Redis in Production: Beyond the Defaults
A fresh Redis install on Ubuntu 22.04 or 24.04 LTS is fine for a dev laptop, but production workloads need tuning. This guide focuses on what changes when your cache serves real traffic: kernel parameters, systemd hardening, replication for read scale, and operational practices that keep the service healthy under load.
Kernel and System Prerequisites
Redis is sensitive to three kernel settings. Applying them before you start tuning Redis itself avoids warnings and subtle data-loss scenarios.
Memory overcommit: required for background saves to succeed when memory is tight.
echo 'vm.overcommit_memory = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -pTransparent Huge Pages: disable to avoid latency spikes during RDB writes.
echo never | sudo tee /sys/kernel/mm/transparent_hugepage/enabled
echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' | sudo tee /etc/rc.local
sudo chmod +x /etc/rc.localSomaxconn: raise the socket backlog so bursts of clients aren't dropped.
echo 'net.core.somaxconn = 1024' | sudo tee -a /etc/sysctl.conf
sudo sysctl -pProduction redis.conf Tuning
Edit /etc/redis/redis.conf and apply production-grade values. The goal is predictable memory use, reliable persistence, and tight access control.
supervised systemd
bind 10.0.0.5 127.0.0.1
protected-mode yes
requirepass StrongPasswordHere
maxmemory 4gb
maxmemory-policy allkeys-lru
timeout 300
tcp-keepalive 60
appendonly yes
appendfsync everysec
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mbReplace 10.0.0.5 with the VPS's private IP. Never bind to 0.0.0.0 on a public interface. If remote clients connect, restrict the public firewall and rely on the private network plus requirepass.
Systemd Service Hardening
The Ubuntu redis-server unit supports drop-in overrides that limit what the process can do if it's ever compromised. Create an override directory:
sudo systemctl edit redis-serverAdd the following block:
[Service]
NoNewPrivileges=yes
ProtectSystem=full
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
LimitNOFILE=65535Reload and restart:
sudo systemctl daemon-reload
sudo systemctl restart redis-server
sudo systemctl enable redis-serverThe higher file descriptor limit matters when you have thousands of concurrent connections — Redis will refuse new clients once the default 10,000 cap is hit.
Replication for Read Scale and Failover
Redis replication is asynchronous and simple to configure. On the replica VPS, add one directive to redis.conf:
replicaof 10.0.0.5 6379
masterauth StrongPasswordHere
replica-read-only yesRestart the replica and verify with redis-cli info replication. You'll see role:slave and master_link_status:up when the handshake succeeds. Route read-heavy clients to the replica and reserve the primary for writes. For automatic failover, add Redis Sentinel on three small nodes — the quorum handles promoting a replica if the primary goes down.
Observability and Alerting
Production Redis needs monitoring. At minimum, track these metrics:
| Metric | Command | Healthy Range |
|---|---|---|
| Memory usage | INFO memory | Below maxmemory cap |
| Hit ratio | INFO stats | Above 90 percent |
| Replication lag | INFO replication | Under 1 second |
| Connected clients | INFO clients | Stable, under LimitNOFILE |
| Evicted keys | INFO stats | Low and predictable |
Export these to Prometheus with redis_exporter or scrape INFO output from a monitoring agent. Alert on sustained replication lag, client disconnects, and memory approaching the cap.
Backups and Disaster Recovery
Even with AOF, take periodic RDB snapshots and copy them offsite. The /var/lib/redis/dump.rdb file is portable and restores with a simple copy-and-restart. Script the snapshot and upload to object storage, or use MassiveGRID's backup services for managed offsite copies. Test recovery quarterly — a backup you've never restored is not a backup.
Operational Checklist
- Bind Redis to the private network only, never public
- Enforce
requirepassand rotate passwords annually - Use
appendonly yeswithappendfsync everysecfor durability - Run replicas in a different availability zone when possible
- Monitor memory, replication lag, and hit ratio with alerts
- Snapshot RDB files offsite at least daily
Need predictable performance for a production Redis tier? MassiveGRID's Managed Cloud Servers and Cloud VPS plans give you dedicated resources, private networking, and 24/7 support. Talk to our team about sizing Redis for your workload.
Published by MassiveGRID, your trusted Linux VPS hosting partner. Explore our Cloud VPS plans for root-access Ubuntu hosting.