What is Redis?
Redis is an open-source, high performance memory object caching system. A simple (and effective) key/value store accessible, efficiently, over the network.
How Can Redis Be Useful for ProFTPD?
Like any high-performance object store, Redis offers several possibilities to a server like ProFTPD. Many sites use Redis for caching; it can also be used as an efficient shared storage mechanism, for sharing data among many different servers. And for ProFTPD specifically, the shared storage aspect is what is most useful. Things like SSL/TLS sessions can be cached and shared across a cluster of
proftpd servers, as can ban lists for
Enabling Redis Support for ProFTPD
OK, so you are interested enough in the possibilities that Redis offers that you want to try it out. Excellent! To do this, you will first need to make sure to build your
proftpd executable using the
--enable-redis configure option. The
configure option automatically adds the
mod_redis module to
mod_redis module uses the
hiredis library for talking to Redis servers. If your
hiredis library is installed in a non-standard location, you may
need to tell the ProFTPD build system where to find the
header files and libraries using the
--with-libraries configure options.
There are other modules which make use of Redis support when available, such as
Thus to take advantage of modules like this, putting everything together, your
configure command might look like this:
$ ./configure --enable-redis \ --with-modules=...:mod_tls_redis:... \ --with-includes=/path/to/hiredis/include \ --with-libraries=/path/to/hiredis/lib
Now that you have compiled
proftpd with the
module, you need to add the necessary
mod_redis directives to
proftpd.conf. The following example demonstrates this:
<IfModule mod_redis.c> # Enable mod_redis RedisEngine on # Tell mod_redis where to log its messages RedisLog /path/to/proftpd/redis.log # Tell mod_redis where to find the Redis server RedisServer 192.168.0.10:6379 </IfModule>If you wish to see more detailed logging, at least while you are setting up your Redis servers for ProFTPD, you can enable trace logging for the
redistrace channel using e.g.:
TraceLog /path/to/proftpd/trace.log Trace DEFAULT:10 redis:20
Using Redis for Shared Storage
You have now compiled support for Redis into ProFTPD, and you have told the
mod_redis module where to find your Redis servers. Is that all
you need to do? No. Now you need to tell
proftpd modules which
bits of data to store in your Redis server.
Currently, only two modules can take advantage of Redis support:
First, let us examine
mod_ban and how it would use Redis. The
mod_ban module manages ban lists, lists of clients/users which
have been banned for various reasons. These lists are stored in shared memory
by default; this works for a single
proftpd server, but if a badly
behaved client is banned by one
proftpd server in pool of servers,
that client can then connect to a different server which might not have a ban
for that client -- and the client then gets another chance to be naughty. To
mod_ban so that it stores its ban lists in Redis,
simply use the following in your
<IfModule mod_ban.c> BanEngine on # ...other mod_ban directives... # Tell mod_ban to store its ban lists using Redis BanCache redis </IfModule>With this,
mod_banwill use Redis (as well as shared memory) for reading/writing its ban lists. And this, in turn, means that other
mod_banmodules can see those bans, and reject the badly behaved clients across the pool/cluster.
mod_tls_redis module uses Redis servers for storing SSL/TLS
sessions; SSL/TLS session caching can greatly improve SSL/TLS session handshake
times, particularly for data transfers using SSL/TLS. If you have a pool of
proftpd servers, and you have FTPS clients which may connect to a
different node every time, caching the SSL/TLS session data in a shared storage
mechanism like Redis can be quite beneficial.
To use Redis for SSL/TLS session caching, then, you use the
TLSSessionCache directive of the
mod_tls module, using something like this
<IfModule mod_tls.c> TLSEngine on # ...other mod_tls directives... <IfModule mod_tls_redis.c> # Tell mod_tls to cache sessions using Redis TLSSessionCache redis: </IfModule> </IfModule>That's it. The
mod_tlsmodule now knows to give the SSL/TLS session data to
mod_tls_redisknows how to talk to the Redis server using
Frequently Asked Questions
Question: If I don't use Redis, are there other ways for sharing data (such as ban lists) among different
Answer: It might be possible using
SQLLogInfo directives, but that would only work for very
specific information. For sharing things like ban lists and SSL/TLS sessions
across a cluster of
proftpd servers, Redis (or
Memcache) support is recommended.
Question: Can I use
mod_redis to cache
frequently accessed files, similar to
Answer: No. And in reality, caching of files like that will probably not give you the same performance gain for FTP transfers as it can for HTTP transfers.
Why not? Many HTTP transfers are for dynamically generated pages; the cost of generating each page is expensive, and the generated content may not change that frequently (relative to the rate of requests). FTP transfers, by contrast, are for static files; FTP servers do not (usually) dynamically generate the bytes of the files being downloaded. The cost of reading files from disk is probably less than reading files from Redis, over the network, even a LAN.
Now the above may not be true in all cases -- there may be FTP servers serving files from network-mounted filesystems (e.g. NFS, CIFS et al). And for these very specific cases, having a cache of frequently access files on closer storage such as local disk (or Redis) could make a big difference; please contact the ProFTPD Project if you find yourself in this situation, and we will see what can be done to help.
Question: Why do I see the following error when
proftpd starts up?
mod_tls_redis/0.1: notice: unable to register 'redis' SSL session cache: Redis support not enabledAnswer: This message means that your
mod_tls_redisbuilt and loaded, but your
proftpdserver was not built with Redis support (i.e. the
--enable-redisconfigure option was not used when compiling
The above is not a fatal or worrisome error; it is merely pointing out that some of your modules want to use a feature that was not enabled.