How to Install Redis on Linux: Step-by-Step Guide
When an application grows beyond a handful of users, the classic setup of "request hits the server, server queries the disk-based database, database returns data" starts to feel slow. Every additional round trip to the disk adds latency that compounds under load. Redis eliminates that bottleneck by holding working data in the machine's operating memory, where read and write operations complete in microseconds rather than milliseconds.
Practically speaking, Redis fills the gap between a full relational database and the application layer. Teams plug it in wherever speed matters most: repeated lookups that would otherwise hammer the primary database, temporary login tokens, background job pipelines, and publish/subscribe channels between services. The current major branch is version 8, released under an open-source AGPLv3 option.
This walkthrough covers the entire path from a blank Linux server to a running, protected Redis instance. We will go through package installation on Debian-family and RHEL-family systems, adjust key performance parameters, and lock down access before the instance handles real data. If you need a server, Serverspace offers Linux VPS instances that deploy in a few clicks with the distribution of your choice.
Before You Begin
Make sure the following conditions are met on the target machine:
- The operating system is one of: Ubuntu 22.04 or 24.04, Debian 11 or 12, Rocky Linux 8 or 9, AlmaLinux 8 or 9. Other RHEL-compatible rebuilds will also work with minor path adjustments.
- You can execute commands as root or through a regular account that has sudo privileges.
- The package catalog is current. On Debian-family systems that means running apt update; on RHEL-family it means dnf update. Stale catalogs can pull in outdated or missing dependencies.
- The machine has at least 1 GB of free RAM. Redis itself occupies very little memory at idle; the real consumption depends on how many keys your application stores and how large their values are.
Installation on Ubuntu and Debian
You have two options here, and the choice comes down to how new a version you need.
Using the Built-in System Packages
Debian and Ubuntu ship a Redis package inside their standard software catalog. The version lags behind the upstream project (Ubuntu 24.04 carries the 7.0 branch, for example, while upstream has moved to 8.x), but it is well-tested and gets security fixes through the normal OS patch cycle. For straightforward caching workloads this is often good enough.
Pull in the package with two commands:
sudo apt updatesudo apt install redis-server -yThe installer registers a systemd unit, starts the daemon, and enables it for every future boot. No extra steps are needed.
Pulling the Latest Branch from the Upstream Repository
If your project relies on capabilities that only appeared in Redis 8 (the integrated query engine, native document storage, vector similarity lookups), add the package source that the Redis company maintains.
Begin by importing the cryptographic key that proves the packages are authentic:
sudo apt install curl gpg lsb-release -y
curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor \
-o /usr/share/keyrings/redis-archive-keyring.gpgThen register the new source in the package manager:
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] \
https://packages.redis.io/deb $(lsb_release -cs) main" \
| sudo tee /etc/apt/sources.list.d/redis.listFinally, refresh the catalog and install:
sudo apt updatesudo apt install redis -yConfirming That Everything Works
Regardless of the path you took, check the installed version and the process state:
redis-server --versionsudo systemctl status redis-serverThe status output should contain the words active (running). A quick round-trip test is also useful:
redis-cli pingWhen the server replies PONG, the daemon is alive and listening on the loopback address. At this stage no outside machine can connect to it, which is the intended default.
Installation on Rocky Linux, AlmaLinux, and RHEL
The base software catalogs of versions 8 and 9 do not carry a Redis package, so we will point the package manager at the RPM source published by the Redis company. Note: starting with the tenth major release, RHEL and its rebuilds include Valkey (a fork that split off in 2024) instead of Redis, so adding the external source is the only way to get the original project on those newer systems.
Create the repository descriptor:
sudo tee /etc/yum.repos.d/redis.repo << 'EOF'
[Redis]
name=Redis
baseurl=http://packages.redis.io/rpm/rockylinux9
enabled=1
gpgcheck=1
EOFIf the machine runs the 8.x release of Rocky or AlmaLinux, swap out rockylinux9 for rockylinux8 in the URL above.
Import the signing key and pull in the package:
curl -fsSL https://packages.redis.io/gpg | sudo tee /tmp/redis.key
sudo rpm --import /tmp/redis.key
sudo dnf install redis -yUnlike on Debian-family systems, the daemon will not start on its own after the first install. Activate it and tell systemd to bring it up on every boot:
sudo systemctl enable redis
sudo systemctl start redisVerify with sudo systemctl status redis and redis-cli ping, same as described in the previous section.
Adjusting the Core Settings
All runtime behavior is controlled through a single text file. Its location is /etc/redis/redis.conf on most Debian-family installations and /etc/redis.conf on RHEL-family systems. Open it in any editor and review the following parameters.
Interface binding. The bind line determines which local addresses the daemon will answer on. The stock value restricts it to the loopback, so traffic from other hosts gets rejected at the socket level. Leave it this way unless your application lives on a separate machine.
Port number. By default the daemon occupies 6379/tcp. Changing the port reduces noise from bots that scan common ports and prevents collisions when multiple services share the same host.
Password protection. Locate the requirepass line, remove the comment marker, and replace the placeholder with a long random string. Until this step is done, every local process can read and overwrite any stored key without identifying itself.
Memory cap. The maxmemory directive tells the daemon the largest amount of RAM it may occupy. Without it, Redis will keep accepting writes until the OS runs out of free pages, which typically ends with the OOM killer terminating the process. On a 4 GB machine, reserving 1 to 2 GB for Redis is a safe starting point.
Eviction rules. Once the memory cap is reached, the daemon has to decide what to throw away. The maxmemory-policy setting controls this choice. The table below compares the options you will encounter most often.
| Policy | Eviction logic | Typical scenario |
|---|---|---|
| allkeys-lru | Drops whichever key has gone the longest without being read or written. | Pure caching layers where every key can be rebuilt from the primary database. |
| volatile-lru | Applies the same least-recently-used logic, but only among keys that carry an expiration timestamp. | Mixed storage: some keys are permanent references, others are disposable cache entries. |
| allkeys-lfu | Counts how often each key is accessed and removes the ones with the lowest frequency score. | Workloads with a sharp popularity curve: a small group of hot keys and a long tail of cold ones. |
| noeviction | Stops accepting new writes and returns an error to the client application. | Job queues and counters where losing even a single record is unacceptable. |
Disk persistence. Redis can write its contents to disk so that a reboot does not erase everything. RDB periodically freezes a complete snapshot into a compact binary file; recovery is fast, but writes between snapshots are lost. AOF logs each operation to a journal; it survives crashes with minimal loss but generates more disk I/O. Running both simultaneously is a common production choice.
After editing any of these values, tell the daemon to re-read the file:
sudo systemctl restart redis-serverOn RHEL-family installations the unit is usually called redis rather than redis-server.
Protecting the Instance Before It Handles Real Traffic
Out of the box, Redis trusts everyone. There is no login prompt, no traffic encryption, and no command restrictions. A fresh instance exposed to the internet can be compromised within minutes by automated scanners. The steps below bring it to a reasonable production baseline.
Authentication. The requirepass directive is the bare minimum. For shared instances, version 6.0 introduced ACLs: separate logins, per-command restrictions, and key pattern limits.
Firewall. Even with a password in place, the listening port should not be open to the entire network. On Ubuntu and Debian, a single UFW rule will restrict access to a specific subnet:
sudo ufw allow from 10.0.0.0/24 to any port 6379 proto tcpRHEL-family systems use firewall-cmd; the equivalent rich rule achieves the same result.
Disabling destructive operations. A handful of built-in commands can wipe the entire dataset or expose internal configuration details. Renaming them to empty strings effectively removes them:
rename-command FLUSHALL ""
rename-command FLUSHDB ""
rename-command CONFIG "INTERNAL_CFG_8k2q"The third line uses a random alias instead of an empty string, which lets administrators still invoke the command when they know the alias.
Transport encryption. Native TLS support arrived in version 6.0. Turning it on ensures that passwords and payload content travel in encrypted form whenever the client and the server sit on different hosts.
Process isolation. Packages from the official repositories already run the daemon under a dedicated low-privilege account. Verify by running ps aux | grep redis and confirming the process owner is not root.
Running a Quick Smoke Test
Open the interactive terminal that ships with every Redis installation:
redis-cliIf you enabled password protection earlier, the server will refuse commands until you authenticate:
AUTH your_passwordExecute a short sequence that exercises writes, reads, expiration, and deletion:
SET greeting "Hello from Redis"
GET greeting
SET session:user1 "active" EX 3600
TTL session:user1
DEL greeting
DBSIZEHere SET creates a record, EX attaches a countdown timer (3600 seconds), GET fetches the value, TTL reports remaining seconds before auto-deletion, DEL removes a record immediately, and DBSIZE shows the total record count. If every command returns the expected output, the instance is fully operational.
Conclusion
You now have a Redis instance installed from a verified source, configured with a memory ceiling and eviction strategy, and shielded by password authentication and firewall rules. This baseline covers most development, staging, and moderate-traffic production workloads.
As load increases, the natural next steps are adding a replica node so that reads can be distributed, deploying Sentinel to automate failover decisions, or transitioning to a clustered topology that splits data across multiple shards. For monitoring, the Prometheus ecosystem has a mature Redis exporter that covers memory consumption, hit ratios, and command throughput.
The official project documentation at redis.io/docs provides detailed guidance on every topic mentioned above and is updated alongside each new release.
