The Chat API server is a custom server - and is not supported by Cisco.
It uses custom code to check the status of a chat page and to confirm if it is open, closed or busy.
It does this via the

• CCE Business Hour AP
  • checks if the chat should be opened based on date / time (Business Hour can be forced closed)
• ECE Capacity and ECE Live Session API
  • Checks if the chat should be displayed busy based on queue depth, Wait time or agent availability.

The core components are:

• Apache Web Server
• PHP
• Redis - for caching (for X seconds) the API responses

Reference: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/setting-apache-http-server_deploying-different-types-of-servers

• Check what packages are currently installed.

  • yum list --installed | more

  • Install Apache -

    sudo yum install httpd

  • Enable for Auto startup

    sudo systemctl enable httpd

  • Open Firewall on port 80

    sudo firewall-cmd --permanent --add-port=80/tcp

  • Reload Firewall

    sudo firewall-cmd --reload

  • Start Apache Service

    sudo systemctl start httpd

  • Check Apache Service is in service

    sudo systemctl status httpd

  • Browse to the server (port 80) - http://yourservername.mydomain.com

• Root Folder is located here: /var/www/html/
  • Make sure any directories you create have r and x permissions for all.
  • Make sure any web files you create have read permissions for all

Reference1: https://www.redhat.com/sysadmin/webserver-use-https
Reference2: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-httpd-secure-server

Redhat 8 Security guide - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/securing-services_security-hardening#securing-apache-http-servers_securing-http-servers

The mod_ssl configuration file is located at /etc/httpd/conf.d/ssl.conf. For this file to be loaded, and hence for mod_ssl to work, you must have the statement Include conf.d/*.conf in the /etc/httpd/conf/httpd.conf file. This statement is included by default in the default Apache HTTP Server configuration file.

• Install the SSL for httpd -

  sudo yum install httpd mod_ssl

• Restart apache -

  sudo systemctl restart httpd

The SSL module install will have created it own SSL Cert with just the hostname and not the FQDN.
So you will need to create your CSR (and if you want a temp Self Signed Cert). The SSL Conf - ssl.conf file is located in /etc/httpd/conf.d/ directory You must also open the Firewall on port 443 and then reload the Firewall - as per below commands:

sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all

This step can usually be skipped , i.e. it is not needed - as per above the SSL Module auto creates a temp cert - although it does not match the FQDN - just the hostname.

sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/httpd-tmp.key -x509 -days 30 -out /etc/pki/tls/certs/httpd-tmp.crt

Enter the details of your Self Signed Cert - making sure to include the FQDN when asked. Then update the ssl.conf file to utilise this certificate and restart the apache server.

File: /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/httpd-tmp.crt
SSLCertificateKeyFile /etc/pki/tls/private/httpd-tmp.key

• The Private Key should only be RW by the owner.
• The cert should be be RW for owner and R for Group and Others (chmod 644 httpd_20250115.crt)

Below command saves the CSR file to the /home/user1/ directory. the Below also adds two SAN records - update as required (making one the same as the CN which you will fill in when prompted).

sudo openssl req -newkey rsa:2048 -addext "subjectAltName = DNS:myhomename.dmz.example.com, DNS:webchat.example.com" -nodes -keyout /etc/pki/tls/private/httpd.key -out /home/user1/httpd.csr

Copy the imported signed cert as /etc/pki/tls/certs/httpd.crt

Update the ssl.conf configuration file to utilise the certificate key and cert as per below.
Restart the apache server.

SSLCertificateFile /etc/pki/tls/certs/httpd.crt
SSLCertificateKeyFile /etc/pki/tls/private/httpd.key

The Trusted Store like already contains the customers CAs - so likely this step won't be needed.
Copy CA certs to the /etc/pki/ca-trust/source/anchors/ sub directory, and run the command:

sudo update-ca-trust

• install redis -

  sudo yum install redis

• Enable auto startup -

  sudo systemctl enable redis

• Start Redis -

  sudo systemctl start redis

• Check Statis -

  sudo systemctl status redis

Enable PHP 7.4 module instead of the default PHP 7.2 module - (7.2 is the default with RHE 8)

• sudo yum module reset php

• sudo yum -y module enable php:7.4

• Install PHP

  sudo yum install php

The core PHP install also by default installed the following modules (some output removed):

Installing:
 php                              x86_64                 7.4
Installing dependencies:
 nginx-filesystem                 noarch                 1:1
 oniguruma                        x86_64                 6.8
 php-common                       x86_64                 7.4
Installing weak dependencies:
 php-cli                          x86_64                 7.4
 php-fpm                          x86_64                 7.4
 php-json                         x86_64                 7.4
 php-mbstring                     x86_64                 7.4
 php-opcache                      x86_64                 7.4
 php-pdo                          x86_64                 7.4
 php-xml                          x86_64                 7.4

Hence you should not need to install Curl (Common), XML or JSON modules.

• Install PHP Curl Module

  sudo yum install php-curl

• Install PHP XML Module

  sudo yum install php-xml

• Install PHP JSON Module

  sudo yum install php-json

But you will need to install the Redis modules:

• Install PHP REDIS Module

  sudo yum install php-redis

However this module was NOT available in the repository…. so an alternative approach is to download and install the module manually using the pecl command line:

• Install PHP Pear -

  sudo yum install php-pear

• pecl also requires the php-devel module - to be able to compile and install the extension - so we also need to install this:

  • sudo yum install php-devel

• Download the redis php extension from pecl (PHP Extension Community Library - https://pecl.php.net/package/redis
• Copy the extension to the machine (e.g. redis-5.3.7.tgz in this example) and then run the pecl install command as follows:

  • sudo pecl install -O redis-5.3.7.tgz

However this pecl command didn't work - because of the following error:

shtool at '/var/tmp/redis/build/shtool' does not exist or is not executable.
Make sure that the file exists and is executable and then rerun this script.

No exec privileges was confirmed with the following command:

[myuser@servername ~]$ mount -l | grep "/var/tmp"
/dev/mapper/vgsystem-lvtmp on /var/tmp type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota)

To enable exec privileges run the following:

sudo mount -o remount,exec /var/tmp/

Then rerun the above command again.

sudo pecl install -O redis-5.3.7.tgz

When running the pecl command - it also failed - as make was not installed - so install this using

sudo yum install make

Following by

sudo pecl install -O redis-5.3.7.tgz

, which now installs successfully!

...
Build process completed successfully
Installing '/usr/lib64/php/modules/redis.so'
install ok: channel://pecl.php.net/redis-5.3.7
configuration option "php_ini" is not set to php.ini location
You should add "extension=redis.so" to php.ini

Now revert back exec privileges -

sudo mount -o remount,noexec /var/tmp/

and edit the php file and restart php.

However - do NOT configure the extension via the php.ini as per above, since php also checks the following directory after the ini file. /etc/php.d and json must be enabled BEFORE redis.

So create a new file (chmod a+r) with a higher number than the json file, e.g.

sudo vi /etc/php.d/30-redis.ini

- with the below as an example on how the file should look like.

; Enable redis extension module
extension=redis

Also edit each of the other extensions in this folder and disable them if not required.

The JSON extension should already be enabled in the file

20-json.ini

After editing the file - make sure it readable by all as per the other ini files using the following command.

sudo chmod a+r 30-redis.ini

Restart PHP

sudo systemctl restart php-fpm

By default SELinux does not allow Apache to make socket connections. To enable socket connections - use the following command:

sudo /usr/sbin/setsebool -P httpd_can_network_connect=1

For More information can be found here and here.

When using setsebool with the -P to make the boolean change persistent, this updates the policy
Use

sudo semanage boolean -l

to inspect the boolean

Instead of enabling Apache to make socket connects to any network - this can be restricted just to REDIS

Reference: https://blog.ijun.org/2014/11/selinux-allow-httpd-to-connect-to.html Add Redis port (6379) to SELinux policy: However do NOT use below - adding to “http” - this didn't work on one implementation (Redhat 9) - instead add to “redis_port_t” - as per the alternative option below

# semanage port -a -t http_port_t -p tcp 6379
# semanage port -l | egrep '(^http_port_t|6379)'
http_port_t tcp 6379, 80, 81, 443, 488, 8008, 8009, 8443, 9000

Instead of adding 6379 to http_port_t - use redis_port_t

semanage port -a -t redis_port_t -p tcp 6379

However below doesn't work for me - as this isn't defined in the RHE9 ?

setsebool -P httpd_can_network_redis 1

• Confirm no warnings or errors on php by using the following

  php -v

• PHP-specific configuration for httpd -

  /etc/httpd/conf.d/php.conf

• All info on PHP install -

  php -i

• Location of php.ini file

  php -i | grep "Loaded Configuration File"

• If you make changes to the php.ini file - you need to restart php-fpm (note - no need to restart apache) -

  sudo systemctl restart php-fpm

The firewall-cmd –list-all command shows you all the UDP/TCP ports opened - in below example - you can see only port 80 has been opened.

#sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ssh
  ports: 80/tcp
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

• Check out what Modules are installed

  httpd -M

• Backup the RPM Database

• mkdir /var/lib/rpm/backup
  cp -a /var/lib/rpm/__db* /var/lib/rpm/backup/

• rebuild the RPM database

• sudo rpmdb --rebuilddb

Reference: https://rpm.org/user_doc/db_recovery.html
Reference: https://sysadminote.com/how-to-fix-thread-died-in-berkeley-db-library/

• View Log files written

  • sudo ls -al /var/log/httpd/

  • open access logs

    sudo more /var/log/httpd/access_log

  • open error logs

    sudo more /var/log/httpd/error_log

  • open SSL access logs

    sudo more /var/log/httpd/ssl_access_log

  • open SSL error logs

    sudo more /var/log/httpd/ssl_error_log

• Example - view a section of the SSL access logs files and filter for a specific time and only include lines which include chatstatus

  •  sudo cat /var/log/httpd/ssl_access_log | grep '19/Mar/2024:12:2' | grep 'chatstatus'

  • Example Output from above:

    • 10.123.123.123 - - [19/Mar/2024:12:20:19 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:20:49 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:21:19 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:21:49 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:22:20 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:22:50 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:23:20 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:23:50 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 584
      10.123.123.123 - - [19/Mar/2024:12:24:25 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 584
      10.123.123.123 - - [19/Mar/2024:12:25:00 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:25:30 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:26:01 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:26:32 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:27:03 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:27:34 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:28:05 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:28:36 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:29:07 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740
      10.123.123.123 - - [19/Mar/2024:12:29:38 +0000] "GET /api/chatstatus.php?businessHoursId=5002&chatEntryId=1004 HTTP/1.1" 200 740

sudo ls -al /var/log/php-fpm/

sudo more /var/log/php-fpm/www-error.log

It is possible to set CORs up globally on the web server using the below config (the below is configured in the /etc/httpd/conf.d/ssl.conf configuration file.
However a more flexible and better approach is to use the .htaccess files to set this - as per the example .htaccess file below.

<VirtualHost _default_:443>
Header set Access-Control-Allow-Origin "*"
#(Lots of other settings)
</VirtualHost>

.htaccess files are very useful to be able to set certain configuration. e.g.

• allow / block access to certain file types
• configure caching
• etc.

To enable .htacess files edit the httpd configuration file - /etc/httpd/conf/httpd.conf In the default document root section:

 <Directory "/data/sites/web/79pid-2tb-hostingcom/html">

Change the AllowedOverride None to AllowedOverride All

Default Example:

<Directory "/data/sites/web/79pid-2tb-hostingcom/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

Updated Config Example:

<Directory "/data/sites/web/79pid-2tb-hostingcom/html">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

Then restart Apache -

sudo systemctl restart httpd

• Disable indexing
• Enable CORS
• Expire all files immediately (disable caching).

Options -Indexes
Header set Access-Control-Allow-Origin "*"
ExpiresActive On
ExpiresDefault now

• Disable indexing
• Expire all JS files after 4 hours

Options -Indexes
ExpiresActive On
#Expiry After 4 hours: 4 x 3600 = 14400
ExpiresByType application/javascript A14400

If you don't want to enable COR * for - you can set to specific domains as per https://stackoverflow.com/questions/14467673/enable-cors-in-htaccess

Example - below allows both HTTP and HTTPS - but best to remove the option for HTTP unless for testing)

Options -Indexes
ExpiresActive On
ExpiresDefault now
<ifModule mod_headers.c>
   SetEnvIf Origin "http(s)?://(.+\.)?(orourke\.tv|purplepi\.ie)$" AccessControlAllowOrigin=$0
   Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
</ifModule>

The Apache / httpd modules are configured in the /etc/httpd/conf.modules.d directory.
By commenting (#) out or moving the relevant configuration files to a alternative directory (and restarting httpd), these modules will not be loaded - not loading unnecessary modules can improve performance and security.

For example: to disable the lua module - e.g. update the configuration file as per below: 00-lua.conf

#LoadModule lua_module modules/mod_lua.so

or alternatively move (or delete) the 00-lua.conf out of the conf.modules.d directory.

00-dav.conf
00-lua.conf
00-optional.conf
01-cgi.conf

# This file configures all the proxy modules:
LoadModule proxy_module modules/mod_proxy.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

Reference: https://www.tecmint.com/install-php-8-on-centos/

The default Redhat / Fedora Repositories do not have the latest version of PHP.
At the time of writing (July'22) the latest version of PHP available via EPEL Package was 8.0.13

https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

To obtain the latest versions of PHP use the REMI repository. https://rpms.remirepo.net/enterprise/8/

The REMI Repository provides the latest versions of the PHP stack, full featured, and some other software, to the Fedora and Enterprise Linux (RHEL, CentOS, Oracle, Scientific Linux, …) users.

The commands to config and upgrade PHP are as follows:

yum install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
yum module list php
yum module reset php
yum module enable php:remi-8.0
yum install php

# Running below will show that PHP is unable to load dyanmic library 'redis' which includes the following error:
# (/usr/lib64/php/modules/redis.so: undefined symbol: _call_user_function_ex)) in Unknown on line 0
php-fpm -t

# Uninstalls Redis PHP module - but leaves extension=redis.so in the php.ini file
sudo pecl uninstall redis

# Error now changes to unable to load dyanmic libryary 'redis' and while canot open / no such file errors continue it no longer has the undefined symbol error
php-fpm -t


# Enable Mount  privileges
sudo mount -o remount,exec /var/tmp/

# This install should now work
pecl install -O redis-5.3.7.tgz

#Reverse privileges
sudo mount -o remount,noexec /var/tmp/

# Should not run without error!
php-fpm -t

sudo systemctl restart php-fpm

First Check the ssl error file.

sudo more /etc/httpd/logs/ssl_error_log

Example Permissions error: Permission denied (fopen('/etc/pki/tls/certs/httpd.crt','r'))

[Wed Mar 29 09:05:38.687190 2023] [ssl:emerg] [pid 3314624:tid 139686636809664] AH02562: Failed to configure certificate myserver.mydomain.com:443:0 (with chain), check /etc/pki/tls/certs/httpd.crt
[Wed Mar 29 09:05:38.687208 2023] [ssl:emerg] [pid 3314624:tid 139686636809664] SSL Library Error: error:0200100D:system library:fopen:Permission denied (fopen('/etc/pki/tls/certs/httpd.crt','r'))
[Wed Mar 29 09:05:38.687216 2023] [ssl:emerg] [pid 3314624:tid 139686636809664] SSL Library Error: error:20074002:BIO routines:file_ctrl:system lib
[Wed Mar 29 09:05:38.687230 2023] [ssl:emerg] [pid 3314624:tid 139686636809664] SSL Library Error: error:140DC002:SSL routines:use_certificate_chain_file:system lib

If your chmod and chown is all correct on the file, this is probably because you copied a file into a folder - maybe home folder (say) - then mv'd the file into position for NGINX. SeLinux remembers the original file creation location and applies the rights wherever the file is mv'd to - to reset the SeLinux permissions to the current location/file permissions use Reference: https://stackoverflow.com/questions/37994513/nginx-ssl-certificate-permission-ssl-error-0200100dsystem

In our case - the httpd.crt file should have read access at user and group level only and the user:group is root:root

Run the below command to fix

sudo restorecon httpd.crt

Example Error:
[Wed Mar 29 09:09:49.039827 2023] [ssl:emerg] [pid 3315423:tid 140186014223808] AH02562: Failed to configure certificate muserver.mydomain.com:443:0 (with chain), check /etc/pki/tls/certs/httpd.crt
[Wed Mar 29 09:09:49.039848 2023] [ssl:emerg] [pid 3315423:tid 140186014223808] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Wed Mar 29 09:09:49.039857 2023] [ssl:emerg] [pid 3315423:tid 140186014223808] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib

To fix this - have the certificate in PEM (Base64 encoded (ascii)) format PKCS #8

Can redis start from the command line?

/usr/bin/redis-server /etc/redis/redis.conf

Check Logs

more /var/log/redis/redis.log

Example of successfully starting from command line:

2189460:C 30 Oct 2024 17:23:23.802 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
2189460:C 30 Oct 2024 17:23:23.802 # Redis version=6.2.7, bits=64, commit=00000000, modified=0, pid=2189460, just started
2189460:C 30 Oct 2024 17:23:23.802 # Configuration loaded
2189460:M 30 Oct 2024 17:23:23.803 * Increased maximum number of open files to 10032 (it was originally set to 1024).
2189460:M 30 Oct 2024 17:23:23.803 * monotonic clock: POSIX clock_gettime
2189460:M 30 Oct 2024 17:23:23.803 # A key '__redis__compare_helper' was added to Lua globals which is not on the globals allow list nor listed on the deny list.
2189460:M 30 Oct 2024 17:23:23.803 * Running mode=standalone, port=6379.
2189460:M 30 Oct 2024 17:23:23.803 # Server initialized
2189460:M 30 Oct 2024 17:23:23.803 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' t
o /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
2189460:M 30 Oct 2024 17:23:23.804 * Loading RDB produced by version 6.2.7
2189460:M 30 Oct 2024 17:23:23.804 * RDB age 16829 seconds
2189460:M 30 Oct 2024 17:23:23.804 * RDB memory usage when created 0.78 Mb
2189460:M 30 Oct 2024 17:23:23.804 # Done loading RDB, keys loaded: 0, keys expired: 3.
2189460:M 30 Oct 2024 17:23:23.804 * DB loaded from disk: 0.000 seconds
2189460:M 30 Oct 2024 17:23:23.804 * Ready to accept connections

Example of failing to start due to selinux - TCP port bind been denied. This was corrected by running the command: semanage port -a -t redis_port_t -p tcp 6379
Note - I also had to delete (-d) the port - which had been added to http_port_t

2119480:C 30 Oct 2024 12:19:54.413 * Supervised by systemd. Please make sure you set appropriate values for TimeoutStartSec and TimeoutStopSec in your service unit.
2119480:C 30 Oct 2024 12:19:54.413 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
2119480:C 30 Oct 2024 12:19:54.413 # Redis version=6.2.7, bits=64, commit=00000000, modified=0, pid=2119480, just started
2119480:C 30 Oct 2024 12:19:54.413 # Configuration loaded
2119480:M 30 Oct 2024 12:19:54.414 * monotonic clock: POSIX clock_gettime
2119480:M 30 Oct 2024 12:19:54.414 # Warning: Could not create server TCP listening socket 127.0.0.1:6379: bind: Permission denied
2119480:M 30 Oct 2024 12:19:54.414 # Failed listening on port 6379 (TCP), aborting.

systemctl start redis

Example of failing to start from SystemCTL due to DB permissions. In my case - this was caused because I had started it from the command line as root - and the DB file was therefore created by root. This could be fixed by deleting the file /var/liv/redis/dump.rdb or changing its chmod from root:root → redis:redis Also note - this file seems created when redis is shutdown - to store the in memory DB to file. And then it reads it when started back up - which in the below case - it didn't have access to do so!

2189630:C 30 Oct 2024 17:26:39.582 * Supervised by systemd. Please make sure you set appropriate values for TimeoutStartSec and TimeoutStopSec in your service unit.
2189630:C 30 Oct 2024 17:26:39.582 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
2189630:C 30 Oct 2024 17:26:39.582 # Redis version=6.2.7, bits=64, commit=00000000, modified=0, pid=2189630, just started
2189630:C 30 Oct 2024 17:26:39.582 # Configuration loaded
2189630:M 30 Oct 2024 17:26:39.582 * monotonic clock: POSIX clock_gettime
2189630:M 30 Oct 2024 17:26:39.582 # A key '__redis__compare_helper' was added to Lua globals which is not on the globals allow list nor listed on the deny list.
2189630:M 30 Oct 2024 17:26:39.582 * Running mode=standalone, port=6379.
2189630:M 30 Oct 2024 17:26:39.582 # Server initialized
2189630:M 30 Oct 2024 17:26:39.582 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' t
o /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
2189630:M 30 Oct 2024 17:26:39.583 # Fatal error loading the DB: Permission denied. Exiting.