Main changes in this file: * Redis socket and pid files were moved to /var/run/redis * Suggest using the system-wide root certificates /etc/ssl/certs.pem * redis will daemonize and use syslog Index: redis.conf --- redis.conf.orig +++ redis.conf @@ -112,8 +112,8 @@ tcp-backlog 511 # incoming connections. There is no default, so Redis will not listen # on a unix socket when not specified. # -# unixsocket /run/redis.sock -# unixsocketperm 700 +# unixsocket /var/run/redis/redis.sock +# unixsocketperm 770 # Close the connection after a client is idle for N seconds (0 to disable) timeout 0 @@ -184,6 +184,7 @@ tcp-keepalive 300 # of these, and will not implicitly use the system wide configuration. # # tls-ca-cert-file ca.crt +# tls-ca-cert-file /etc/ssl/cert.pem # tls-ca-cert-dir /etc/ssl/certs # By default, clients (including replica servers) on a TLS port are required @@ -217,14 +218,14 @@ tcp-keepalive 300 # # tls-protocols "TLSv1.2 TLSv1.3" -# Configure allowed ciphers. See the ciphers(1ssl) manpage for more information +# Configure allowed ciphers. See SSL_set_cipher_list(3) for more information # about the syntax of this string. # # Note: this configuration applies only to <= TLSv1.2. # # tls-ciphers DEFAULT:!MEDIUM -# Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more +# Configure allowed TLSv1.3 ciphersuites. See SSL_set_cipher_list(3) for more # information about the syntax of this string, and specifically for TLSv1.3 # ciphersuites. # @@ -254,9 +255,9 @@ tcp-keepalive 300 ################################# GENERAL ##################################### # By default Redis does not run as a daemon. Use 'yes' if you need it. -# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. +# Note that Redis will write a pid file in /var/run/redis/redis.pid when daemonized. # When Redis is supervised by upstart or systemd, this parameter has no impact. -daemonize no +daemonize yes # If you run Redis from upstart or systemd, Redis can interact with your # supervision tree. Options: @@ -281,14 +282,14 @@ daemonize no # # When the server runs non daemonized, no pid file is created if none is # specified in the configuration. When the server is daemonized, the pid file -# is used even if not specified, defaulting to "/var/run/redis.pid". +# is used even if not specified, defaulting to "/var/run/redis/redis.pid". # # Creating a pid file is best effort: if Redis is not able to create it # nothing bad happens, the server will start and run normally. # # Note that on modern Linux systems "/run/redis.pid" is more conforming # and should be used instead. -pidfile /var/run/redis_6379.pid +pidfile /var/run/redis/redis_6379.pid # Specify the server verbosity level. # This can be one of: @@ -301,17 +302,18 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # Redis to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null -logfile "" +# logfile "" # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. -# syslog-enabled no +syslog-enabled yes # Specify the syslog identity. -# syslog-ident redis +syslog-ident redis -# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. -# syslog-facility local0 +# Specify the syslog facility. Must be one of DAEMON, USER or between +# LOCAL0-LOCAL7. +syslog-facility daemon # To disable the built in crash log, which will possibly produce cleaner core # dumps when they are needed, uncomment the following: @@ -453,7 +455,7 @@ rdb-del-sync-files no # The Append Only File will also be created inside this directory. # # Note that you must specify a directory here, not a file name. -dir ./ +dir ${DBDIR} ################################# REPLICATION ################################# @@ -965,6 +967,7 @@ acllog-max-len 128 # limit accordingly in case of very large clusters. # # maxclients 10000 +maxclients 96 ############################## MEMORY MANAGEMENT ################################