|
|
7. 安全设置说明
######## SECURITY[l1] ###################################
# Requireclients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in whichyou do not trust
# others with access to the host runningredis-server.[l2]
#
# Thisshould stay commented out for backward compatibility and because most
# people do not need auth (e.g. they runtheir own servers).[l3]
#
# Warning:since Redis is pretty fast an outside user can try up to
# 150k passwords per second against agood box. This means that you should
# use a very strong password otherwise itwill be very easy to break.[l4]
#
# requirepass foobared
# Commandrenaming.[l5]
#
# Itis possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIGcommand may be renamed into something
# hard to guess so that it will still beavailable for internal-use tools
# but not available for general clients.[l6]
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
#It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""[l7]
#
#Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves maycause problems.[l8]
8. 限制设置说明
#######LIMITS #[l9] ###################################
# Setthe max number of connected clients at the same time. By default
# this limit is set to 10000 clients,however if the Redis server is not
# able to configure the process filelimit to allow for the specified limit
# the max number of allowed clients is setto the current file limit
# minus 32 (as Redis reserves a few filedescriptors for internal uses).[l10]
#
#Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clientsreached'.[l11]
#
# maxclients 10000
# Don'tuse more memory than the specified amount of bytes.
# When the memory limit is reached Rediswill try to remove keys
# according to the eviction policyselected (see maxmemory-policy).[l12]
#
# IfRedis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', Redis will startto reply with errors to commands
# that would use more memory, like SET,LPUSH, and so on, and will continue
# to reply to read-only commands likeGET.[l13]
#
# Thisoption is usually useful when using Redis as an LRU cache, or to set
# a hard memory limit for an instance(using the 'noeviction' policy).[l14]
#
#WARNING: If you have slaves attached to an instance with maxmemory on,
# the size of the output buffers neededto feed the slaves are subtracted
# from the used memory count, so thatnetwork problems / resyncs will
# not trigger a loop where keys areevicted, and in turn the output
# buffer of slaves is full with DELs ofkeys evicted triggering the deletion
# of more keys, and so forth until thedatabase is completely emptied.[l15]
#
# Inshort... if you have slaves attached it is suggested that you set a lower
# limit for maxmemory so that there issome free RAM on the system for slave
# output buffers (but this is not neededif the policy is 'noeviction').[l16]
#
# maxmemory <bytes>
# MAXMEMORYPOLICY: how Redis will select what to remove when maxmemory
# is reached. You can select among fivebehaviors:[l17]
#
#volatile-lru -> remove the key with an expire set using an LRU algorithm
# allkeys-lru -> remove any keyaccording to the LRU algorithm
# volatile-random -> remove a randomkey with an expire set[l18]
#allkeys-random -> remove a random key, any key
# volatile-ttl -> remove the key withthe nearest expire time (minor TTL)
# noeviction -> don't expire at all,just return an error on write operations[l19]
#
# Note:with any of the above policies, Redis will return an error on write
# operations, when there are no suitable keys for eviction.[l20]
#
# At the date of writing these commands are:set setnx setex append
# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
# getset mset msetnx exec sort[l21]
#
# The default is:
#
# maxmemory-policy noeviction
#LRU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory),so you can tune it for speed or
# accuracy. For default Redis will checkfive keys and pick the one that was
# used less recently, you can change thesample size using the following
# configuration directive.[l22]
#
# Thedefault of 5 produces good enough results. 10 Approximates very closely
# true LRU but costs a bit more CPU. 3 isvery fast but not very accurate.[l23]
#
# maxmemory-samples 5
9. 只增方式配置说明
###### APPENDONLY MODE[l24] ###############################
#By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, butan issue with the Redis process or
# a power outage may result into a fewminutes of writes lost (depending on
# the configured save points).[l25]
#
#The Append Only File is an alternative persistence mode that provides
# much better durability. For instanceusing the default data fsync policy
# (see later in the config file) Rediscan lose just one second of writes in a
# dramatic event like a server poweroutage, or a single write if something
# wrong with the Redis process itselfhappens, but the operating system is
# still running correctly.[l26]
#
# AOFand RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Rediswill load the AOF, that is the file
# with the better durability guarantees.[l27]
#
# Pleasecheck http://redis.io/topics/persistence for more information[l28] .
appendonly no
# Thename of the append only file (default: "appendonly.aof")[l29]
appendfilename "appendonly.aof"
# Thefsync() call tells the Operating System to actually write data on disk
# instead of waiting for more data in theoutput buffer. Some OS will really flush
# data on disk, some other OS will justtry to do it ASAP.[l30]
#
# Redissupports three different modes:[l31]
#
#no: don't fsync, just let the OS flush the data when it wants. Faster.
# always: fsync after every write to theappend only log. Slow, Safest.
# everysec: fsync only one time everysecond. Compromise.[l32]
#
# Thedefault is "everysec", as that's usually the right compromise between
# speed and data safety. It's up to youto understand if you can relax this to
# "no" that will let theoperating system flush the output buffer when
# it wants, for better performances (butif you can live with the idea of
# some data loss consider the defaultpersistence mode that's snapshotting),
# or on the contrary, use"always" that's very slow but a bit safer than
# everysec.[l33]
#
#More details please check the following article:
#http://antirez.com/post/redis-persistence-demystified.html[l34]
#
#If unsure, use "everysec".[l35]
# appendfsync always
appendfsync everysec
# appendfsync no
# Whenthe AOF fsync policy is set to always or everysec, and a background
# saving process (a background save orAOF log background rewriting) is
# performing a lot of I/O against thedisk, in some Linux configurations
# Redis may block too long on the fsync()call. Note that there is no fix for
# this currently, as even performingfsync in a different thread will block
# our synchronous write(2) call.[l36]
#
#In order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from beingcalled in the main process while a
# BGSAVE or BGREWRITEAOF is in progress.[l37]
#
#This means that while another child is saving, the durability of Redis is
# the same as "appendfsyncnone". In practical terms, this means that it is
# possible to lose up to 30 seconds oflog in the worst scenario (with the
# default Linux settings).[l38]
#
#If you have latency problems turn this to "yes". Otherwise leave itas
# "no" that is the safest pickfrom the point of view of durability.[l39]
no-appendfsync-on-rewrite no
# Automaticrewrite of the append only file.[l40]
# Redisis able to automatically rewrite the log file implicitly calling
# BGREWRITEAOF when the AOF log sizegrows by the specified percentage.[l41]
#
# Thisis how it works: Redis remembers the size of the AOF file after the
# latest rewrite (if no rewrite hashappened since the restart, the size of
# the AOF at startup is used).[l42]
#
#This base size is compared to the current size. If the current size is
# bigger than the specified percentage,the rewrite is triggered. Also
# you need to specify a minimal size forthe AOF file to be rewritten, this
# is useful to avoid rewriting the AOFfile even if the percentage increase
# is reached but it is still prettysmall.[l43]
#
#Specify a percentage of zero in order to disable the automatic AOF
# rewrite feature.[l44]
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
# AnAOF file may be found to be truncated at the end during the Redis
# startup process, when the AOF data getsloaded back into memory.
# This may happen when the system whereRedis is running
# crashes, especially when an ext4filesystem is mounted without the
# data=ordered option (however this can'thappen when Redis itself
# crashes or aborts but the operatingsystem still works correctly).[l45]
#
# Rediscan either exit with an error when this happens, or load as much
# data as possible (the default now) andstart if the AOF file is found
# to be truncated at the end. Thefollowing option controls this behavior.[l46]
#
# Ifaof-load-truncated is set to yes, a truncated AOF file is loaded and
# the Redis server starts emitting a logto inform the user of the event.
# Otherwise if the option is set to no,the server aborts with an error
# and refuses to start. When the optionis set to no, the user requires
# to fix the AOF file using the"redis-check-aof" utility before to restart
# the server.[l47]
#
#Note that if the AOF file will be found to be corrupted in the middle
# the server will still exit with anerror. This option only applies when
# Redis will try to read more data fromthe AOF file but not enough bytes
# will be found.[l48]
aof-load-truncated yes
10. LUA脚本设置说明
######LUA SCRIPTING[l49] ###############################
# Maxexecution time of a Lua script in milliseconds.[l50]
#
#If the maximum execution time is reached Redis will log that a script is
# still in execution after the maximumallowed time and will start to
# reply to queries with an error.[l51]
#
# Whena long running script exceeds the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVEcommands are available. The first can be
# used to stop a script that did not yetcalled write commands. The second
# is the only way to shut down the serverin the case a write command was
# already issued by the script but theuser doesn't want to wait for the natural
# termination of the script.[l52]
#
# Setit to 0 or a negative value for unlimited execution without warnings.[l53]
lua-time-limit 5000
11. Redis集群设置说明
######REDIS CLUSTER[l54] ###############################
#
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however
# in order to mark it as"mature" we need to wait for a non trivial percentage
# of users to deploy it in production.[l55]
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
#Normal Redis instances can't be part of a Redis Cluster; only nodes that are
# started as cluster nodes can. In orderto start a Redis instance as a
# cluster node enable the cluster supportuncommenting the following:[l56]
#
# cluster-enabled yes
# Everycluster node has a cluster configuration file. This file is not
# intended to be edited by hand. It iscreated and updated by Redis nodes.
# Every Redis Cluster node requires adifferent cluster configuration file.
# Make sure that instances running in thesame system do not have
# overlapping cluster configuration filenames.[l57]
#
# cluster-config-file nodes-6379.conf
#Cluster node timeout is the amount of milliseconds a node must be unreachable
# for it to be considered in failurestate.[l58]
#Most other internal time limits are multiple of the node timeout.[l59]
#
# cluster-node-timeout 15000
# Aslave of a failing master will avoid to start a failover if its data
# looks too old.[l60]
#
#There is no simple way for a slave to actually have a exact measure of
# its "data age", so thefollowing two checks are performed:[l61]
#
# 1)If there are multiple slaves able to failover, they exchange messages
# in order to try to give an advantage to the slave with the best
# replication offset (more data from the master processed).
# Slaves will try to get their rank by offset, and apply to the start
# of the failover a delay proportional to their rank.[l62]
#
# 2)Every single slave computes the time of the last interaction with
# its master. This can be the last ping or command received (if the master
# is still in the "connected" state), or the time that elapsedsince the
# disconnection with the master (if the replication link is currentlydown).
# If the last interaction is too old, the slave will not try to failover
# at all.[l63]
#
# Thepoint "2" can be tuned by user. Specifically a slave will not perform
# the failover if, since the lastinteraction with the master, the time
# elapsed is greater than:[l64]
#
# (node-timeout *slave-validity-factor) + repl-ping-slave-period
#
# Sofor example if node-timeout is 30 seconds, and the slave-validity-factor
# is 10, and assuming a default repl-ping-slave-periodof 10 seconds, the
# slave will not try to failover if itwas not able to talk with the master
# for longer than 310 seconds.[l65]
#
# Alarge slave-validity-factor may allow slaves with too old data to failover
# a master, while a too small value mayprevent the cluster from being able to
# elect a slave at all.[l66]
#
#For maximum availability, it is possible to set the slave-validity-factor
# to a value of 0, which means, thatslaves will always try to failover the
# master regardless of the last time theyinteracted with the master.
# (However they'll always try to apply adelay proportional to their
# offset rank).[l67]
#
# Zerois the only value able to guarantee that when all the partitions heal
# the cluster will always be able tocontinue.[l68]
#
# cluster-slave-validity-factor 10
# Clusterslaves are able to migrate to orphaned masters, that are masters
# that are left without working slaves.This improves the cluster ability
# to resist to failures as otherwise anorphaned master can't be failed over
# in case of failure if it has no workingslaves.[l69]
#
# Slavesmigrate to orphaned masters only if there are still at least a
# given number of other working slavesfor their old master. This number
# is the "migration barrier". Amigration barrier of 1 means that a slave
# will migrate only if there is at least1 other working slave for its master
# and so forth. It usually reflects thenumber of slaves you want for every
# master in your cluster.[l70]
#
# Defaultis 1 (slaves migrate only if their masters remain with at least
# one slave). To disable migration justset it to a very large value.
# A value of 0 can be set but is usefulonly for debugging and dangerous
# in production.[l71]
#
# cluster-migration-barrier 1
#By default Redis Cluster nodes stop accepting queries if they detect there
# is at least an hash slot uncovered (noavailable node is serving it).
# This way if the cluster is partiallydown (for example a range of hash slots
# are no longer covered) all the clusterbecomes, eventually, unavailable.
# It automatically returns available assoon as all the slots are covered again.[l72]
#
#However sometimes you want the subset of the cluster which is working,
# to continue to accept queries for thepart of the key space that is still
# covered. In order to do so, just setthe cluster-require-full-coverage
# option to no.[l73]
#
# cluster-require-full-coverage yes
#In order to setup your cluster make sure to read the documentation
# available at http://redis.io web site.[l74]
12. slowlog设置说明
######### SLOWLOG [l75] ###################################
# TheRedis Slow Log is a system to log queries that exceeded a specified
# execution time. The execution time doesnot include the I/O operations
# like talking with the client, sendingthe reply and so forth,
# but just the time needed to actuallyexecute the command (this is the only
# stage of command execution where thethread is blocked and can not serve
# other requests in the meantime).[l76]
#
# Youcan configure the slow log with two parameters: one tells Redis
# what is the execution time, inmicroseconds, to exceed in order for the
# command to get logged, and the otherparameter is the length of the
# slow log. When a new command is loggedthe oldest one is removed from the
# queue of logged commands.[l77]
# Thefollowing time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negativenumber disables the slow log, while
# a value of zero forces the logging ofevery command.[l78]
slowlog-log-slower-than 10000
#There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slowlog with SLOWLOG RESET.[l79]
slowlog-max-len 128
###### LATENCYMONITOR[l80] ##############################
#The Redis latency monitoring subsystem samples different operations
# at runtime in order to collect datarelated to possible sources of
# latency of a Redis instance.[l81]
#
# Viathe LATENCY command this information is available to the user that can
# print graphs and obtain reports.[l82]
#
#The system only logs operations that were performed in a time equal or
# greater than the amount of millisecondsspecified via the
# latency-monitor-threshold configurationdirective. When its value is set
# to zero, the latency monitor is turnedoff.[l83]
#
# Bydefault latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, andcollecting data has a performance
# impact, that while very small, can bemeasured under big load. Latency
# monitoring can easily be enabled atruntime using the command
# "CONFIG SETlatency-monitor-threshold <milliseconds>" if needed.[l84]
latency-monitor-threshold 0
13. 事件通知设置说明
##### EVENTNOTIFICATION [l85] ##############################
# Rediscan notify Pub/Sub clients about events happening in the key space.
# This feature is documented athttp://redis.io/topics/notifications[l86]
#
#For instance if keyspace events notification is enabled, and a client
# performs a DEL operation on key"foo" stored in the Database 0, two
# messages will be published via Pub/Sub:[l87]
#
# PUBLISH __keyspace@0__:foo del
# PUBLISH __keyevent@0__:del foo
#
# Itis possible to select the events that Redis will notify among a set
# of classes. Every class is identifiedby a single character:[l88]
#
# K Keyspace events, published with__keyspace@<db>__ prefix.[l89]
# E Keyevent events, published with__keyevent@<db>__ prefix.[l90]
# g Generic commands (non-type specific) like DEL,EXPIRE, RENAME, ...[l91]
# $ String commands[l92]
# l List commands[l93]
# s Set commands[l94]
# h Hash commands[l95]
# z Sorted set commands[l96]
# x Expired events (events generated every time akey expires)[l97]
# e Evicted events (events generated when a key isevicted for maxmemory)[l98]
# A Alias for g$lshzxe, so that the "AKE"string means all the events[l99] .
#
# The "notify-keyspace-events"takes as argument a string that is composed
# of zero or multiple characters. The empty string means thatnotifications
# are disabled.
#[l100]
# Example: to enable list and generic events,from the point of view of the
# event name, use:[l101]
#
# notify-keyspace-events Elg
#
# Example 2: to get the stream of the expiredkeys subscribing to channel
# name __keyevent@0__:expired use:[l102]
#
# notify-keyspace-events Ex
#
# By default all notifications are disabledbecause most users don't need
# this feature and the feature has some overhead. Note that if you don't
# specify at least one of K or E, no events will be delivered.[l103]
notify-keyspace-events ""
14. 高级配置设置说明
###### ADVANCEDCONFIG [l104] ###############################
#Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and thebiggest entry does not exceed a given
# threshold. These thresholds can beconfigured using the following directives.[l105]
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
#Lists are also encoded in a special way to save a lot of space.
# The number of entries allowed perinternal list node can be specified
# as a fixed maximum size or a maximumnumber of elements.
# For a fixed maximum size, use -5through -1, meaning:[l106]
#-5: max size: 64 Kb <-- notrecommended for normal workloads
# -4: max size: 32 Kb <-- not recommended
# -3: max size: 16 Kb <-- probably not recommended
# -2: max size: 8 Kb <-- good
# -1: max size: 4 Kb <-- good[l107]
# Positivenumbers mean store up to _exactly_ that number of elements
# per list node.[l108]
# Thehighest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
# but if your use case is unique, adjustthe settings as necessary.[l109]
list-max-ziplist-size -2
#Lists may also be compressed.[l110]
#Compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* fromcompression. The head and tail of thelist
# are always uncompressed for fast push/popoperations. Settings are:[l111]
#0: disable all list compression
# 1: depth 1 means "don't startcompressing until after 1 node into the list,
# going from either the head or tail"
# So: [head]->node->node->...->node->[tail]
# [head], [tail] will always be uncompressed; inner nodes will compress.[l112]
# 2:[head]->[next]->node->node->...->node->[prev]->[tail]
# 2 here means: don't compress head or head->next or tail->prev ortail,
# but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.[l113]
list-compress-depth 0
#Sets have a special encoding in just one case: when a set is composed
# of just strings that happen to beintegers in radix 10 in the range
# of 64 bit signed integers.[l114]
# Thefollowing configuration setting sets the limit in the size of the
# set in order to use this special memorysaving encoding.[l115]
set-max-intset-entries 512
# Similarlyto hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. Thisencoding is only used when the length and
# elements of a sorted set are below thefollowing limits:[l116]
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
# HyperLogLogsparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLogusing the sparse representation crosses
# this limit, it is converted into thedense representation.[l117]
#
# Avalue greater than 16000 is totally useless, since at that point the
# dense representation is more memoryefficient.[l118]
#
# Thesuggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding withoutslowing down too much PFADD,
# which is O(N) with the sparse encoding.The value can be raised to
# ~ 10000 when CPU is not a concern, butspace is, and the data set is
# composed of many HyperLogLogs withcardinality in the 0 - 15000 range.[l119]
hll-sparse-max-bytes 3000
#Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redishash table (the one mapping top-level
# keys to values). The hash tableimplementation Redis uses (see dict.c)
# performs a lazy rehashing: the moreoperation you run into a hash table
# that is rehashing, the more rehashing"steps" are performed, so if the
# server is idle the rehashing is nevercomplete and some more memory is used
# by the hash table.[l120]
#
# Thedefault is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries,freeing memory when possible.[l121]
#
# If unsure:
#use "activerehashing no" if you have hard latency requirements and itis
# not a good thing in your environmentthat Redis can reply from time to time
# to queries with 2 milliseconds delay.[l122]
#
# use"activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.[l123]
activerehashing yes
# Theclient output buffer limits can be used to force disconnection of clients
# that are not reading data from theserver fast enough for some reason (a
# common reason is that a Pub/Sub clientcan't consume messages as fast as the
# publisher can produce them).[l124]
#
# Thelimit can be set differently for the three different classes of clients:[l125]
#
#normal -> normal clients including MONITOR clients
# slave -> slave clients
# pubsub -> clients subscribed to atleast one pubsub channel or pattern[l126]
#
# Thesyntax of every client-output-buffer-limit directive is the following:[l127]
#
# client-output-buffer-limit<class> <hard limit> <soft limit> <soft seconds>[l128]
#
#A client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remainsreached for the specified number of
# seconds (continuously).[l129]
# Sofor instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the clientwill get disconnected immediately
# if the size of the output buffers reach32 megabytes, but will also get
# disconnected if the client reaches 16megabytes and continuously overcomes
# the limit for 10 seconds.[l130]
#
# Bydefault normal clients are not limited because they don't receive data
# without asking (in a push way), butjust after a request, so only
# asynchronous clients may create ascenario where data is requested faster
# than it can read.[l131]
#
#Instead there is a default limit for pubsub and slave clients, since
# subscribers and slaves receive data ina push fashion.[l132]
#
#Both the hard or the soft limit can be disabled by setting them to zero.[l133]
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Rediscalls an internal function to perform many background tasks, like
# closing connections of clients intimeout, purging expired keys that are
# never requested, and so forth.[l134]
#
#Not all tasks are performed with the same frequency, but Redis checks for
# tasks to perform according to thespecified "hz" value.[l135]
#
# Bydefault "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same timewill make Redis more responsive when
# there are many keys expiring at thesame time, and timeouts may be
# handled with more precision.[l136]
#
# Therange is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use thedefault of 10 and raise this up to
# 100 only in environments where very lowlatency is required.[l137]
hz 10
#When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 32 MBof data generated. This is useful
# in order to commit the file to the diskmore incrementally and avoid
# big latency spikes.[l138]
aof-rewrite-incremental-fsync yes
[l1]安全设置
[l2]要求客户端在处理任何其他命令之前发出AUTH <PASSWORD>。这在您不信任其他人访问运行redis-server的主机的环境中可能很有用
[l3]这应该保持注释掉向后兼容性,因为大多数人不需要身份验证(例如他们运行自己的服务器)。
[l4]警告:由于Redis是相当快的外部用户可以尝试高达每秒15万个密码对。这意味着你应该使用非常强的密码,否则将很容易破解
[l5]命令改名
[l6]可以在共享环境中更改危险命令的名称。 例如,CONFIG命令可以重命名为难以猜测的东西,以便它仍然可用于内部使用工具,但不能用于一般客户端
[l7]也可以通过将命令重命名为空字符串来完全限制命令:
重命名命令CONFIG“”
[l8]请注意,更改登录到AOF文件或发送到从站的命令的名称可能会导致问题。
[l9]限制设置
[l10]同时设置连接的客户端的最大数量。 默认情况下,此限制设置为10000个客户端,但是如果Redis服务器无法配置进程文件限制以允许指定的限制,则允许的客户端的最大数量设置为当前文件限制减32(因为Redis保留少数用于内部使用的文件描述符)
[l11]一旦达到限制,Redis将关闭所有发送错误“达到最大客户端数”的新连接。
[l12]不要使用比指定的字节数更多的内存。 当达到内存限制时,Redis将尝试根据选择的逐出策略删除密钥(请参阅maxmemory-policy)
[l13]如果Redis无法根据策略删除密钥,或者如果策略设置为“noeviction”,Redis将开始对将使用更多内存(如SET,LPUSH等)的命令进行回复,并将继续以回复只读命令(如GET)
[l14]当使用Redis作为LRU缓存时,或者为实例设置硬内存限制(使用'noeviction'策略)时,此选项通常很有用。
[l15]警告:如果您的从属设备连接到具有maxmemory的实例,则从使用的内存计数中减去馈送从属设备所需的输出缓冲区的大小,以便网络问题/重新同步不会触发按键被逐出的循环,以及从属设备的输出缓冲器充满DEL的键被逐出触发删除更多的键,等等,直到数据库被完全清空
[l16]简而言之...如果你有奴隶附加,建议你设置maxmemory的下限,以便系统上有一些空闲的RAM用于从输出缓冲区(但如果策略是noeviction,则不需要)。
[l17]MAXMEMORY POLICY:Redis将如何选择在达到maxmemory时要删除的内容。您可以选择五种行为:
[l18]volatile-lru - >使用LRU算法删除具有过期集的密钥
allkeys-lru - >根据LRU算法删除任何密钥
volatile-random - >删除带有过期集的随机密钥
[l19]allkeys-random - >删除随机密钥,任意密钥
volatile-ttl - >删除具有最近过期时间的密钥(次TTL)
noeviction - >不要过期,只是在写操作时返回一个错误
[l20]注意:使用上述任何策略,当没有合适的驱逐键时,Redis将在写操作时返回一个错误。
[l21]在写这些命令时:setsetnx setex append incr decr rpush lpush rpushx lpushx linsert lset rpoplpushsadd sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrbyzunionstore zinterstore hset hsetnx hmset hincrby incrby decrby getset msetmsetnx exec sort
[l22]LRU和最小TTL算法不是精确算法,而是近似算法(以便节省内存),因此您可以调整它的速度或精度。默认情况下,Redis将检查五个键,并选择最近使用的键,可以使用以下配置指令更改样本大小
[l23]默认值为5产生足够好的结果。 10近似非常接近真实的LRU,但成本更多的CPU。 3是非常快,但不是很准确
[l24]仅追加方式配置
[l25]默认情况下,Redis异步地转储磁盘上的数据集。 这种模式对许多应用程序已经足够了,但是如果断电或者redis进程除问题就会导致一段时间内的更新数据丢失(取决于配置项)
[l26]这种只增文件是可选的能够提供更好的体验的数据持久化策略。举个例子,如果使用默认的配置数据fsync策略,在服务器意外断电的情况下redis只会丢失一秒钟内的更新数据,或者当redis进程出问题但操作系统运转正常时,redis只会丢失一个数据更新操作
[l27]AOF和RDB持久性可以同时启用并且无冲突。如果AOF开启,启动redis时会加载aof文件,这些文件能够提供更好的保证。
[l28]请查看http://redis.io/topics/persistence以获取更多信息
[l29]只增文件的名称(默认值:“appendonly.aof”)
[l30]调用fsync()函数会通知操作系统真正将数据写入磁盘,而不是等待缓冲区中更多数据。有些操作系统会将数据输出到磁盘,有些操作系统知识ASAP
[l31]Redis支持三种不同的方式
[l32]No:不调用,当操作系统要输出数据时只等待操作系统来清空缓冲区。很快
Always:每次更新数据都写入仅增文件。慢,但是最安全
Ererysec:每秒调用一次。折中
[l33]默认是每秒中一次,因为它往往是在速度和数据安全两者之间的折中选择。如果你可以接受让操作系统去自动清空缓存,你可以降这项配置降低到no(如果你可以接受一段时间的数据丢失,默认的rdb就足够了),这完全取决与你。如果你想要一个更好的体验或者从相反的角度,使用always,这样会很慢,但是比everysec安全些。
[l34]请在下面的文章中获取更多细节知识:
http://antirez.com/post/redis-persistence-demystified.html
[l35]如果你不是很清楚这三项之间的区别,或者不知道哪种适合你的机器,就用默认吧。
[l36]当AOF策略设置为always或者everysec的时候,后台的保存进程会进行很多磁盘I/O操作,在某些linux结构中redis会在调用sync()方法时阻塞很长时间,记住,现在还没有办法解决这个问题,及时在不同进程中进行调用也会block。
[l37]使用如下配置可能会缓解这个问题,这样会在存储大数据或者BGREWRITEAOF的时候不会在主进程中调用fsync()方法。
[l38]这表示,如果另外一个子进程在保存操作,redis的表现如同配置为appendfsync no。在实际应用中,这表示在最坏的情境下(使用linux默认配置)可能会丢失30秒日志
[l39]如果你有特殊的情况可以配置为yes。但是配置问为no是最为安全的选择。
[l40]自动重写只增文件
[l41]Redis可以自动盲从的调用BGREWRITEAOF来重写日志,如果日志文件增长了指定的百分比。
[l42]它是这样工作的:每次rewrite后redis会记录日志文件的大小(如果重启后没有重写后的大小,就默认用日志文件大小)
[l43]这个基准日志大小和当前日志大小做比较。如果当前大小比指定的百分比大,重写机制就会被触发。同时,你也要指定一个重写下线,用来增长百分比,但是日志文件还很小的情况下。
[l44]指定百分比为0可以注释自动重写日志文件功能。
[l45]在AIF数据被加载回内存时,可能会发现AIF文件在Redis启动过程结束时被截断。这可能发生在当Redis运行的系统崩溃时,特别是当ext4文件系统没有data = ordered选项时(但是当Redis本身崩溃或中止,但操作系统仍然正常工作时)
[l46]Redis可以在发生这种情况时退出错误,或者加载尽可能多的数据(现在是默认值),如果发现AOF文件在末尾被截断,则启动。以下选项控制此行为
[l47]如果aof-load-truncated设置为yes,将加载截断的AOF文件,Redis服务器开始发出日志以通知用户该事件。 否则,如果该选项设置为no,服务器将中止并出现错误,并拒绝启动。 当该选项设置为no时,用户需要在重新启动服务器之前使用“redis-check-aof”实用程序修复AOF文件
[l48]请注意,如果AOF文件将被发现在中间被损坏,服务器仍将退出并出现错误。 此选项仅在Redis尝试从AOF文件读取更多数据但找不到足够的字节时适用
[l49]LUA脚本设置
[l50]Lua脚本的最大执行时间(以毫秒为单位)。
[l51]如果达到最大执行时间,Redis将记录一个脚本在最大允许时间之后仍在执行,并将开始回复具有错误的查询。
[l52]当长时间运行的脚本超过最大执行时间时,只有SCRIPT KILL和SHUTDOWN NOSAVE命令可用。第一个可用于停止尚未调用写入命令的脚本。第二种是在脚本已经发出写入命令但用户不想等待脚本自然终止的情况下关闭服务器的唯一方法
[l53]将其设置为0或负值,无限制执行,不带警告。
[l54]Redis集群设置
[l55]警告实验:Redis群集被认为是稳定的代码,但是为了将其标记为“成熟”,我们需要等待非常小百分比的用户将其部署到生产环境中。
[l56]正常Redis实例不能是Redis群集的一部分; 只有作为集群节点启动的节点才可以。为了将Redis实例作为群集节点启动,请启用群集支持,取消注释以下内容
[l57]每个集群节点都有一个集群配置文件。 此文件不能手动编辑。 它由Redis节点创建和更新。 每个Redis群集节点都需要一个不同的群集配置文件。 确保在同一系统中运行的实例不具有重叠的群集配置文件名
[l58]集群节点超时是节点必须无法访问的毫秒数,以便将其视为处于故障状态。
[l59]大多数其他内部时间限制是节点超时的倍数。
[l60]如果故障主控的从属数据看起来太旧,则它将避免启动故障转移。
[l61]没有简单的方法使从机实际上具有其“数据时间”的精确测量,因此执行以下两个检查:
[l62]1)如果有多个从设备能够故障切换,它们交换消息,以便尝试给从设备提供具有最佳复制偏移(来自主设备处理的更多数据)的优点。从设备将尝试通过偏移获得它们的排名,并应用于故障转移的开始与它们的排名成比例的延迟
[l63]2)每个单独的从机计算与其主机的最后一次交互的时间。这可以是接收到的最后一个ping或命令(如果主设备仍处于“已连接”状态),或自从与主设备断开连接后所经过的时间(如果复制链接当前已关闭)。如果最后一次交互太旧,从设备将不会尝试进行故障切换
[l64]点“2”可以由用户调谐。 特别地,从主机将不执行故障转移,因为自从与主机的最后交互,经过的时间大于
[l65]因此,例如,如果node-timeout为30秒,从属有效因子为10,并且假定默认的replet-slave-slave-period为10秒,则如果slave不能通话,则slave不会尝试进行故障转移 与主站的时间超过310秒
[l66]大的从有效性因子可以允许具有太旧数据的从设备故障转移主设备,而太小的值可能阻止集群能够选择所有的从设备。
[l67]为了实现最大可用性,可以将从属有效因子设置为0,这意味着从属设备将始终尝试故障转移主设备,而不管他们最后一次与主设备进行交互的时间。(但是,他们总是试图应用与它们的偏移等级成比例的延迟)
[l68]零是唯一能够保证当所有分区修复集群时总是能够继续的值。
[l69]群集从设备能够迁移到孤立主设备,即没有工作从设备的主设备。 这提高了集群抵御故障的能力,否则孤立主机在没有工作从机的情况下无法故障转移
[l70]只有当至少有一定数量的其他工作从设备用于它们的旧主设备时,从设备才迁移到孤立主设备。这个数字是“迁移障碍”。迁移障碍为1意味着只有当主设备至少有1个其他工作从设备时,从设备才会迁移。它通常反映您希望群集中每个主机的从站数
[l71]默认值为1(从机只在主机保留至少一个从机时迁移)。 要禁用迁移,只需将其设置为非常大的值。 值为0可以设置,但仅用于调试和生产中的危险
[l72]默认情况下,如果Redis集群节点检测到至少有一个散列槽未覆盖(没有可用节点正在为其提供服务),则它们将停止接受查询。这样,如果集群部分关闭(例如,一系列散列槽不再被覆盖),则所有集群变得最终不可用。一旦所有插槽再次覆盖,它将自动返回可用
[l73]但是有时候你想要的集群的子集是工作,继续接受仍然覆盖的部分关键空间的查询。为此,只需将cluster-require-full-coverage选项设置为no
[l74]为了设置您的群集,请务必阅读http://redis.io网站上提供的文档。
[l75]Slow log设置
[l76]Redis Slow Log是一种用于记录超过指定执行时间的查询的系统。执行时间不包括I / O操作,例如与客户端通信,发送答复等等,而只是实际执行命令所需的时间(这是命令执行的唯一阶段,其中线程被阻止,并且可以在此期间不提供其他请求)
[l77]您可以使用两个参数配置慢日志:一个告诉Redis为了使命令被记录而超过的执行时间(以微秒为单位),另一个参数是慢日志的长度。当记录新的命令时,最旧的命令从记录的命令队列中删除
[l78]以下时间以微秒表示,因此1000000等效于一秒。 请注意,负数禁用缓慢日志,而值为零强制记录每个命令
[l79]这个长度没有限制。 只是要注意它会消耗内存。 您可以使用SLOWLOGRESET来回收慢日志使用的内存
[l80]延迟监视器设置
[l81]Redis延迟监视子系统在运行时对不同的操作进行采样,以便收集与Redis实例的可能的延迟源相关的数据。
[l82]通过LATENCY命令,此信息可供用户打印图形并获取报告。
[l83]系统仅记录在等于或大于通过latency-monitor-threshold配置指令指定的毫秒数的时间内执行的操作。 当其值设置为零时,延迟监视器关闭
[l84]默认情况下,延迟监控被禁用,因为如果您没有延迟问题,则大多不需要延迟监控,并且收集数据对性能的影响很小,可以在大负载下测量。如果需要,可以在运行时使用命令“CONFIG SET latency-monitor-threshold <milliseconds>”轻松启用延迟监视
[l85]事件通知设置
[l86]Redis可以通知发布/订阅客户端关键空间中发生的事件。此功能在http://redis.io/topics/notifications中有记录
[l87]例如,如果启用了键空间事件通知,并且客户端对存储在数据库0中的键“foo”执行DEL操作,则将通过发布/订阅发布两个消息:
[l88]可以选择Redis在一组类中通知的事件。 每个类由单个字符标识
[l89]键空间事件,使用__keyspace @ <db> __前缀发布。
[l90]Keyevent事件,使用__keyevent@ <db> __前缀发布。
[l91]通用命令(非特定类型),如DEL,EXPIRE,RENAME,...
[l92]字符串命令
[l93]列出命令
[l94]设置命令
[l95]哈希命令
[l96]排序集命令
[l97]过期事件(每次密钥过期时生成的事件)
[l98]驱逐事件(当为maxmemory驱逐某个键时生成的事件)
[l99]g $ lshzxe的别名,因此“AKE”字符串表示所有事件。
[l100]“notify-keyspace-events”接受由零个或多个字符组成的字符串作为参数。 空字符串表示禁用通知
[l101]示例:要启用列表和通用事件,从事件名称的角度,使用:
[l102]示例2:获取过期密钥流订阅频道名称__keyevent@ 0 __:expired use:
[l103]默认情况下,所有通知都被禁用,因为大多数用户不需要此功能,该功能有一些开销。请注意,如果您未指定K或E中的至少一个,则不会传送任何事件
[l104]高级配置设置
[l105]当哈希值具有少量条目且最大条目不超过给定阈值时,使用存储器有效数据结构来对哈希进行编码。这些阈值可以使用以下指令进行配置
[l106]列表也以特殊方式编码以节省大量空间。 每个内部列表节点允许的条目数可以指定为固定的最大大小或最大数量的元素。对于固定的最大大小,请使用-5到-1,表示
[l107]-5:最大大小:64 Kb < - 不推荐用于正常工作负载
-4:最大尺寸:32 Kb < - 不推荐
-3:最大尺寸:16 Kb < - 可能不推荐
-2:最大尺寸:8Kb < - 好
-1:最大尺寸:4 Kb < - 好
[l108]正数表示每个列表节点存储的元素数量正好相等。
[l109]最高性能选项通常为-2(8 Kb大小)或-1(4 Kb大小),但如果您的用例是唯一的,请根据需要调整设置。
[l110]列表也可以被压缩。
[l111]压缩深度是从列表的每个*侧到*排除*从压缩的快速清单ziplist节点的数量。 列表的头部和尾部总是未压缩的,用于快速推送/弹出操作。 设置包括:
[l112]0:禁用所有列表压缩
1:深度1意味着“不要开始压缩,直到1个节点进入列表,从头或尾”去:[head] - > node-> node - > ...-> node - > [tail ][head],[tail]将始终未压缩; 内部节点将压缩。
[l113]2:[head] - > [next] - > node-> node-> ...-> node->[prev] - > [tail] 2这里的意思是:不压缩head或head-> next或tail - > prev或tail,但压缩它们之间的所有节点。
3:[head] - > [next] - > [next] - > node-> node->...-> node-> [prev]
[l114]集合在一种情况下有一个特殊的编码:当一个集合由刚好是在64位有符号整数范围内的基数为10的整数的字符串组成时。
[l115]以下配置设置设置集合大小的限制,以便使用此特殊内存保存编码。
[l116]与散列和列表类似,排序集也是专门编码的,以节省大量空间。 此编码仅在已排序集合的长度和元素低于以下限制时使用:
[l117]HyperLogLog稀疏表示字节限制。该限制包括16字节报头。当使用稀疏表示的HyperLogLog超过此限制时,它将转换为密集表示
[l118]大于16000的值是完全无用的,因为在那一点上,密集表示是更有效的存储器。
[l119]建议的值为3000,以便具有空间有效编码的优点,而不减慢过多的PFADD,这是具有稀疏编码的O(N)。当CPU不是一个问题,但空间是,并且数据集由许多HyperLogLogs组成的基数在0 - 15000范围内的值,可以提高到10000
[l120]主动重新散列每100毫秒的CPU时间使用1毫秒,以帮助重新散列主Redis散列表(一个映射顶层键值)。 Redis使用(见dict.c)执行的哈希表实现执行一个延迟重新哈希:更多的操作运行到哈希表是重新哈希,执行更多的重新哈希“步骤”,所以如果服务器空闲,重新哈希不会完成和一些更多的内存被哈希表使用
[l121]默认是每秒使用这个毫秒10次,以便主动重新搜索主要的字典,尽可能释放内存
[l122]如果您有硬延迟要求,并且在您的环境中Redis可以不时地回复2毫秒延迟的查询不是一件好事,请使用“activerehashing no”。
[l123]使用“activerehashing是”,如果你没有这么硬的要求,但想尽可能释放内存。
[l124]客户端输出缓冲区限制可以用于强制断开连接不正确地从服务器读取数据的客户端(一个常见的原因是发布/订阅客户端不能像发布者那样生成消息那么快)
[l125]可以为三个不同类别的客户端设置不同的限制:
[l126]正常 - >正常客户端,包括MONITOR客户端
从站 - >从站客户端
pubsub - >客户端订阅至少一个pubsub通道或模式
[l127]每个client-output-buffer-limit伪指令的语法如下:
[l128]客户端输出缓冲区限制<class> <硬限制> <软限制> <软秒>
[l129]一旦达到硬限制,或者达到软限制并保持达到指定的秒数(持续),客户端将立即断开。
[l130]因此,例如,如果硬限制为32兆字节,软限制为16兆字节/ 10秒,则如果输出缓冲区的大小达到32兆字节,客户端将立即断开连接,但如果客户端达到16兆字节,则客户端也将断开连接,连续超过10秒的限制
[l131]默认情况下,正常客户端不受限制,因为它们不接收数据而不询问(以推送方式),而是仅在请求之后,因此只有异步客户端可以创建其中数据被请求比其可以读取更快的场景。
[l132]相反,对于pubsub和从属客户端,存在默认限制,因为订阅者和从属以推送方式接收数据。
[l133]通过将它们设置为零,可以禁用硬限制或软限制。
[l134]Redis调用内部函数来执行许多后台任务,例如在超时时间关闭客户端连接,清除从未请求的过期密钥等。
[l135]并非所有任务都以相同的频率执行,但Redis根据指定的“hz”值检查要执行的任务。
[l136]
[l137]范围在1到500之间,但是超过100的值通常不是一个好主意。 大多数用户应使用默认值10,并且只在需要非常低延迟的环境中将其提高到100
[l138]当子代重写AOF文件时,如果启用以下选项,则文件将每生成32 MB数据进行fsync-ed。这是有用的,以便更加渐进地提交文件到磁盘,并避免大的延迟高峰
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-12-30 10:02:42
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡