Last active
April 30, 2025 14:16
-
-
Save jeffwray/54e2cf7b5562906bc363fbc57e65d1ef to your computer and use it in GitHub Desktop.
🧠 Secure Redis Setup Script for Amazon Linux & Ubuntu This script installs and configures the latest Redis from source on an EC2 instance (Amazon Linux 2023, Ubuntu 22.04, or compatible). It: • Compiles Redis with BUILD_TLS support • Sets up systemd for auto-start and graceful shutdown • Generates a secure 32-character password with openssl • St…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| # === REDIS INSTALLATION SCRIPT === | |
| # Secure Redis with TLS, systemd, password, and auto memory tuning | |
| # Works on Amazon Linux 2023 and Ubuntu 22.04+ | |
| REDIS_VERSION="7.2.4" | |
| PRIVATE_IP=$(hostname -I | awk '{print $1}') | |
| REDIS_PORT=6379 | |
| # === Calculate memory limits === | |
| TOTAL_MEM_MB=$(awk '/MemTotal/ {print int($2 / 1024)}' /proc/meminfo) | |
| MAX_MEMORY_MB=$((TOTAL_MEM_MB * 70 / 100)) | |
| echo "[+] System memory: ${TOTAL_MEM_MB}MB → Allocating ${MAX_MEMORY_MB}MB for Redis" | |
| # === Generate or reuse password === | |
| if [ -f /etc/redis/.redis-pass ]; then | |
| REDIS_PASSWORD=$(sudo cat /etc/redis/.redis-pass) | |
| echo "[+] Reusing existing Redis password" | |
| else | |
| REDIS_PASSWORD=$(openssl rand -base64 32) | |
| sudo mkdir -p /etc/redis | |
| echo "$REDIS_PASSWORD" | sudo tee /etc/redis/.redis-pass > /dev/null | |
| sudo chmod 600 /etc/redis/.redis-pass | |
| echo "[+] Generated new Redis password stored at /etc/redis/.redis-pass" | |
| fi | |
| # === Install dependencies === | |
| if command -v yum &>/dev/null; then | |
| echo "[+] Detected Amazon Linux. Fixing curl-minimal conflict..." | |
| sudo dnf swap curl-minimal curl --allowerasing -y || true | |
| echo "[+] Installing build tools and Redis dependencies..." | |
| sudo yum groupinstall -y "Development Tools" | |
| sudo yum install -y jemalloc-devel tcl curl tar wget openssl-devel | |
| elif command -v apt &>/dev/null; then | |
| echo "[+] Detected Ubuntu/Debian. Installing packages..." | |
| sudo apt update | |
| sudo apt install -y build-essential libjemalloc-dev tcl curl tar wget libssl-dev | |
| else | |
| echo "[!] Unsupported OS. Exiting." | |
| exit 1 | |
| fi | |
| # === Download and build Redis === | |
| curl -O http://download.redis.io/releases/redis-$REDIS_VERSION.tar.gz | |
| tar xzf redis-$REDIS_VERSION.tar.gz | |
| cd redis-$REDIS_VERSION | |
| make distclean || true | |
| make BUILD_TLS=yes | |
| sudo make install | |
| cd .. | |
| # === Configure Redis === | |
| sudo mkdir -p /var/lib/redis | |
| sudo chown ec2-user:ec2-user /var/lib/redis | |
| cat <<EOF | sudo tee /etc/redis/redis.conf | |
| bind 127.0.0.1 $PRIVATE_IP | |
| protected-mode yes | |
| port $REDIS_PORT | |
| requirepass $REDIS_PASSWORD | |
| dir /var/lib/redis | |
| maxmemory ${MAX_MEMORY_MB}mb | |
| maxmemory-policy allkeys-lru | |
| appendonly no | |
| daemonize no | |
| supervised systemd | |
| EOF | |
| # === Setup systemd === | |
| cat <<EOF | sudo tee /etc/systemd/system/redis.service | |
| [Unit] | |
| Description=Redis In-Memory Data Store | |
| After=network.target | |
| [Service] | |
| User=ec2-user | |
| Group=ec2-user | |
| ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf | |
| ExecStop=/usr/local/bin/redis-cli -a $REDIS_PASSWORD shutdown | |
| Restart=always | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| sudo systemctl daemon-reexec | |
| sudo systemctl enable redis | |
| sudo systemctl start redis | |
| echo "[✓] Redis is installed, secured, and running!" | |
| echo "[!] Redis password is stored in: /etc/redis/.redis-pass" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment