Previous topic - Next topic

Chen Zhen

Redis Installation & Configuration

If you are on a Red Hat based system, you may need to use the "vim" command instead of "vi".
Just sub it out in these instructions if it's applicable.

Proper full instructions for setting up Redis:



Install the Redis Server, PhpRedis & their dependencies

Do a "snapshot" of your OS/domain from your hosting panel before making changes.



Predis requirement

Debian:
Install Redis on your server (Debian base):
apt-get install redis-server

Red Hat:
Install Redis on your server (Red Hat base):
dnf install redis-server

PhpRedis requirements

Optional Debian for PhpRedis installation (includes dependencies for future SMF-Redis development):
apt install pkg-php-tools
apt install libevent-dev
apt install libzstd-dev
pecl install msgpack
pecl install igbinary
pecl install zstd
pecl install redis

Optional Red Hat for PhpRedis installation (includes dependencies for future SMF-Redis development):
dnf install pkg-php-tools
dnf install libevent-dev
dnf install libzstd-dev
pecl install msgpack
pecl install igbinary
pecl install zstd
pecl install redis

Notes:
- PHP modules are usually stored in: /usr/lib/php/* and can likely be copied to the appropriate path for like PHP branches if necessary.
- zstd (PECL compression module) is for a future feature of this modification  and is optional at this time.

You will need to enable the redis, igbinary and compression extensions in your php.ini file to use all the SMF-Redis features.
You can usually access your php.ini via your website panel. If you're using PHP-FPM make sure to edit the one for each specific website.
In the example above we installed zstd compression so in your php.ini you need to have it load the extension:

If you're having trouble installing the above on your OS or enabling extensions in PHP, just post in the forum & we can attempt to address your issue.
Usually the fix ends up being a small task, don't be uninstalling/re-installing a bunch of things before asking about the problem.



Create a Redis configuration file

Create an ACL user name/password file:
touch /etc/redis/users.acl
Edit the Redis config file (use "vim" if applicable):
vi /etc/redis/redis.conf
Near the beginning of the file, add this line:
include /etc/redis/myredis.conf
Ensure all of these lines are commented-out (# symbol before command to make them void):
#port 6379
#bind 127.0.0.1 -::1
#daemonize no
#aclfile /etc/redis/users.acl
#unixsocket "/run/redis/redis-server.sock"
#unixsocketperm 700
#logfile /var/log/redis/redis-server.log
#databases 16



Now create your custom Redis config file:
vi /etc/redis/myredis.conf
Add the following to that file (notice the file permission change):

port 6379
bind 127.0.0.1 -::1
daemonize yes
aclfile /etc/redis/users.acl
unixsocket "/run/redis/redis-server.sock"
unixsocketperm 770
logfile /var/log/redis/redis-server.log
databases 16

The above example uses the default TCP port & allows a socket connection.
You can use TCP, socket or both (for testing or multiple applications).

The default config file for Redis is over 2000 lines in length mostly due to the explanatory comments.
What we just did is allow editing of the main commands without having to scroll through 2000+ lines of code.
When using vim via a terminal, this makes things much easier.

Example changes:

If you just want to use a TCP connection using port 40000 & disable the socket connection, then use the following:
[make sure to adjust firewall rules to allow TCP port traffic for the port that you use here]
port 40000
#unixsocket "/run/redis/redis-server.sock"
#unixsocketperm 770

If you want to use a socket connection & disable TCP port access, use the following:
port 0
unixsocket "/run/redis/redis-server.sock"
unixsocketperm 770

The socket file may be set differently on your system possibly due to a hosting panel.
If your hosting panel created its own config file, you may want to edit that one or use your panel itself to access the file.
Redis will create a socket path/file after it detects it in the config & redis is restarted.

The idea here is help you set up Redis the way you wish it to operate and to possibly increase its security.
You can change the port but make sure the port has TCP access through your firewall.
For sockets, make sure you're using the socket file created by Redis.



Run the Redis start up service

Start up Redis & tell it to start at every boot:

sudo systemctl enable redis-server.service
sudo systemctl start redis-server
sudo systemctl status redis-server

Anytime you make changes to the config you can restart Redis & check it:
sudo systemctl restart redis-server
sudo systemctl status redis-server

If you make any mistakes it will show an error & will not start.
You can check its log file to see what is wrong:
cat /var/log/redis/redis-server.log


Socket file/path permissions

If your panel set up the socket for you, then you likely will not need to alter any permissions for the socket.
However, if you are using a self-managed system or your panel doesn't set it up for you then you likely need to adjust socket access.
If your socket isn't accessable & shows a permission error, then do the following (use your socket path):

chmod 0755 /run/redis
chmod 0770 /run/redis/redis-server.sock
sudo systemctl restart redis-server

Add the "redis" user to the apache group & to all user groups that are going to use Redis.
Your user on your OS is usually in a group under the same name. ie. if you are user1 on your system it is usually in group user1.
ie. in Debian apache is dubbed "www-data" & in Red Hat apache is dubbed "httpd" or "apache", the example below uses www-data.

Example#1: For apache plus user1 & user2 that have a domains on the system under their user/id name:
usermod -G www-data,user1,user2 redis
Example#2: Alternately you can edit the group file directly:
vi /etc/group
In that file you can scroll near the end and add user id's to the redis group:
redis:x:128:www-data,user1,user2
Restart apache2 & Redis:
Debian:
sudo systemctl restart apache2
systemctl restart redis-server

Red Hat:
sudo systemctl restart httpd


Testing the connection

Test your connection on the command line:

To test a TCP connection using localhost @ port 6379:
redis-cli -h 127.0.0.1 -p 6379 ping
To test a Unix socket connection to the default socket path:
redis-cli -s /run/redis/redis-server.sock ping

In either case a successful connection will respond with: "PONG"



ACL user name & password setup

In the config file shown above we set it up to use an ACL file for user/password storage.
All you need to do is create users with the appropriate command access, give them passwords & assign a password to the "default" user.
This will force this application to have that information to connect to your Redis server.
Keep in mind that you will have to enter the same info on the command line afterward to gain access.

Change USERNAME, PASSWWORD & PREFIX to your unique values.

Create users, passwords & command access:

This example shows restricting that user to a prefix ( sub out "~PREFIX:*" with "allkeys" for all prefixes ):
redis-cli
acl setuser USERNAME on >PASSWORD ~PREFIX:* +select +get +flushdb +del +set +setex +info +ping +eval +zadd
acl save
exit

Make sure you add a password for the "default" user else you will allow general access via SMF-Predis.

redis-cli acl setuser default on >PASSWORD ~* &* +@all
acl save

Now you will have to enter the default name/pass on the command line to gain access to Redis:
redis-cli
auth default PASSWORD

If you changed the port then you will need to key it in to gain access ( ie. port 40000 ):
redis-cli -h 127.0.0.1 -p 40000
auth default PASSWORD

If you disabled the port ( 0 ) then you will need to use the socket info to gain access:
redis-cli -s "/run/redis/redis-server.sock"
auth default PASSWORD



If you want to check if things are working as intended on the command line, here are some basic command to get you started:
These commands are from the redis-cli interface (already logged in via commands from above).

Select a database that will be in effect for any command that follows (ie. DB#5):
select 5
View databases & the basic number of entries in each:
INFO keyspace
View basic cached data for specific key prefix (ie. prefix of "0MYPREFIX0:" :
keys "0MYPREFIX0:*"
View basic cached data for all keys :
keys "*"
flush all cached data from all databases:
flushall
flush cached data from specific DB (ie. DB # 2) :
select 2
flushdb

flush cache data from specific prefix:
del keys "0MYPREFIX0:*"
flush all keys & prefixes:
flushall
More Redis interface commands can be found here:
https://redis.io/docs/latest/develop/tools/cli/



If you have any questions about using SMF-Predis just post in the support forum.