How to Install Redis on Debian 13, 12 and 11

Fast cache reads only help when the Redis package source matches the server you are maintaining. To install Redis on Debian, start with Debian’s default archive package for the lowest-maintenance service, or use Redis.io’s APT repository when an application needs a newer upstream Redis branch.

Debian 13 (Trixie), Debian 12 (Bookworm), and Debian 11 (Bullseye) all provide Redis through the default repositories. Redis.io also publishes Debian packages through its own APT repository, with newer branches on Debian 13 and 12 and a Redis 7.4 branch on Debian 11.

Install Redis on Debian

Choose the Redis Package Source

Pick one Redis package source before installing. Mixing Debian’s Redis packages, a Redis.io source file, and an extrepo-created Redis source can leave APT with duplicate candidates or conflicting source definitions.

Method	Debian Coverage	Package Source	Update Behavior	Best For
Debian default repository	Debian 13, 12, and 11	Debian package archive	Normal Debian APT and security updates	Most servers that value stability, predictable dependencies, and Debian-maintained security fixes
Redis.io APT repository	Debian 13 and 12 for Redis 8.x; Debian 11 for Redis 7.4.x	Redis official APT repository	APT-managed updates from packages.redis.io	Applications that need a newer Redis branch than the one in the Debian archive

The Debian repository is the safer default because it stays inside Debian’s normal package lifecycle. Use the Redis.io repository only when your application documentation, module support, or feature requirements point to a newer Redis branch.

Use only one Redis repository method on a system. If an older setup used extrepo for Redis, clean up the extrepo source before adding the manual Redis.io DEB822 file in the Redis.io method.

Check Redis Versions Available on Debian

Debian and Redis.io publish different Redis branches. Exact patch releases change as security and upstream updates land, so use branch-level expectations for planning and verify the live candidate with APT before installing.

Debian Release	Debian Default Package	Redis.io Repository Candidate
Debian 13 (Trixie)	Redis 8.0.x	Redis 8.6.x
Debian 12 (Bookworm)	Redis 7.0.x	Redis 8.6.x
Debian 11 (Bullseye)	Redis 6.0.x	Redis 7.4.x

Redis.io lists Debian 13 and 12 among the tested platforms for current Redis Open Source builds. The Bullseye repository remains useful when Debian 11 systems need Redis 7.4.x packages, but it is not a path to the current Redis 8 branch.

Check the current candidate on your own host when version selection matters:

apt-cache policy redis-server redis-tools

Update Debian Before Installing Redis

Refresh APT metadata before installing packages so APT uses current repository indexes:

sudo apt update

These commands use sudo for actions that change system packages, services, or root-owned files. If your account cannot use sudo yet, add the account through the Debian sudoers setup guide before continuing.

Install Redis from the Debian Repository

Install the Redis server and client tools from Debian’s default package sources:

sudo apt install redis-server redis-tools

The redis-server package installs the service, and redis-tools provides redis-cli for local checks, scripts, and troubleshooting. Confirm the installed packages and source after APT finishes:

dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package} ${Version}\n' redis-server redis-tools
apt-cache policy redis-server redis-tools

Enable Redis at boot, start it immediately, and check the active state:

sudo systemctl enable --now redis-server
systemctl is-active redis-server

active

Install Redis from the Redis.io APT Repository

Use the Redis.io repository when you need a newer Redis branch than Debian ships. This method adds a dedicated signing key and a DEB822 source file, so APT can update Redis with the rest of your package upgrades.

Install the tools needed to download the signing key and write the APT source file:

sudo apt install ca-certificates curl gpg

Download the Redis package signing key into a package-specific keyring:

curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor --yes -o /usr/share/keyrings/redis-archive-keyring.gpg
sudo chmod 0644 /usr/share/keyrings/redis-archive-keyring.gpg

Create the Redis.io DEB822 source file with the Debian codename and CPU architecture detected from your system. The Redis.io APT metadata currently publishes Debian packages for amd64, arm64, armhf, and i386; the command skips source creation on other architectures so APT does not carry a repository that cannot provide Redis.

CODENAME=$(. /etc/os-release && printf '%s' "$VERSION_CODENAME")
ARCH=$(dpkg --print-architecture)

case "$ARCH" in
  amd64|arm64|armhf|i386)
    printf '%s\n' \
    'Types: deb' \
    'URIs: https://packages.redis.io/deb' \
    "Suites: $CODENAME" \
    'Components: main' \
    "Architectures: $ARCH" \
    'Signed-By: /usr/share/keyrings/redis-archive-keyring.gpg' | sudo tee /etc/apt/sources.list.d/redis.sources > /dev/null
    ;;
  *)
    printf 'Redis.io does not publish Debian packages for architecture: %s\n' "$ARCH" >&2
    ;;
esac

Inspect the source file once before refreshing APT. The Suites: value should match your Debian codename, such as trixie, bookworm, or bullseye. If the architecture message appeared instead, stop this Redis.io method and use the Debian repository method for that server.

cat /etc/apt/sources.list.d/redis.sources

Update APT metadata and confirm that the redis candidate comes from https://packages.redis.io/deb:

sudo apt update
apt-cache policy redis

Install the Redis.io metapackage, which pulls in the matching server and client packages:

sudo apt install redis

Enable and start the service after installation:

sudo systemctl enable --now redis-server
systemctl is-active redis-server

active

Confirm the installed Redis.io package versions:

dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package} ${Version}\n' redis redis-server redis-tools
redis-server --version

Test Redis on Debian

Check the Redis Service and Listener

Check that Redis is active and listening on the default localhost port:

systemctl is-active redis-server
ss -tln | grep ':6379'

active
LISTEN 0      511        127.0.0.1:6379      0.0.0.0:*
LISTEN 0      511            [::1]:6379         [::]:*

Localhost binding is the safest default for a cache used by an application on the same server. Remote access needs an explicit bind address, authentication, and source-restricted firewall rules.

Run a Redis Ping Test

Use redis-cli to send a simple ping to the local server:

redis-cli ping

PONG

Confirm Redis CLI and Service Account Details

The redis-tools package provides redis-cli, and the server package creates a dedicated redis system account for service-owned data:

command -v redis-cli
getent passwd redis

The command path should normally be /usr/bin/redis-cli. The getent row should show a non-login account with /var/lib/redis as its home directory.

Try Basic Redis Commands

Run a short key-value test so you know the client can write, read, and remove a key:

redis-cli SET linuxcapable:test "ready"
redis-cli GET linuxcapable:test
redis-cli DEL linuxcapable:test

OK
"ready"
(integer) 1

Configure Redis on Debian

Redis works immediately after installation, but most servers need a few baseline settings before an application depends on it. Keep configuration changes small, back up the file first, and restart the service only after saving the edits.

Back Up the Redis Configuration File

Create a backup of the packaged configuration file before changing memory, network, or authentication settings:

sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.backup

Open the Redis configuration file in your preferred terminal editor:

sudo nano /etc/redis/redis.conf

Set a Redis Memory Limit and Eviction Policy

A cache should not grow until it competes with the operating system or database for memory. Set a limit that fits your server and choose an eviction policy that matches cache-style workloads:

maxmemory 512mb
maxmemory-policy allkeys-lru

allkeys-lru lets Redis evict the least recently used keys when memory is full. If Redis stores data that must not be evicted, choose a stricter policy and plan persistence or application handling before enabling a hard memory cap.

Configure Redis Binding and Authentication

Keep Redis bound to localhost when only local applications need it:

bind 127.0.0.1 -::1
protected-mode yes

If a private application host must connect remotely, bind Redis to the server’s private address and require authentication:

bind 127.0.0.1 192.168.1.100
protected-mode yes
requirepass change-this-long-random-password

Redis should not be exposed directly to the public internet. Bind it to localhost or a private interface, require authentication, and restrict access with a firewall rule that names the client address or private subnet.

For multi-application servers, Redis ACL users are usually cleaner than sharing one global password. Use requirepass as a simple baseline for a single local application or a small private deployment.

Apply and Verify Redis Configuration Changes

Restart Redis and confirm the service is active after editing redis.conf:

sudo systemctl restart redis-server
systemctl is-active redis-server

active

Check the applied memory settings from Redis itself:

redis-cli CONFIG GET maxmemory
redis-cli CONFIG GET maxmemory-policy

maxmemory
536870912
maxmemory-policy
allkeys-lru

If you enabled requirepass, use redis-cli --askpass CONFIG GET maxmemory and enter the Redis password at the prompt. Avoid putting Redis passwords directly in shell arguments because they can appear in shell history or process listings.

Manage Redis on Debian

Restart Redis After Configuration Changes

Restart the service after changing Redis configuration or applying package updates that do not restart it automatically:

sudo systemctl restart redis-server
systemctl status redis-server --no-pager

Review Recent Redis Logs

Use the Redis systemd unit name when checking logs:

journalctl -u redis-server --no-pager -n 50

The newest log lines usually show configuration errors, bind failures, protected-mode notices, and shutdown or restart events.

Configure UFW Firewall Rules for Redis on Debian

Redis does not need an inbound firewall rule when clients run on the same server and Redis stays bound to localhost. Add firewall rules only when another private host must connect to Redis over TCP port 6379.

Install UFW and Protect SSH Access

Install UFW and allow SSH before enabling the firewall. If your server uses a non-standard SSH port, allow that port instead of the generic ssh service name. UFW can ask for confirmation when it is enabled; answer y only after the SSH path is allowed.

sudo apt install ufw
sudo ufw allow ssh
sudo ufw enable

Remote servers can lock you out if the firewall is enabled before the active SSH path is allowed. Keep a second SSH session open while changing firewall rules, or use the Debian UFW setup guide for a broader firewall workflow.

Allow Redis from One Trusted Client

Allow a single application host to connect to Redis. Replace 192.168.1.50 with the private address of the client that needs access:

sudo ufw allow proto tcp from 192.168.1.50 to any port 6379

For a private subnet, use the smallest subnet that covers your Redis clients:

sudo ufw allow proto tcp from 192.168.1.0/24 to any port 6379

Verify Redis Firewall Access

Check that UFW has a source-restricted Redis rule instead of a broad public rule:

sudo ufw status numbered

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 6379/tcp                   ALLOW IN    192.168.1.50

From the allowed client, test Redis with an interactive password prompt:

redis-cli -h 192.168.1.100 --askpass ping

PONG

Tune Redis Performance on Debian

Performance tuning should match the Redis role. A cache often needs eviction and slow command visibility, while a queue or persistent data store may need a different memory and persistence strategy.

Enable Redis Slow Log Visibility

The slow log records commands that take longer than a configured threshold. This example records commands slower than 10 milliseconds and keeps the newest 128 entries:

slowlog-log-slower-than 10000
slowlog-max-len 128

After restarting Redis, check the current slow log length:

redis-cli slowlog len

0

Use redis-cli --askpass slowlog len when authentication is enabled.

Adjust TCP Keepalive and Log Level

These defaults are reasonable for many web applications, but making them explicit helps future administrators understand the intended behavior:

tcp-keepalive 300
loglevel notice

tcp-keepalive helps close stale client sessions, while loglevel notice keeps operational messages visible without debug-level volume.

Troubleshoot Redis on Debian

Redis Service Name or Alias Errors

Use redis-server.service as the canonical systemd unit name on Debian. Some package/release combinations expose redis.service as an alias, while others do not, and enabling the alias can fail.

sudo systemctl enable redis.service

Failed to enable unit: Refusing to operate on alias name or linked unit file: redis.service

List Redis unit files to see which names the installed package provides:

systemctl list-unit-files --type=service 'redis*'

redis-server.service  enabled  enabled
redis-server@.service disabled enabled
redis.service         alias    -

Debian 11 may omit redis.service entirely, while newer package combinations may show it as an alias. In both cases, use the canonical redis-server unit for service operations.

Use the canonical service for start and enable operations:

sudo systemctl enable --now redis-server

redis-cli Command Not Found

If the shell cannot find redis-cli, install the Debian client package:

redis-cli --version

bash: redis-cli: command not found

sudo apt install redis-tools
command -v redis-cli

NOAUTH Authentication Required

After setting requirepass, unauthenticated commands return a NOAUTH error:

redis-cli ping

(error) NOAUTH Authentication required.

Retry with an interactive password prompt:

redis-cli --askpass ping

PONG

Remote Redis Connection Refused

Remote clients usually fail when Redis is still bound only to localhost, the firewall does not allow the client, or the service is not listening on the expected private address.

A client library may show RedisException: Connection refused for this symptom, but the fix usually belongs on the Redis server side.

Run these checks on the Redis server:

grep -E '^(bind|protected-mode|requirepass)' /etc/redis/redis.conf
sudo ufw status numbered
ss -tln | grep ':6379'

The configuration should name the Redis server’s private address, UFW should allow only trusted source addresses, and ss should show Redis listening on port 6379. Fix the missing layer, restart Redis, then test again from the client.

APT Shows Duplicate Redis Sources

Older Redis setups may have used extrepo to enable the same Redis.io repository. Keep only one source for packages.redis.io, especially before switching to the manual DEB822 file. For general extrepo management, use the Debian extrepo repository guide.

grep -R "packages.redis.io" /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/null

If the output shows both an extrepo Redis source and /etc/apt/sources.list.d/redis.sources, remove the extrepo Redis source file and refresh APT metadata:

sudo rm -f /etc/apt/sources.list.d/extrepo_redis.sources
sudo rm -f /var/lib/extrepo/keys/redis.asc
sudo apt update

Update or Remove Redis on Debian

Update Redis Packages

APT updates Redis from whichever package source is enabled. Debian repository installs receive Debian updates, while Redis.io installs receive packages from packages.redis.io.

sudo apt update
apt-cache policy redis-server redis
sudo apt upgrade

Review the proposed APT transaction before accepting it on production systems. Restart Redis during a planned maintenance window if the package update does not restart the service automatically.

Remove Redis Packages

Stop Redis first, then purge the server, client tools, and optional Sentinel package. Use this package set for Redis installed from Debian’s default repository:

sudo systemctl stop redis-server
sudo systemctl disable redis-server
sudo apt purge redis-server redis-tools redis-sentinel
sudo apt autoremove

If Redis was installed from the Redis.io repository, include the redis metapackage in the purge command:

sudo apt purge redis redis-server redis-tools redis-sentinel

Verify that no Redis packages remain installed:

dpkg-query -W -f='${db:Status-Abbrev} ${binary:Package}\n' redis redis-server redis-tools redis-sentinel 2>/dev/null | awk '$1 == "ii"'

No output means those packages are not installed. APT may still show available Redis candidates while Debian repositories or the Redis.io repository remain enabled.

Remove the Redis.io Repository

If you added the manual Redis.io source file, remove the source and keyring, then refresh APT metadata:

sudo rm -f /etc/apt/sources.list.d/redis.sources
sudo rm -f /usr/share/keyrings/redis-archive-keyring.gpg
sudo apt update

If an older extrepo Redis source is still present, remove the extrepo Redis source files as well:

sudo rm -f /etc/apt/sources.list.d/extrepo_redis.sources
sudo rm -f /var/lib/extrepo/keys/redis.asc
sudo apt update

Remove Redis Data and Configuration

Package removal does not always remove local data, logs, or edited configuration files. Print the paths first so you can decide what to keep:

sudo find /etc/redis /var/lib/redis /var/log/redis -maxdepth 0 -print 2>/dev/null

The next command permanently deletes Redis configuration, local datasets, and Redis logs from this server. Export or back up anything you need before running it.

sudo rm -rf /etc/redis /var/lib/redis /var/log/redis

Conclusion

Redis is running on Debian with a verified service, client, package source, and localhost listener. From here, connect it to the application that needs caching or queues, then pair the service with a maintained web stack such as Nginx on Debian and a persistent database such as MariaDB on Debian.