How to Install and Configure Memcached on Ubuntu
Memcached is a freely available memory-caching system designed to optimize web applications by utilizing memory storage efficiently. By default, it is available on the latest Ubuntu repositories, so, it can easily be installed on Ubuntu using the Advanced Package Tools or APT.
In this tutorial, I will walk you through the process of installing and setting up Memcached on an Ubuntu server with detailed step-by-step instructions. By following this guide, you will be able to install Memcached on your Ubuntu server and configure it to work with your website or application.
- Installation Steps for Memcached on Ubuntu
- Configuring Memcached on Ubuntu
- Integrating Memcached with PHP on Ubuntu
- Integrating Memcached with Python on Ubuntu
- Conclusion
Installation Steps for Memcached on Ubuntu
To get Memcached on the Ubuntu server, go through the following steps:
1. First update the local packages database.
sudo apt update
2. Install the Memcached package on your Ubuntu server by executing the following command in the terminal.
sudo apt install memcached
3. To manage the Memcached on Ubuntu, install the libmemcached tools.
sudo apt install libmemcached-tools
The libmemcached is a C/C++ library essentially used to interact with Memcached servers. It also comes with tools to manage Memcached servers such as memcat, memflush, memrm, memstat, and memslap.
4. Now, verify whether Memcached has been installed on Ubuntu; use the systemctl command with the status option.
systemctl status memcached
By default, the Memcached service starts upon installing it.
Configuring Memcached on Ubuntu
To configure Memcached, the /etc/memcached.conf file is modified that contain all the configuration settings. By default, it is configured to the local IPv4 loopback interface using TCP connections. To minimize the risk of external attacks on the server or unattended access from external sources, the Memcached only listens to the local IPv4 loopback (127.0.0.1) interface through port 11211. It means that Memcached only listens to the server on which it is running, hence adding a layer of security to isolate it from external networks.
To verify whether Memcached is bound to the local loopback interface and using TCP connections, use the ss command which stands for get Socket Statistics.
ss -lt
The ss command is essentially used to investigate the sockets; in the above command, -l is used to display only listening sockets, and -t to display TCP sockets.
To get more out of this command, other flags that can be added to get more elaborated output are listed below:
| -p | –processes | To display the processes that are using a socket |
|---|---|---|
| -u | –udp | To display the UDP sockets |
| -n | –numeric | To display the output in numeric form |
| -a | –all | To display all sockets (listening & non-listening) |
| -e | –extended | To display the extended socket information |
| -m | –memory | To display the memory usage of the sockets |
Configuring Memcached for IPv6
To configure Memcached for IPv6, open the Memcached configuration file using Nano or any editor you prefer.
sudo nano /etc/memcached.conf
Find the line -l 127.0.0.1 and add -l ::1 underneath it.
Here, the -l ::1 indicates the IPv6 loopback address, it can also be written as 0.0.0.0.0.0.1. After making the desired modifications to the file, be sure to save your changes and then exit the text editor.
To apply these modifications, reload the Memcached service.
sudo systemctl restart memcached
To confirm, use the ss -lt command.
Note that if you want to configure the Memcached for only IPv6 then remove -l 127.0.0.1 from the file and restart it.
Configuring Memcached Memory
The default memory of Memcached is 64MB, however it can be changed by modifying the configuration file. For example, to increase the 64MB memory to 128MB, open the /etc/memcached.conf file and find -m 64 and modify it to -m 128.
After saving the configuration file with your modifications, proceed to apply the changes by restarting the Memcached service.
Configuring Memcached for UDP
To configure the Memcached for UDP sockets, open the configuration file /etc/memcached.conf and add -U 11211 at the bottom of the file.
Save your changes and close the file, then restart the Memcached service to ensure that your modifications take effect.
To verify, use the ss -ltu command, where -U is used to display the UDP sockets.
Note that, to disable the TCP or UDP sockets simply set the port against the -p and -U flags to 0. For example, to disable TCP sockets, set -p 0 in the configuration.
Configuring Memcached for Verbose Output
To get detailed output to the log we need to enable verbose in the Memcached configuration file. Open the file find -v and -vv, and uncomment them.
After making these changes, quit the file and use the systemctl restart command to reload the Memcached service.
Note: The verbose out can reveal sensitive information, so try to use it only when it is necessary.
Configuring Memcached to Enhance its Security
The Memcached is secured as long as it is used on a local server, but if you want to make it accessible to other clients, its security needs to be increased. To improve security, a framework known as Simple Authentication and Security Layer (SASL) is employed to provide additional layers of protection and authentication. In essential SASL allows client authentication before it can access the server. Moreover, it also allows you to control user-based authentication.
To enable SASL support on the server, the SASL framework must be installed and configured.
sudo apt install sasl2-bin
To configure the SASL on the server, first create a SASL directory in the /etc.
sudo mkdir -p /etc/sasl2
Any name can be given to the directory.
Next, create a configuration file using any name, I am giving it memcached.conf.
sudo nano /etc/sasl2/memcached.conf
The file will be opened in the nano editor, add the following lines in the file.
log_level: 5 mech_list: plain sasldb_path: /etc/sasl2/memcached-sasldb2
Here, the log_level parameter takes a numeric value which indicates the logging security, the higher the level the more detailed information will be logged. The mach_list indicates the list of whitespace-separated authentication mechanisms which is set to plain in this case. This means that any client connected with the server will use the PLAIN mechanism which sends credentials in plain text. The sasldb_path parameter indicates the path of the SASL database file.
Following that, the next step involves creating a new user entry within the SASL database to establish user credentials and permissions
For that, the saslpasswd2 command will be used.
sudo saslpasswd2 -a memcached -c -f /etc/memcached-sasldb2 <USERNAME>
Here, the saslpasswd2 command is used to manage the SASL passwords, the -c flag is used to set a new password, -f /etc/memcached-sasldb2 indicates the database file to store the password. The -a indicates the app name which is memcached. The <USERNAME> parameter is used to set the user’s name that needs to be added for Memcached access.
Note: You may get an error saying unexpected file type or format while adding a user and setting a password. To fix this, give ownership permission of the sasldb2 file to the user who is modifying it or root using sudo chown root /etc/memcached-sasldb2.
Now, give the ownership permission to the Memcached database file to the memcache user and group.
sudo chown memcached:memcached /etc/sasl2/memcached-sasldb2
Now, the SASL configuration is done for the external users.
Finally, to enable SASL for Memecahed, open its configuration file (/etc/memcached.conf) and add -S at the bottom of the file.
The -S is used to start SASL authentication.
Reload the Memcached service after making the changes in the configuration file using the systemctl restart.
To verify whether the SASL is initialized or not use the journalctl command.
sudo journalctl -u sam | grep sasl
Now, using memcstat –server will not produce any output because a password has been set for it. To verify, use the following command.
memcstat --servers="127.0.0.1" --username="sam" --password=demo-password
Configuring Memcached for Private Networks
To allow the Memcached server to be accessed over a private network, first, we need to make changes to the security system. By default, the UFW firewall blocks all incoming traffic, so to allow the server to access incoming traffic we need to add rules.
First of all, get the IP address of the server to which you want to give access to the Memcached server. To add the rule to the firewall, use the following command:
sudo ufw allow from CLIENT_IP_ADDRESS/32 to any port 11211
In the above command, CLIENT_IP_ADDRESS will be replaced with the client IP address, where 32 is a subnet mask that indicates the single IP address, not a range, which means only the specified IP address is allowed. In the same manner, you can add as many clients as you want.
In the next step, we have to replace the loopback IP address in the Memcached configuration file with the private network IP address.
Find your private network IP address using the ifconfig command.
Now, open the configuration file using nano /etc/memcached.conf, and replace the -l 127.0.0.1 with -l 192.168.18.80.
Save the file and then restart the Memcached service using systemctl.
Now, your Memcached server will be available for access to the added client-server over the private network.
Integrating Memcached with PHP on Ubuntu
To install Memcached for PHP on Ubuntu use the following command:
sudo apt install php-memcached
How do I know if the PHP Memcached extension is enabled or not? First, verify that the Apache server and PHP are installed and actively running on your system to ensure seamless integration with Memcached. Then, create a PHP file in /var/www/html/ directory with any name; I have given it mem_info.php.
sudo nano /var/www/html/mem_info.php
Add the following lines in the file; save and quit the editor.
<?php phpinfo();
Now, open the web browser and type localhost/mem_info.php in the URL bar. A web page will open showing details of the Memcached information.
If you encounter difficulties obtaining the information mentioned above, attempt to resolve the issue by restarting the Apache server.
Integrating Memcached with Python on Ubuntu
To install the Memcached extension for Python on Ubuntu; use the following command.
sudo apt install python3-memcache
Now, you can import the Memcached library to your Python project using import memcache.
Other Memcached libraries are also available for Python; use PIP to install them.
pip install pymemcache pip install python-memcached
To verify whether the Memcached is working for Python or not, create a Python script:
sudo nano mem_info.py
Now, use the following script file:
import memcache
mc_client = memcache.Client(['127.0.0.1:11211'])
mc_client.set('key','Hello Sam')
get_info = mc_client.get('key')
print(get_info)
Now, run the script using:
python3 mem_info.py
It will give the desired output if everything is ok.
Conclusion
Memcached is a free caching system to enhance the server performance. To install it on the Ubuntu server use apt install memcached. By default, it is set for the IPv4 loopback interface. However, if you need to set the server for IPv6, or external access the Memcached configuration file needs to be modified; it can be accessed from /etc/memcached.conf. Moreover, to add more users to the Memcached server, its security needs to be increased using SASL.
