Install Redis 7 on RHEL 10 / Rocky Linux 10 / AlmaLinux 10

Redis 7 is the latest stable release of the popular in-memory data structure store, bringing significant improvements in performance, security, and functionality. This guide walks you through a production-ready installation of Redis 7 on RHEL 10, Rocky Linux 10, or AlmaLinux 10 using the Remi repository. We will cover configuration hardening, persistence options, firewall setup, performance tuning, and high availability basics with Redis Sentinel.

Having managed Redis deployments in production for over a decade, I can tell you that getting the initial setup right saves countless hours of debugging later. Let’s do this properly from the start.

Prerequisites

Before you begin, make sure the following requirements are met:

• A running instance of RHEL 10, Rocky Linux 10, or AlmaLinux 10 (minimal or server install)
• Root or sudo access to the server
• A stable network connection for package downloads
• At least 1 GB of RAM dedicated to Redis (more for production workloads)
• SELinux in enforcing or permissive mode (we will handle the necessary adjustments)

Start by updating your system packages:

sudo dnf update -y

Step 1: Install the Remi Repository

The default RHEL 10 repositories ship an older version of Redis. To get Redis 7.4.x, we need the Remi repository, which is the most trusted third-party source for up-to-date Redis packages on RHEL-based systems.

Install the EPEL and Remi repositories:

sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm
sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-10.rpm

Verify the repositories are enabled:

sudo dnf repolist | grep -i remi

You should see remi-related repositories listed in the output.

Step 2: Enable the Redis 7.4 Module and Install Redis

Enable the Redis 7.4 stream from the Remi repository:

sudo dnf module enable redis:remi-7.4 -y

Now install Redis:

sudo dnf install -y redis

Verify the installed version:

redis-server --version

Expected output should show Redis server v=7.4.x or later. If you see an older version, double-check that the module stream was properly enabled.

Step 3: Configure Redis

The main configuration file is located at /etc/redis/redis.conf. Before making changes, create a backup:

sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.bak

Open the configuration file for editing:

sudo vi /etc/redis/redis.conf

Bind Address

By default, Redis only listens on localhost. If you need remote clients to connect, update the bind directive. For a server that should accept connections on all interfaces:

bind 0.0.0.0

For better security, bind to specific IP addresses rather than 0.0.0.0 in production:

bind 127.0.0.1 192.168.1.50

Set a Password

Running Redis without authentication is a serious security risk. Set a strong password using the requirepass directive:

requirepass YourStr0ngP@sswordHere

Generate a strong random password with:

openssl rand -base64 32

Memory Limit

Set the maximum memory Redis is allowed to use. Without this, Redis will consume all available memory and the OOM killer will eventually terminate the process:

maxmemory 512mb
maxmemory-policy allkeys-lru

Common eviction policies:

• allkeys-lru – Evicts the least recently used keys (best for caching)
• volatile-lru – Evicts LRU keys that have an expiry set
• noeviction – Returns errors when memory limit is reached (best for persistent data stores)

Persistence Settings

Redis supports two persistence mechanisms. For most production setups, enable both:

RDB Snapshots – Point-in-time snapshots at configured intervals:

save 900 1
save 300 10
save 60 10000
dbfilename dump.rdb
dir /var/lib/redis

AOF (Append Only File) – Logs every write operation for better durability:

appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec

The appendfsync everysec setting gives a good balance between performance and data safety. You lose at most one second of writes in a crash scenario.

Additional Recommended Settings

# Disable dangerous commands in production
rename-command FLUSHALL ""
rename-command FLUSHDB ""
rename-command CONFIG "REDIS_CONFIG_b4f8e2a1"

# Set log level
loglevel notice
logfile /var/log/redis/redis.log

# TCP backlog
tcp-backlog 511

# Timeout for idle clients (0 = disabled)
timeout 300

Save the file and exit.

Step 4: Enable and Start Redis Service

Enable Redis to start on boot and start the service:

sudo systemctl enable redis
sudo systemctl start redis

Check the service status:

sudo systemctl status redis

You should see active (running) in the output. If the service fails to start, check the logs:

sudo journalctl -u redis --no-pager -n 50

Step 5: Configure the Firewall

If you need remote clients to reach Redis, open port 6379 in firewalld:

sudo firewall-cmd --permanent --add-port=6379/tcp
sudo firewall-cmd --reload

Verify the rule is active:

sudo firewall-cmd --list-ports

You should see 6379/tcp in the output. For tighter security, restrict access to specific source IPs using rich rules:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="6379" protocol="tcp" accept'
sudo firewall-cmd --reload

Step 6: Test Redis with redis-cli

Connect to Redis using the command-line client:

redis-cli

If you set a password, authenticate first:

127.0.0.1:6379> AUTH YourStr0ngP@sswordHere
OK

Run a quick test:

127.0.0.1:6379> PING
PONG
127.0.0.1:6379> SET testkey "Redis 7 is working"
OK
127.0.0.1:6379> GET testkey
"Redis 7 is working"
127.0.0.1:6379> DEL testkey
(integer) 1

You can also connect and authenticate in a single command:

redis-cli -a YourStr0ngP@sswordHere PING

Check Redis server information:

redis-cli -a YourStr0ngP@sswordHere INFO server

Step 7: Performance Tuning

Redis performs best when the underlying kernel is tuned for its workload. Apply these system-level optimizations.

Enable Memory Overcommit

Redis uses fork() for background persistence. Without memory overcommit enabled, the fork can fail on systems with large datasets:

sudo sysctl vm.overcommit_memory=1

Make it persistent across reboots:

echo "vm.overcommit_memory=1" | sudo tee -a /etc/sysctl.d/99-redis.conf
sudo sysctl -p /etc/sysctl.d/99-redis.conf

Verify the setting:

sysctl vm.overcommit_memory

Disable Transparent Huge Pages (THP)

THP causes latency spikes and increased memory usage with Redis. Disable it:

sudo bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
sudo bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag'

To make this persistent, create a systemd service:

sudo tee /etc/systemd/system/disable-thp.service <<'EOF'
[Unit]
Description=Disable Transparent Huge Pages
Before=redis.service

[Service]
Type=oneshot
ExecStart=/bin/bash -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled && echo never > /sys/kernel/mm/transparent_hugepage/defrag'

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable --now disable-thp.service

Verify THP is disabled:

cat /sys/kernel/mm/transparent_hugepage/enabled

You should see [never] highlighted in the output.

Set Net Core Somaxconn

echo "net.core.somaxconn=65535" | sudo tee -a /etc/sysctl.d/99-redis.conf
sudo sysctl -p /etc/sysctl.d/99-redis.conf

Step 8: Configure Redis as a Cache vs Persistent Store

How you configure Redis depends on your use case. Here are the key differences.

Redis as a Cache

When using Redis purely as a cache layer (for example, in front of a database or for session storage), data loss on restart is acceptable. Optimize for speed:

# /etc/redis/redis.conf - Cache configuration
maxmemory 1gb
maxmemory-policy allkeys-lru
save ""
appendonly no
tcp-keepalive 60

Setting save "" disables RDB snapshots entirely. With appendonly no, there is no disk I/O for persistence, which gives you maximum throughput.

Redis as a Persistent Data Store

When Redis holds primary data (queues, leaderboards, real-time analytics), you need strong durability guarantees:

# /etc/redis/redis.conf - Persistent store configuration
maxmemory 2gb
maxmemory-policy noeviction
save 900 1
save 300 10
save 60 10000
appendonly yes
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb

The noeviction policy means Redis will return errors rather than silently dropping data when it runs out of memory. This is what you want for a primary data store.

Step 9: Redis Sentinel for High Availability

Redis Sentinel provides automatic failover, monitoring, and notification for Redis deployments. In production, you should run at least three Sentinel instances across separate servers to form a quorum.

Architecture Overview

A basic Sentinel setup consists of:

• 1 Redis primary (master)
• 1 or more Redis replicas
• 3 Sentinel instances (can run on the same servers as Redis)

Configure a Redis Replica

On the replica server, add the following to /etc/redis/redis.conf:

replicaof 192.168.1.50 6379
masterauth YourStr0ngP@sswordHere
requirepass YourStr0ngP@sswordHere

Configure Sentinel

Create or edit the Sentinel configuration file at /etc/redis/sentinel.conf:

port 26379
daemonize yes
pidfile /var/run/redis-sentinel.pid
logfile /var/log/redis/sentinel.log

sentinel monitor mymaster 192.168.1.50 6379 2
sentinel auth-pass mymaster YourStr0ngP@sswordHere
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 60000
sentinel parallel-syncs mymaster 1

Key parameters:

• sentinel monitor – The number 2 at the end is the quorum (number of Sentinels that must agree the primary is down)
• down-after-milliseconds – Time in ms before a node is considered unreachable
• failover-timeout – Maximum time for a failover operation
• parallel-syncs – Number of replicas that sync simultaneously after failover

Start Sentinel on each node:

sudo systemctl enable redis-sentinel
sudo systemctl start redis-sentinel

Open the Sentinel port in the firewall on each node:

sudo firewall-cmd --permanent --add-port=26379/tcp
sudo firewall-cmd --reload

Verify Sentinel status:

redis-cli -p 26379 SENTINEL masters

Step 10: Backup Redis with RDB Snapshots

RDB files are compact, single-file point-in-time snapshots that are perfect for backups and disaster recovery.

Manual Backup

Trigger a manual RDB snapshot:

redis-cli -a YourStr0ngP@sswordHere BGSAVE

Check when the last save completed:

redis-cli -a YourStr0ngP@sswordHere LASTSAVE

The RDB file is stored at the path specified in your configuration. By default, this is /var/lib/redis/dump.rdb.

Automated Backup Script

Create a cron job to back up the RDB file daily:

sudo mkdir -p /opt/redis-backups

sudo tee /opt/redis-backups/backup-redis.sh <<'EOF'
#!/bin/bash
BACKUP_DIR="/opt/redis-backups"
DATE=$(date +%Y%m%d_%H%M%S)
REDIS_PASS="YourStr0ngP@sswordHere"

# Trigger a fresh snapshot
redis-cli -a "$REDIS_PASS" BGSAVE 2>/dev/null

# Wait for the save to complete
sleep 5

# Copy the dump file
cp /var/lib/redis/dump.rdb "$BACKUP_DIR/dump_${DATE}.rdb"

# Keep only the last 7 days of backups
find "$BACKUP_DIR" -name "dump_*.rdb" -mtime +7 -delete

echo "Backup completed: dump_${DATE}.rdb"
EOF

sudo chmod +x /opt/redis-backups/backup-redis.sh

Add it to cron:

echo "0 2 * * * root /opt/redis-backups/backup-redis.sh >> /var/log/redis-backup.log 2>&1" | sudo tee /etc/cron.d/redis-backup

Restoring from an RDB Backup

To restore Redis from an RDB backup:

sudo systemctl stop redis
sudo cp /opt/redis-backups/dump_20260318_020000.rdb /var/lib/redis/dump.rdb
sudo chown redis:redis /var/lib/redis/dump.rdb
sudo systemctl start redis

Verify the data was restored:

redis-cli -a YourStr0ngP@sswordHere DBSIZE

Troubleshooting Common Issues

Redis Fails to Start

Check the logs first:

sudo journalctl -u redis --no-pager -n 100
sudo tail -50 /var/log/redis/redis.log

Common causes:

• Configuration syntax error – Run redis-server --test-memory 256 to validate memory, and review your config changes against the backup
• Permission issues – Make sure the data directory is owned by the redis user: sudo chown -R redis:redis /var/lib/redis
• Port already in use – Check with ss -tlnp | grep 6379

SELinux Blocking Redis

If Redis cannot bind to a non-default port or access certain directories, SELinux may be the cause:

sudo ausearch -m avc -ts recent | grep redis
sudo setsebool -P redis_enable_home_dirs on

For custom ports:

sudo semanage port -a -t redis_port_t -p tcp 6380

High Latency or Slow Commands

Use the built-in latency monitoring:

redis-cli -a YourStr0ngP@sswordHere --latency
redis-cli -a YourStr0ngP@sswordHere SLOWLOG GET 10

Common causes of latency:

• Transparent Huge Pages still enabled (check Step 7)
• Background RDB saves on a system with slow disk I/O
• Using KEYS command in production (use SCAN instead)
• Large values or data structures causing serialization delays

Connection Refused from Remote Clients

Check these items in order:

1. Verify the bind address in redis.conf allows remote connections
2. Confirm protected-mode is set to no (or that you have a password set)
3. Check firewall rules: sudo firewall-cmd --list-all
4. Test connectivity: redis-cli -h SERVER_IP -p 6379 -a YourStr0ngP@sswordHere PING

Memory Issues

Monitor memory usage:

redis-cli -a YourStr0ngP@sswordHere INFO memory

If used_memory is approaching maxmemory, either increase the limit or review your eviction policy. For persistent stores, consider offloading cold data to disk-based storage.

Conclusion

You now have a production-ready Redis 7 installation on RHEL 10, Rocky Linux 10, or AlmaLinux 10. The setup includes authentication, persistence, firewall rules, kernel-level performance tuning, and a backup strategy. For production environments handling critical workloads, deploy Redis Sentinel with at least three nodes to provide automatic failover and eliminate single points of failure.

As a next step, consider running redis-benchmark against your server to establish baseline performance numbers before going live. This gives you a reference point for future troubleshooting and capacity planning.