← Back to Blog
RedisTutorial

Running Redis on Bare Metal: Setup, Tuning, and Persistence

Redis is the backbone of modern application caching, session storage, and real-time messaging. Managed Redis services charge $15–$100+/mo for something you can run on your own server in five minutes — with better performance and full control. Here is how to set up, tune, and secure Redis on bare metal.

Why Self-Host Redis

Managed Redis (Upstash, ElastiCache, Redis Cloud) adds network latency between your application and your cache. When Redis runs on the same bare metal server as your app, reads take microseconds instead of milliseconds. You also eliminate the $15–$100/mo managed service fee entirely.

On a RAW server, Redis runs alongside your application at no extra cost. Same dedicated cores, same NVMe storage, zero network hop for cache reads.

Step 1: Install Redis

# Deploy a RAW server
npx rawhq deploy

# SSH in and install Redis
ssh root@your-server-ip
apt update && apt install -y redis-server

# Verify
redis-cli ping
# PONG

Step 2: Configuration Tuning

The default Redis config works for development but needs tuning for production. Edit /etc/redis/redis.conf:

Memory Management

# Set max memory (use 50-75% of available RAM)
# On a 4 GB server, allocate 2 GB to Redis
maxmemory 2gb

# Eviction policy when memory is full
# allkeys-lru: evict least recently used keys (best for caching)
# volatile-lru: only evict keys with TTL set
# noeviction: return errors when full (best for sessions)
maxmemory-policy allkeys-lru

Performance Settings

# Disable transparent huge pages (reduces latency spikes)
# Add to /etc/rc.local or a systemd unit:
echo never > /sys/kernel/mm/transparent_hugepage/enabled

# TCP backlog for high-concurrency workloads
tcp-backlog 511

# Timeout idle connections (0 = never)
timeout 300

# Keep-alive interval
tcp-keepalive 300

Step 3: Persistence — RDB vs AOF

Redis offers two persistence mechanisms. Choose based on your durability requirements.

RDB (Point-in-Time Snapshots)

RDB creates compact binary snapshots at intervals. Fast restarts, smaller disk usage, but you can lose data between snapshots.

# Default RDB rules in redis.conf
save 900 1      # snapshot if 1+ key changed in 900 seconds
save 300 10     # snapshot if 10+ keys changed in 300 seconds
save 60 10000   # snapshot if 10000+ keys changed in 60 seconds

# Snapshot file location
dbfilename dump.rdb
dir /var/lib/redis

AOF (Append-Only File)

AOF logs every write operation. Higher durability (at most 1 second of data loss), but larger files and slightly slower restarts.

# Enable AOF
appendonly yes
appendfilename "appendonly.aof"

# Sync policy
# everysec: fsync every second (recommended balance)
# always: fsync every write (safest, slowest)
# no: let OS decide (fastest, least safe)
appendfsync everysec

# Auto-rewrite AOF when it doubles in size
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb

Which to Choose

  • Caching only: RDB is sufficient. Data loss on crash is acceptable since the cache rebuilds from the primary database
  • Session storage: AOF with everysec. Losing one second of sessions is tolerable
  • Primary data store: Both RDB + AOF enabled. RDB for fast restarts, AOF for minimal data loss

Step 4: Security Hardening

Redis has no authentication by default. Exposing an unsecured Redis instance to the internet is a guaranteed breach.

# Bind to localhost only (default, but verify)
bind 127.0.0.1 -::1

# Set a strong password
requirepass your-strong-password-here

# Disable dangerous commands
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command CONFIG ""
rename-command DEBUG ""

If your app connects from the same server, binding to 127.0.0.1 is all you need. For multi-server setups, use SSH tunnels or a private network — never expose Redis port 6379 to the public internet.

Step 5: Monitoring

# Real-time stats
redis-cli -a your-password info stats

# Memory usage breakdown
redis-cli -a your-password info memory

# Connected clients and blocked clients
redis-cli -a your-password info clients

# Slow log: queries taking longer than 10ms
redis-cli -a your-password slowlog get 10

# Monitor all commands in real-time (debug only)
redis-cli -a your-password monitor

Key Metrics to Watch

  • used_memory vs maxmemory — approaching the limit means evictions are happening
  • evicted_keys — high eviction count means you need more memory or a different policy
  • keyspace_hits vs keyspace_misses — hit rate below 90% suggests your cache is underpowered
  • connected_clients — unexpected spikes indicate connection leaks in your app
  • instantaneous_ops_per_sec — baseline for capacity planning

Cost Comparison: Self-Hosted vs Managed

ServiceSpecsCost/mo
RAW (self-hosted)2 GB cache on same server$0 extra
Upstash Pro10 GB, 10k cmd/sec$280
AWS ElastiCachecache.t3.small, 1.5 GB$25
Redis Cloud Essentials1 GB, shared$15
DigitalOcean Managed1 GB, shared$15

Managed Redis makes sense if you need multi-region replication or do not want to handle backups. For single-server applications — which covers most startups and side projects — self-hosted Redis on bare metal gives you better latency at zero additional cost.

Production Checklist

  • bind 127.0.0.1 — never expose Redis publicly
  • requirepass set — even on localhost, defense in depth
  • maxmemory configured — prevents Redis from consuming all server RAM
  • Persistence chosen — RDB, AOF, or both based on your use case
  • Dangerous commands disabled — FLUSHALL and CONFIG renamed or blocked
  • Backups scheduled — copy RDB snapshots to off-server storage daily
  • Monitoring active — track memory, hit rate, and evictions

Deploy Redis on RAW

npx rawhq deploy

7-day free trial. 13 seconds to deploy. Run Redis on the same dedicated server as your app for $0 extra.

Deploy for Free →