redis服务端配置
1.通用(general)
By default Redis does not run as a daemon. Use 'yes' if you need it.Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
默认情况下 redis 不是作为守护进程运行的,如果你想让它在后台运行,你就把它改成 yes。当redis作为守护进程运行的时候,它会写一个 pid 到 /var/run/redis.pid 文件里面。
daemonize yes
When running daemonized, Redis writes a pid file in /var/run/redis.pid by default. You can specify a custom pid file location here.
当 Redis 以守护进程的方式运行的时候,Redis 默认会把 pid 文件放在/var/run/redis.pid可配置到其他地址,当运行多个 redis 服务时,需要指定不同的 pid 文件和端口指定存储Redis进程号的文件路径
pidfile /var/run/redis.pid
Accept connections on the specified port, default is 6379.If port 0 is specified Redis will not listen on a TCP socket.端口,默认端口是6379,生产环境中建议更改端口号,安全性更高如果你设为 0 ,redis 将不在 socket 上监听任何客户端连接。
port 9966
TCP listen() backlog.
In high requests-per-second environments you need an high backlog in order
to avoid slow clients connections issues. Note that the Linux kernel will silently truncate it to the value of /proc/sys/net/core/somaxconn so make sure to raise both the value of somaxconn and tcp_max_syn_backlog in order to get the desired effect.
TCP 监听的最大容纳数量
此参数确定了TCP连接中已完成队列(完成三次握手之后)的长度,当系统并发量大并且客户端速度缓慢的时候,你需要把这个值调高以避免客户端连接缓慢的问题。Linux 内核会一声不响的把这个值缩小成 /proc/sys/net/core/somaxconn 对应的值,默认是511,而Linux的默认参数值是128。所以可以将这二个参数一起参考设定,你以便达到你的预期。
tcp-backlog 511
By default Redis listens for connections from all the network interfaces available on the server. It is possible to listen to just one or multiple interfaces using the "bind" configuration directive, followed by one or more IP addresses.
Examples:
bind 192.168.1.100 10.0.0.1
有时候为了安全起见,redis一般都是监听127.0.0.1 但是有时候又有同网段能连接的需求,当然可以绑定0.0.0.0 用iptables来控制访问权限,或者设置redis访问密码来保证数据安全不设置将处理所有请求,建议生产环境中设置,有个误区:bind是用来限制外网IP访问的,其实不是,限制外网ip访问可以通过iptables;如:-A INPUT -s 10.10.1.0/24 -p tcp -m state --state NEW -m tcp --dport 9966 -j ACCEPT ;实际上,bind ip 绑定的是redis所在服务器网卡的ip,当然127.0.0.1也是可以的。如果绑定一个外网ip,就会报错:Creating Server TCP listening socket xxx.xxx.xxx.xxx:9966: bind: Cannot assign requested address
bind 127.0.0.1
bind 127.0.0.1 10.10.1.3
假设绑定是以上ip,使用 netstat -anp|grep 9966 会发现,这两个ip被bind,其中10.10.1.3是服务器网卡的ip
tcp 0 0 10.10.1.3:9966 0.0.0.0:* LISTEN 11188/redis-server
tcp 0 0 127.0.0.1:9966 0.0.0.0:* LISTEN 11188/redis-server
Specify the path for the Unix socket that will be used to listen for incoming connections. There is no default, so Redis will not listen on a unix socket when not specified.
unixsocket /tmp/redis.sock
unixsocketperm 700
Close the connection after a client is idle for N seconds (0 to disable)
客户端和Redis服务端的连接超时时间,默认是0,表示永不超时。
timeout 0
TCP keepalive.
// If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
// of communication. This is useful for two reasons:
//
// 1) Detect dead peers.
// 2) Take the connection alive from the point of view of network
// equipment in the middle.
//
// On Linux, the specified value (in seconds) is the period used to send ACKs.
// Note that to close the connection the double of the time is needed.
// On other kernels the period depends on the kernel configuration.
//
// A reasonable value for this option is 60 seconds.
// tcp 心跳包。
如果设置为非零,则在与客户端缺乏通讯的时候使用 SO_KEEPALIVE 发送 tcp acks 给客户端。这个之所有有用,主要由两个原因:
- 防止死的 peers
- Take the connection alive from the point of view of network
equipment in the middle.
推荐一个合理的值就是60秒
tcp-keepalive 0
Specify the server verbosity level.
// This can be one of:
// debug (a lot of information, useful for development/testing)
// verbose (many rarely useful info, but not a mess like the debug level)
// notice (moderately verbose, what you want in production probably)
// warning (only very important / critical messages are logged)
// 日志记录等级,4个可选值debug,verbose,notice,warning
// 可以是下面的这些值:
// debug (适用于开发或测试阶段)
// verbose (many rarely useful info, but not a mess like the debug level)
// notice (适用于生产环境)
// warning (仅仅一些重要的消息被记录)
loglevel notice
// Specify the log file name. Also the empty string can be used to force
// Redis to log on the standard output. Note that if you use standard
// output for logging but daemonize, logs will be sent to /dev/null
//配置 log 文件地址,默认打印在命令行终端的窗口上,也可设为/dev/null屏蔽日志、
logfile "/data/logs/redis/redis.log"
// To enable logging to the system logger, just set 'syslog-enabled' to yes,
// and optionally update the other syslog parameters to suit your needs.
// 要想把日志记录到系统日志,就把它改成 yes,
// 也可以可选择性的更新其他的syslog 参数以达到你的要求
// syslog-enabled no
// Specify the syslog identity.
// 设置 syslog 的 identity。
// syslog-ident redis
// Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
// syslog-facility local0
// Set the number of databases. The default database is DB 0, you can select
// a different one on a per-connection basis using SELECT <dbid> where
// dbid is a number between 0 and 'databases'-1
// 可用的数据库数,默认值为16,默认数据库为0,数据库范围在0-(database-1)之间
databases 16
2.快照(snapshotting)
3.复制(replication)
4.安全(security)
5.限制(limits)
6.追加模式(append only mode)
7.LUA脚本(lua scripting)
8.慢日志(slow log)
9.事件通知(event notification)
