Install and Secure Memcached with SASL on Ubuntu 20.04

Memcached is a free, distributed memory caching system that stores frequently accessed data and objects—such as database queries, API responses, session information, or computation results—in RAM. By reducing repetitive operations like database lookups, it helps improve application performance and lower server load.

This guide explains how to install Memcached on Ubuntu 20.04 and configure it to use SASL (Simple Authentication and Security Layer) for secure client connections.

Prerequisites

• An Ubuntu 20.04 server
• SSH access as a non-root user with sudo privileges
• Ensure the server is updated

Install Memcached

Memcached is available in Ubuntu 20.04’s default package repositories and can be installed using APT. You can also compile a specific version from source if needed. The following steps describe installing Memcached and enabling it to run automatically on your server.

Update the package index

$ sudo apt update

Install Memcached and required tools

$ sudo apt install memcached libmemcached-tools -y

Check the installed Memcached version

$ memcached --version

Example output:

memcached 1.5.22

Enable Memcached to start at boot

$ sudo systemctl enable memcached

Start the Memcached service

$ sudo systemctl start memcached

Configure Memcached

The configuration file for Memcached is /etc/memcached.conf. Here you can define options such as port number, memory size, connection limits, and the IP address that Memcached listens on. Follow these steps to adjust the settings and confirm that Memcached is running properly.

Edit the configuration file

$ sudo nano /etc/memcached.conf

Enable SASL authentication

Add -S at the end of the file after -P /var/run/memcached/memcached.pid to enable SASL:

...
-P /var/run/memcached/memcached.pid
-S

Enable verbose logging

-v

Limit simultaneous connections

-c 1024

Check the Memcached port

# Default connection port is 11211
-p 11211

Restrict or allow remote access

Ensure the -l directive is set to 127.0.0.1 to limit access to local connections. To allow remote access, update it to your server’s public IP:

-l 127.0.0.1
-l ::1

Apply configuration changes

$ sudo systemctl restart memcached

Secure Memcached with SASL

By default, Memcached does not enforce authentication. Enabling SASL ensures that only authenticated users can access it. Follow these steps to add this security layer.

Install the SASL package

$ sudo apt install sasl2-bin -y

Create a directory for SASL credentials

$ sudo mkdir /etc/sasl2

Create a SASL configuration file

$ sudo nano /etc/sasl2/memcached.conf

Add the following content:

log_level: 5
mech_list: plain
sasldb_path: /etc/sasl2/memcached-sasldb2

This configuration:

• log_level: Enables detailed logging at level 5.
• mech_list: Specifies authentication method; plain allows simple username and password authentication.
• sasldb_path: Indicates the location of the Memcached SASL database for authentication.

Create a SASL user

Replace example-user with your desired username:

$ sudo saslpasswd2 -a memcached -c -f /etc/sasl2/memcached-sasldb2 example-user

Set a strong password when prompted.

Assign correct ownership to the SASL database

$ sudo chown memcache:memcache /etc/sasl2/memcached-sasldb2

Restart Memcached to apply changes

$ sudo systemctl restart memcached

Check the Memcached service status

$ sudo systemctl status memcached

List all SASL users

$ sudo sasldblistusers2 -f /etc/sasl2/memcached-sasldb2

Example output:

example-user@ubuntu20: userPassword

Test the new user credentials

Replace example-user@ubuntu20 and strong-password with your actual details:

$ memcstat --binary --servers="127.0.0.1" --username='example-user@ubuntu20' --password=strong-password

If the configuration is correct, you should see output similar to this:

Server: 127.0.0.1 (11211)
    pid: 5090
    uptime: 570
    time: 1743878810
    version: 1.5.22
    libevent: 2.1.11-stable
    pointer_size: 64
    rusage_user: 0.052240
    rusage_system: 0.043533
    max_connections: 1024
    curr_connections: 2
    total_connections: 10
    rejected_connections: 8

Connect to Memcached

Memcached works with many application frameworks such as PHP, Perl, Python, Ruby, and Java. To test connectivity with PHP, follow these steps.

Install PHP and the Memcached module

$ sudo apt install php php-memcached -y

Create a sample PHP script

$ nano memcached.php

Add the following PHP code. Replace example-user@ubuntu20 and strong-password with your own credentials:

setOption(Memcached::OPT_BINARY_PROTOCOL, true);
$memcached->addServer('127.0.0.1', 11211);
$memcached->setSaslAuthData('example-user@ubuntu20', 'strong-password');

// Set and retrieve a value to test the connection
$memcached->set('example', 'Greetings from centron!');
echo $memcached->get('example');
?>

This script connects to Memcached using the specified user credentials and binary protocol. It creates a new key named example with the value “Greetings from centron!” and then retrieves it from memory.

Run the PHP script

$ php memcached.php

Example output:

Greetings from centron!

The output confirms that the PHP script successfully connected to Memcached, stored the key example, and retrieved the value “Greetings from centron!”.

Conclusion

You have installed Memcached on Ubuntu 20.04 and configured it to securely integrate with application frameworks such as PHP. By caching frequently used data like database queries in memory, Memcached helps improve server performance and reduce load.