Atlantic.Net Blog

How to Install and Secure Memcached on Ubuntu 18.04

Hitesh Jethva
by Atlantic.Net (9posts) under VPS Hosting
0 Comments

Memcached is a free, high-performance and distributed memory object caching system written in C language. It is used for speeding up dynamic database-driven websites by caching data and objects in RAM. Memcached works by storing the content of the website database table and query in the memory, increasing website performance drastically. You can create and deploy a highly scalable and high-performance website with Memcached. Memcached is now used by many companies including Facebook, Reddit, Wikipedia, Craigslist, Yellowbot, YouTube and more.

In this tutorial, we will explain step-by-step instruction on how to install and secure Memcache on Ubuntu 18.04 VPS.

Prerequisites

  • A fresh Ubuntu 18.04 server VPS on Atlantic.Net Cloud.
  • A root password is set up on your VPS.

Create Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud server.  Create a new server, choosing Ubuntu 18.04 as the operating system, with at least 2GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged in to your Ubuntu 18.04 server, run the following command to update your base system with the latest available packages.

apt-get update -y

Install Apache and PHP

First, you will need to install the Apache web server and PHP to your server. You can install them with the following command:

apt-get install apache2 php php-dev php-pear libapache2-mod-php  -y

Once all the packages are installed, start the Apache web server and enable it to start after system reboot with the following command:

systemctl start apache2
systemctl enable apache2

Install Memcached

By default, Memcached is available in the Ubuntu 18.04 default repository. You can install Memcached with PHP module with the following command:

apt-get install memcached libmemcached-tools php-memcached -y

Once installed, you must restart the Apache service to apply the changes:

systemctl restart apache2

Next, you can check the status of Memcached service with the following command:

systemctl status memcached

You should get the following output:

● memcached.service - memcached daemon
   Loaded: loaded (/lib/systemd/system/memcached.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-08-30 09:30:02 UTC; 41s ago
     Docs: man:memcached(1)
 Main PID: 19088 (memcached)
    Tasks: 10 (limit: 1114)
   CGroup: /system.slice/memcached.service
           └─19088 /usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1 -P /var/run/memcached/memcached.pid

Aug 30 09:30:02 ubuntu1804 systemd[1]: Started memcached daemon.

By default, Memcached is running on port 11211. You can check it with the following command:

netstat -plunt | grep memcached

Output:

tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      19088/memcached

You can also check the current statistics of your Memcached server with the following command:

echo "stats settings" | nc localhost 11211

You should get the following output:

STAT maxbytes 67108864
STAT maxconns 1024
STAT tcpport 11211
STAT udpport 0
STAT inter 127.0.0.1
STAT verbosity 0
STAT oldest 0
STAT evictions on
STAT domain_socket NULL
STAT umask 700
STAT growth_factor 1.25
STAT chunk_size 48
STAT num_threads 4
STAT num_threads_per_udp 4
STAT stat_key_prefix :
STAT detail_enabled no
STAT reqs_per_event 20
STAT cas_enabled yes
STAT tcp_backlog 1024
STAT binding_protocol auto-negotiate

Configure Memcached

The default Memcache configuration file is located at /etc/memcached.conf. Now, open the Memcached config file and set Memcached to listen on localhost(127.0.0.1), with 2GB of memory, and allow a maximum of 1000 connections:

nano /etc/memcached.conf

Make the following changes:

# Run memcached as a daemon. This command is implied, and is not needed for the
-d

# Log memcached's output to /var/log/memcached
logfile /var/log/memcached.log

# memory
-m 2048

# Default connection port is 11211
-p 11211

# Run the daemon as root. The start-memcached will default to running as root if no
# -u command is present in this config file
-u memcache

# Specify which IP address to listen on. The default is to listen on all IP addresses
-l 127.0.0.1

# Limit the number of simultaneous incoming connections. The daemon default is 1024
-c 500

# Use a pidfile
-P /var/run/memcached/memcached.pid

Save and close the file. Then, restart the Memcached service to apply the changes:

systemctl restart memcached

Test Memcached

Memcached is now installed and running. Next, check if Memcache PHP extension is enabled and working properly. To do so, create a info.php file inside Apache root directory:

nano /var/www/html/info.php

Add the following lines:

<?php
phpinfo();
?>

Save and close the file. Then, open your web browser and type the URL http://your-server-ip/info.php. You should get the following page with Memcached enabled:

It is good practice to remove the info.php file after testing to protect your server from hackers.

Rm -rf /var/www/html/info.php

Secure Memcached with SASL

Without any security, Memcached can contribute to denial of service attacks. It is recommended to secure Memcached with SASL support and user authentication.

First, check the Memcached connection without any security by running the following command:

memcstat --servers="127.0.0.1"

Output:

Server: 127.0.0.1 (11211)
             pid: 16805
             uptime: 764
             time: 1566107468
             version: 1.5.6
             libevent: 2.1.8-stable

Next, open Memcached configuration file and enable SASL support  and verbose logging with the following command:

nano /etc/memcached.conf

Add the following line at the end of the file:

-S
-vv

Save and close the file. Then, restart the Memcached service:

systemctl restart memcached

Next, check the Memcached log to check whether SASL support has been enabled or not:

journalctl -u memcached

You should see the following output with SASL support:

Aug 18 05:52:37 hitesh30 09:47:14 ubuntu1804 systemd-memcached-wrapper[19941]: Initialized SASL.

Next, check the Memcached connectivity again with the following command:

memcstat --servers="127.0.0.1"

You should not get any output; that means SASL support has been enabled in Memcached.

Next, you will need to add an authenticated user for Memcached.

To do so, first install SASL package with the following command:

apt-get install sasl2-bin -y

Once installed, create a directory and file for SASL configuration:

mkdir /etc/sasl2
nano /etc/sasl2/memcached.conf

Add the following lines:

mech_list: plain
log_level: 5
sasldb_path: /etc/sasl2/memcached-sasldb2

Save and close the file. Then, create a SASL database with user named memcacheadmin with the following command:

saslpasswd2 -a memcached -c -f /etc/sasl2/memcached-sasldb2 user1

You will be prompted to enter password:

Password:
Again (for verification):

Next, change the ownership of the SASL database:

chown memcache:memcache /etc/sasl2/memcached-sasldb2

Finally, restart Memcached service to apply the configuration changes:

systemctl restart memcached

Next, check the Memcached connectivity again with our authentication credentials:

memcstat --servers="127.0.0.1" --username=user1 [email protected]

You should get the following output:

Server: 127.0.0.1 (11211)
             pid: 18776
             uptime: 30
             time: 1566107912
             version: 1.5.6 Ubuntu
             libevent: 2.1.8-stable

That means Memcached is now secured with SASL support and user authentication.

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.