Performance & Security

Optimizing Redis for production requires a balance between memory usage, throughput, and security.

1. Memory Optimization

Since Redis stores data in RAM, memory is your most expensive resource.

Eviction Policies

When Redis reaches its maxmemory limit, it uses an eviction policy to decide which keys to remove.

• noeviction: Returns errors when memory is full (Default).
• allkeys-lru: Removes the least recently used keys.
• volatile-lru: Removes the least recently used keys with an expiration set.
• allkeys-lfu: Removes the least frequently used keys.

maxmemory 2gb
maxmemory-policy allkeys-lru

Data Expiration (TTL)

Always set an expiration time for temporary data (sessions, cache) to keep memory clean.

SET session:123 "data" EX 3600

2. Security Best Practices

Redis was designed for speed, not for being exposed to the open internet.

Access Control Lists (ACLs)

Introduced in Redis 6.0, ACLs allow you to define users with specific permissions.

# Create a user that can only READ from the 'cached' namespace
ACL SETUSER readonly_user on >password123 +get +keys ~cached:*

Critical Security Checklist:

1. Password Protection: Always use requirepass in redis.conf.
2. Bind to LocalHost: Ensure Redis only listens to internal interfaces (bind 127.0.0.1).
3. Rename Dangerous Commands: Disable or rename commands like FLUSHALL, CONFIG, or KEYS.

rename-command FLUSHALL ""
rename-command CONFIG "BIGNUMBER_CONFIG"

4. TLS/SSL: Use TLS for encrypted communication between the application and Redis.

3. Caching Strategies

• Cache Aside: Application checks cache; if miss, reads from DB and updates cache.
• Write Through: Data is written to cache and DB simultaneously.
• Write Back: Data is written to cache and periodically flushed to DB.

[!TIP] Performance Monitor: Use redis-cli --stat to see real-time performance metrics like keys per second and memory usage.