How to Install and Secure Redis

Install the server from the Ubuntu repository.

sudo apt update
sudo apt install -y redis-server

Ensure Redis listens only on the loopback interface and that protected-mode stays enabled, so it cannot be reached from other machines even by accident.

sudo nano /etc/redis/redis.conf
# Confirm these lines:
bind 127.0.0.1 -::1     # listen only on loopback (IPv4 + IPv6), never 0.0.0.0
protected-mode yes      # refuse external connections when no password/bind is set
supervised systemd      # let systemd manage the service properly

Set requirepass to a long random string. Clients must authenticate with it before running any command.

# Generate a strong password and view it:
openssl rand -base64 36
sudo nano /etc/redis/redis.conf
# Set (uncomment and replace with the generated value):
requirepass YOUR_LONG_RANDOM_PASSWORD

Rename destructive and config-changing commands to empty strings so even an authenticated client cannot flush your data or rewrite the config. Rename rather than delete so you keep the option of re-enabling.

sudo nano /etc/redis/redis.conf
# Add these lines (renaming to "" disables the command entirely):
rename-command FLUSHALL ""
rename-command FLUSHDB ""
rename-command CONFIG ""
rename-command SHUTDOWN ""

Apply the configuration and make Redis start on boot.

sudo systemctl restart redis-server
sudo systemctl enable redis-server
systemctl status redis-server --no-pager   # verify it is active (running)

Confirm that commands require authentication and that Redis is only listening on localhost.

redis-cli ping                       # should return: NOAUTH Authentication required.
redis-cli -a 'YOUR_LONG_RANDOM_PASSWORD' ping   # should return: PONG
sudo ss -tlnp | grep 6379            # should show 127.0.0.1:6379, NOT 0.0.0.0:6379