ports/databases/redis/patches/patch-redis_conf

Main changes in this file:

* Redis socket and pid files were moved to /var/run/redis
* Suggest using the system-wide root certificates /etc/ssl/certs.pem
* redis will daemonize and use syslog

Index: redis.conf
--- redis.conf.orig
+++ redis.conf
@@ -112,8 +112,8 @@ tcp-backlog 511
 # incoming connections. There is no default, so Redis will not listen
 # on a unix socket when not specified.
 #
-# unixsocket /run/redis.sock
-# unixsocketperm 700
+# unixsocket /var/run/redis/redis.sock
+# unixsocketperm 770
 
 # Close the connection after a client is idle for N seconds (0 to disable)
 timeout 0
@@ -184,6 +184,7 @@ tcp-keepalive 300
 # of these, and will not implicitly use the system wide configuration.
 #
 # tls-ca-cert-file ca.crt
+# tls-ca-cert-file /etc/ssl/cert.pem
 # tls-ca-cert-dir /etc/ssl/certs
 
 # By default, clients (including replica servers) on a TLS port are required
@@ -217,14 +218,14 @@ tcp-keepalive 300
 #
 # tls-protocols "TLSv1.2 TLSv1.3"
 
-# Configure allowed ciphers.  See the ciphers(1ssl) manpage for more information
+# Configure allowed ciphers.  See SSL_set_cipher_list(3) for more information
 # about the syntax of this string.
 #
 # Note: this configuration applies only to <= TLSv1.2.
 #
 # tls-ciphers DEFAULT:!MEDIUM
 
-# Configure allowed TLSv1.3 ciphersuites.  See the ciphers(1ssl) manpage for more
+# Configure allowed TLSv1.3 ciphersuites.  See SSL_set_cipher_list(3) for more
 # information about the syntax of this string, and specifically for TLSv1.3
 # ciphersuites.
 #
@@ -254,9 +255,9 @@ tcp-keepalive 300
 ################################# GENERAL #####################################
 
 # By default Redis does not run as a daemon. Use 'yes' if you need it.
-# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
+# Note that Redis will write a pid file in /var/run/redis/redis.pid when daemonized.
 # When Redis is supervised by upstart or systemd, this parameter has no impact.
-daemonize no
+daemonize yes
 
 # If you run Redis from upstart or systemd, Redis can interact with your
 # supervision tree. Options:
@@ -281,14 +282,14 @@ daemonize no
 #
 # When the server runs non daemonized, no pid file is created if none is
 # specified in the configuration. When the server is daemonized, the pid file
-# is used even if not specified, defaulting to "/var/run/redis.pid".
+# is used even if not specified, defaulting to "/var/run/redis/redis.pid".
 #
 # Creating a pid file is best effort: if Redis is not able to create it
 # nothing bad happens, the server will start and run normally.
 #
 # Note that on modern Linux systems "/run/redis.pid" is more conforming
 # and should be used instead.
-pidfile /var/run/redis_6379.pid
+pidfile /var/run/redis/redis_6379.pid
 
 # Specify the server verbosity level.
 # This can be one of:
@@ -301,17 +302,18 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile ""
+# logfile ""
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
-# syslog-enabled no
+syslog-enabled yes
 
 # Specify the syslog identity.
-# syslog-ident redis
+syslog-ident redis
 
-# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
-# syslog-facility local0
+# Specify the syslog facility. Must be one of DAEMON, USER or between
+# LOCAL0-LOCAL7.
+syslog-facility daemon
 
 # To disable the built in crash log, which will possibly produce cleaner core
 # dumps when they are needed, uncomment the following:
@@ -453,7 +455,7 @@ rdb-del-sync-files no
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir ./
+dir ${DBDIR}
 
 ################################# REPLICATION #################################
 
@@ -965,6 +967,7 @@ acllog-max-len 128
 # limit accordingly in case of very large clusters.
 #
 # maxclients 10000
+maxclients 96
 
 ############################## MEMORY MANAGEMENT ################################
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`Main changes in this file:`

			`* Redis socket and pid files were moved to /var/run/redis`
			`* Suggest using the system-wide root certificates /etc/ssl/certs.pem`
			`* redis will daemonize and use syslog`

			`Index: redis.conf`
			`--- redis.conf.orig`
			`+++ redis.conf`
			`@@ -112,8 +112,8 @@ tcp-backlog 511`
			`# incoming connections. There is no default, so Redis will not listen`
			`# on a unix socket when not specified.`
			`#`
			`-# unixsocket /run/redis.sock`
			`-# unixsocketperm 700`
			`+# unixsocket /var/run/redis/redis.sock`
			`+# unixsocketperm 770`

			`# Close the connection after a client is idle for N seconds (0 to disable)`
			`timeout 0`
			`@@ -184,6 +184,7 @@ tcp-keepalive 300`
			`# of these, and will not implicitly use the system wide configuration.`
			`#`
			`# tls-ca-cert-file ca.crt`
			`+# tls-ca-cert-file /etc/ssl/cert.pem`
			`# tls-ca-cert-dir /etc/ssl/certs`

			`# By default, clients (including replica servers) on a TLS port are required`
			`@@ -217,14 +218,14 @@ tcp-keepalive 300`
			`#`
			`# tls-protocols "TLSv1.2 TLSv1.3"`

			`-# Configure allowed ciphers. See the ciphers(1ssl) manpage for more information`
			`+# Configure allowed ciphers. See SSL_set_cipher_list(3) for more information`
			`# about the syntax of this string.`
			`#`
			`# Note: this configuration applies only to <= TLSv1.2.`
			`#`
			`# tls-ciphers DEFAULT:!MEDIUM`

			`-# Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more`
			`+# Configure allowed TLSv1.3 ciphersuites. See SSL_set_cipher_list(3) for more`
			`# information about the syntax of this string, and specifically for TLSv1.3`
			`# ciphersuites.`
			`#`
			`@@ -254,9 +255,9 @@ tcp-keepalive 300`
			`################################# GENERAL #####################################`

			`# By default Redis does not run as a daemon. Use 'yes' if you need it.`
			`-# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.`
			`+# Note that Redis will write a pid file in /var/run/redis/redis.pid when daemonized.`
			`# When Redis is supervised by upstart or systemd, this parameter has no impact.`
			`-daemonize no`
			`+daemonize yes`

			`# If you run Redis from upstart or systemd, Redis can interact with your`
			`# supervision tree. Options:`
			`@@ -281,14 +282,14 @@ daemonize no`
			`#`
			`# When the server runs non daemonized, no pid file is created if none is`
			`# specified in the configuration. When the server is daemonized, the pid file`
			`-# is used even if not specified, defaulting to "/var/run/redis.pid".`
			`+# is used even if not specified, defaulting to "/var/run/redis/redis.pid".`
			`#`
			`# Creating a pid file is best effort: if Redis is not able to create it`
			`# nothing bad happens, the server will start and run normally.`
			`#`
			`# Note that on modern Linux systems "/run/redis.pid" is more conforming`
			`# and should be used instead.`
			`-pidfile /var/run/redis_6379.pid`
			`+pidfile /var/run/redis/redis_6379.pid`

			`# Specify the server verbosity level.`
			`# This can be one of:`
			`@@ -301,17 +302,18 @@ loglevel notice`
			`# Specify the log file name. Also the empty string can be used to force`
			`# Redis to log on the standard output. Note that if you use standard`
			`# output for logging but daemonize, logs will be sent to /dev/null`
			`-logfile ""`
			`+# logfile ""`

			`# To enable logging to the system logger, just set 'syslog-enabled' to yes,`
			`# and optionally update the other syslog parameters to suit your needs.`
			`-# syslog-enabled no`
			`+syslog-enabled yes`

			`# Specify the syslog identity.`
			`-# syslog-ident redis`
			`+syslog-ident redis`

			`-# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.`
			`-# syslog-facility local0`
			`+# Specify the syslog facility. Must be one of DAEMON, USER or between`
			`+# LOCAL0-LOCAL7.`
			`+syslog-facility daemon`

			`# To disable the built in crash log, which will possibly produce cleaner core`
			`# dumps when they are needed, uncomment the following:`
			`@@ -453,7 +455,7 @@ rdb-del-sync-files no`
			`# The Append Only File will also be created inside this directory.`
			`#`
			`# Note that you must specify a directory here, not a file name.`
			`-dir ./`
			`+dir ${DBDIR}`

			`################################# REPLICATION #################################`

			`@@ -965,6 +967,7 @@ acllog-max-len 128`
			`# limit accordingly in case of very large clusters.`
			`#`
			`# maxclients 10000`
			`+maxclients 96`

			`############################## MEMORY MANAGEMENT ################################`