Hardened Redis with ACL and TLS on Anubiz VPS
Redis 7 introduced full ACLs and improved TLS. The Anubiz default cloud image installs Redis 7 by default. Out of the box it listens on 127.0.0.1 with no auth which is acceptable for single-tenant but every multi-app deployment needs ACL and TLS. This guide configures Redis 7 with per-user ACL, dangerous commands disabled, TLS-only on the network port and a persistence policy that fits session-store use.
Need this done for your project?
We implement, you ship. Async, documented, done in days.
Step 1: TLS Cert
Reuse Postgres CA. Generate redis server cert. Place in /etc/redis/tls/.
Step 2: redis.conf
port 0, tls-port 6379, tls-cert-file, tls-key-file, tls-ca-cert-file, tls-auth-clients optional. bind 0.0.0.0 only if remote, else 127.0.0.1.
Step 3: ACL Users
In redis.conf: user default off (disable anon). user app on ><strong-pw> ~app:* +@read +@write -@dangerous. user sidekiq on ... per workload.
Step 4: Disable Dangerous Commands
rename-command FLUSHALL "", rename-command FLUSHDB "", rename-command CONFIG "" (or rename to random string for ops).
Step 5: Persistence
For session store: save "" (no RDB), appendonly no. For cache that must survive restart: AOF with appendfsync everysec.
Related Services
Why Anubiz Host
Ready to get started?
Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.