# 7. ISP-Go slave server Install second (slave) **ISP-Go** server. Make sure that `isp-go-api` is launched on the master server only. All requests to the API should be sent to the master server. To prevent `isp-go-api` launch on the slave server and block requests proxying, execute commands: ```shell service isp-go-api stop update-rc.d isp-go-api disable rm -f /etc/nginx/sites-enabled/isp-go-api service nginx restart ``` Configure replication between **Redis** instances. To do this, you need to allow the main server to listen at network addresses other than **127.0.0.1** by setting the `bind` parameter in `/etc/redis/redis.conf` to **0.0.0.0**. ```JSON bind 0.0.0.0 ``` or, if needed, you can set it to an IP or IPs of the server ```JSON bind 127.0.0.1 192.168.5.100 10.0.0.100 ``` To apply new settings restart **Redis** on the master server: ```shell service redis-server restart ```

You should restrict access to port **TCP/6379** on the master server which is used by **Redis** to listen. The port should be closed using **iptables** and stay accessible only for the loopback interface (needed for `isp-go-dnsproxy` and `isp-go-blockpage`) and the slave server. An attacker, having access to the **Redis** server via **TCP**, could change any setting of any user, or even worse, force **Redis** to take up all available memory.

Consider an example where the master server has an IP address of **192.168.5.100** and the slave server has an IP address of **192.168.5.200**. In this case, security on the main server is ensured by this **iptables** rule: ```shell iptables -A INPUT ! -s 192.168.5.200 -p tcp --dport 6379 ! -i lo -j DROP ``` To save this rule, so that it recovers after a reboot, run the command: ```shell service netfilter-persistent save ``` Add to the configuration file `/etc/redis/redis.conf` on the slave server following parameters at the end of the document: ```Nginx slaveof ``` Then restart **Redis** on the slave server to apply the settings: ```shell service redis-server restart ```