]> git.saurik.com Git - redis.git/blame_incremental - redis.conf
Comments about security of slave-read-only in redis.coinf.
[redis.git] / redis.conf
... / ...
CommitLineData
1# Redis configuration file example
2
3# Note on units: when memory size is needed, it is possible to specify
4# it in the usual form of 1k 5GB 4M and so forth:
5#
6# 1k => 1000 bytes
7# 1kb => 1024 bytes
8# 1m => 1000000 bytes
9# 1mb => 1024*1024 bytes
10# 1g => 1000000000 bytes
11# 1gb => 1024*1024*1024 bytes
12#
13# units are case insensitive so 1GB 1Gb 1gB are all the same.
14
15# By default Redis does not run as a daemon. Use 'yes' if you need it.
16# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
17daemonize no
18
19# When running daemonized, Redis writes a pid file in /var/run/redis.pid by
20# default. You can specify a custom pid file location here.
21pidfile /var/run/redis.pid
22
23# Accept connections on the specified port, default is 6379.
24# If port 0 is specified Redis will not listen on a TCP socket.
25port 6379
26
27# If you want you can bind a single interface, if the bind option is not
28# specified all the interfaces will listen for incoming connections.
29#
30# bind 127.0.0.1
31
32# Specify the path for the unix socket that will be used to listen for
33# incoming connections. There is no default, so Redis will not listen
34# on a unix socket when not specified.
35#
36# unixsocket /tmp/redis.sock
37# unixsocketperm 755
38
39# Close the connection after a client is idle for N seconds (0 to disable)
40timeout 0
41
42# Set server verbosity to 'debug'
43# it can be one of:
44# debug (a lot of information, useful for development/testing)
45# verbose (many rarely useful info, but not a mess like the debug level)
46# notice (moderately verbose, what you want in production probably)
47# warning (only very important / critical messages are logged)
48loglevel notice
49
50# Specify the log file name. Also 'stdout' can be used to force
51# Redis to log on the standard output. Note that if you use standard
52# output for logging but daemonize, logs will be sent to /dev/null
53logfile stdout
54
55# To enable logging to the system logger, just set 'syslog-enabled' to yes,
56# and optionally update the other syslog parameters to suit your needs.
57# syslog-enabled no
58
59# Specify the syslog identity.
60# syslog-ident redis
61
62# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
63# syslog-facility local0
64
65# Set the number of databases. The default database is DB 0, you can select
66# a different one on a per-connection basis using SELECT <dbid> where
67# dbid is a number between 0 and 'databases'-1
68databases 16
69
70################################ SNAPSHOTTING #################################
71#
72# Save the DB on disk:
73#
74# save <seconds> <changes>
75#
76# Will save the DB if both the given number of seconds and the given
77# number of write operations against the DB occurred.
78#
79# In the example below the behaviour will be to save:
80# after 900 sec (15 min) if at least 1 key changed
81# after 300 sec (5 min) if at least 10 keys changed
82# after 60 sec if at least 10000 keys changed
83#
84# Note: you can disable saving at all commenting all the "save" lines.
85#
86# It is also possible to remove all the previously configured save
87# points by adding a save directive with a single empty string argument
88# like in the following example:
89#
90# save ""
91
92save 900 1
93save 300 10
94save 60 10000
95
96# By default Redis will stop accepting writes if RDB snapshots are enabled
97# (at least one save point) and the latest background save failed.
98# This will make the user aware (in an hard way) that data is not persisting
99# on disk properly, otherwise chances are that no one will notice and some
100# distater will happen.
101#
102# If the background saving process will start working again Redis will
103# automatically allow writes again.
104#
105# However if you have setup your proper monitoring of the Redis server
106# and persistence, you may want to disable this feature so that Redis will
107# continue to work as usually even if there are problems with disk,
108# permissions, and so forth.
109stop-writes-on-bgsave-error yes
110
111# Compress string objects using LZF when dump .rdb databases?
112# For default that's set to 'yes' as it's almost always a win.
113# If you want to save some CPU in the saving child set it to 'no' but
114# the dataset will likely be bigger if you have compressible values or keys.
115rdbcompression yes
116
117# The filename where to dump the DB
118dbfilename dump.rdb
119
120# The working directory.
121#
122# The DB will be written inside this directory, with the filename specified
123# above using the 'dbfilename' configuration directive.
124#
125# Also the Append Only File will be created inside this directory.
126#
127# Note that you must specify a directory here, not a file name.
128dir ./
129
130################################# REPLICATION #################################
131
132# Master-Slave replication. Use slaveof to make a Redis instance a copy of
133# another Redis server. Note that the configuration is local to the slave
134# so for example it is possible to configure the slave to save the DB with a
135# different interval, or to listen to another port, and so on.
136#
137# slaveof <masterip> <masterport>
138
139# If the master is password protected (using the "requirepass" configuration
140# directive below) it is possible to tell the slave to authenticate before
141# starting the replication synchronization process, otherwise the master will
142# refuse the slave request.
143#
144# masterauth <master-password>
145
146# When a slave lost the connection with the master, or when the replication
147# is still in progress, the slave can act in two different ways:
148#
149# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
150# still reply to client requests, possibly with out of date data, or the
151# data set may just be empty if this is the first synchronization.
152#
153# 2) if slave-serve-stale data is set to 'no' the slave will reply with
154# an error "SYNC with master in progress" to all the kind of commands
155# but to INFO and SLAVEOF.
156#
157slave-serve-stale-data yes
158
159# You can configure a slave instance to accept writes or not. Writing against
160# a slave instance may be useful to store some ephemeral data (because data
161# written on a slave will be easily deleted after resync with the master) but
162# may also cause problems if clients are writing to it because of a
163# misconfiguration.
164#
165# Since Redis 2.6 by default slaves are read-only.
166#
167# Note: read only slaves are not designed to be exposed to untrusted clients
168# on the internet. It's just a protection layer against misuse of the instance.
169# Still a read only slave exports by default all the administrative commands
170# such as CONFIG, DEBUG, and so forth. To a limited extend you can improve
171# security of read only slaves using 'rename-command' to shadow all the
172# administrative / dangerous commands.
173slave-read-only yes
174
175# Slaves send PINGs to server in a predefined interval. It's possible to change
176# this interval with the repl_ping_slave_period option. The default value is 10
177# seconds.
178#
179# repl-ping-slave-period 10
180
181# The following option sets a timeout for both Bulk transfer I/O timeout and
182# master data or ping response timeout. The default value is 60 seconds.
183#
184# It is important to make sure that this value is greater than the value
185# specified for repl-ping-slave-period otherwise a timeout will be detected
186# every time there is low traffic between the master and the slave.
187#
188# repl-timeout 60
189
190################################## SECURITY ###################################
191
192# Require clients to issue AUTH <PASSWORD> before processing any other
193# commands. This might be useful in environments in which you do not trust
194# others with access to the host running redis-server.
195#
196# This should stay commented out for backward compatibility and because most
197# people do not need auth (e.g. they run their own servers).
198#
199# Warning: since Redis is pretty fast an outside user can try up to
200# 150k passwords per second against a good box. This means that you should
201# use a very strong password otherwise it will be very easy to break.
202#
203# requirepass foobared
204
205# Command renaming.
206#
207# It is possible to change the name of dangerous commands in a shared
208# environment. For instance the CONFIG command may be renamed into something
209# of hard to guess so that it will be still available for internal-use
210# tools but not available for general clients.
211#
212# Example:
213#
214# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
215#
216# It is also possible to completely kill a command renaming it into
217# an empty string:
218#
219# rename-command CONFIG ""
220
221################################### LIMITS ####################################
222
223# Set the max number of connected clients at the same time. By default
224# this limit is set to 10000 clients, however if the Redis server is not
225# able ot configure the process file limit to allow for the specified limit
226# the max number of allowed clients is set to the current file limit
227# minus 32 (as Redis reserves a few file descriptors for internal uses).
228#
229# Once the limit is reached Redis will close all the new connections sending
230# an error 'max number of clients reached'.
231#
232# maxclients 10000
233
234# Don't use more memory than the specified amount of bytes.
235# When the memory limit is reached Redis will try to remove keys
236# accordingly to the eviction policy selected (see maxmemmory-policy).
237#
238# If Redis can't remove keys according to the policy, or if the policy is
239# set to 'noeviction', Redis will start to reply with errors to commands
240# that would use more memory, like SET, LPUSH, and so on, and will continue
241# to reply to read-only commands like GET.
242#
243# This option is usually useful when using Redis as an LRU cache, or to set
244# an hard memory limit for an instance (using the 'noeviction' policy).
245#
246# WARNING: If you have slaves attached to an instance with maxmemory on,
247# the size of the output buffers needed to feed the slaves are subtracted
248# from the used memory count, so that network problems / resyncs will
249# not trigger a loop where keys are evicted, and in turn the output
250# buffer of slaves is full with DELs of keys evicted triggering the deletion
251# of more keys, and so forth until the database is completely emptied.
252#
253# In short... if you have slaves attached it is suggested that you set a lower
254# limit for maxmemory so that there is some free RAM on the system for slave
255# output buffers (but this is not needed if the policy is 'noeviction').
256#
257# maxmemory <bytes>
258
259# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
260# is reached? You can select among five behavior:
261#
262# volatile-lru -> remove the key with an expire set using an LRU algorithm
263# allkeys-lru -> remove any key accordingly to the LRU algorithm
264# volatile-random -> remove a random key with an expire set
265# allkeys-random -> remove a random key, any key
266# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
267# noeviction -> don't expire at all, just return an error on write operations
268#
269# Note: with all the kind of policies, Redis will return an error on write
270# operations, when there are not suitable keys for eviction.
271#
272# At the date of writing this commands are: set setnx setex append
273# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
274# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
275# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
276# getset mset msetnx exec sort
277#
278# The default is:
279#
280# maxmemory-policy volatile-lru
281
282# LRU and minimal TTL algorithms are not precise algorithms but approximated
283# algorithms (in order to save memory), so you can select as well the sample
284# size to check. For instance for default Redis will check three keys and
285# pick the one that was used less recently, you can change the sample size
286# using the following configuration directive.
287#
288# maxmemory-samples 3
289
290############################## APPEND ONLY MODE ###############################
291
292# By default Redis asynchronously dumps the dataset on disk. If you can live
293# with the idea that the latest records will be lost if something like a crash
294# happens this is the preferred way to run Redis. If instead you care a lot
295# about your data and don't want to that a single record can get lost you should
296# enable the append only mode: when this mode is enabled Redis will append
297# every write operation received in the file appendonly.aof. This file will
298# be read on startup in order to rebuild the full dataset in memory.
299#
300# Note that you can have both the async dumps and the append only file if you
301# like (you have to comment the "save" statements above to disable the dumps).
302# Still if append only mode is enabled Redis will load the data from the
303# log file at startup ignoring the dump.rdb file.
304#
305# IMPORTANT: Check the BGREWRITEAOF to check how to rewrite the append
306# log file in background when it gets too big.
307
308appendonly no
309
310# The name of the append only file (default: "appendonly.aof")
311# appendfilename appendonly.aof
312
313# The fsync() call tells the Operating System to actually write data on disk
314# instead to wait for more data in the output buffer. Some OS will really flush
315# data on disk, some other OS will just try to do it ASAP.
316#
317# Redis supports three different modes:
318#
319# no: don't fsync, just let the OS flush the data when it wants. Faster.
320# always: fsync after every write to the append only log . Slow, Safest.
321# everysec: fsync only if one second passed since the last fsync. Compromise.
322#
323# The default is "everysec" that's usually the right compromise between
324# speed and data safety. It's up to you to understand if you can relax this to
325# "no" that will let the operating system flush the output buffer when
326# it wants, for better performances (but if you can live with the idea of
327# some data loss consider the default persistence mode that's snapshotting),
328# or on the contrary, use "always" that's very slow but a bit safer than
329# everysec.
330#
331# If unsure, use "everysec".
332
333# appendfsync always
334appendfsync everysec
335# appendfsync no
336
337# When the AOF fsync policy is set to always or everysec, and a background
338# saving process (a background save or AOF log background rewriting) is
339# performing a lot of I/O against the disk, in some Linux configurations
340# Redis may block too long on the fsync() call. Note that there is no fix for
341# this currently, as even performing fsync in a different thread will block
342# our synchronous write(2) call.
343#
344# In order to mitigate this problem it's possible to use the following option
345# that will prevent fsync() from being called in the main process while a
346# BGSAVE or BGREWRITEAOF is in progress.
347#
348# This means that while another child is saving the durability of Redis is
349# the same as "appendfsync none", that in practical terms means that it is
350# possible to lost up to 30 seconds of log in the worst scenario (with the
351# default Linux settings).
352#
353# If you have latency problems turn this to "yes". Otherwise leave it as
354# "no" that is the safest pick from the point of view of durability.
355no-appendfsync-on-rewrite no
356
357# Automatic rewrite of the append only file.
358# Redis is able to automatically rewrite the log file implicitly calling
359# BGREWRITEAOF when the AOF log size will growth by the specified percentage.
360#
361# This is how it works: Redis remembers the size of the AOF file after the
362# latest rewrite (or if no rewrite happened since the restart, the size of
363# the AOF at startup is used).
364#
365# This base size is compared to the current size. If the current size is
366# bigger than the specified percentage, the rewrite is triggered. Also
367# you need to specify a minimal size for the AOF file to be rewritten, this
368# is useful to avoid rewriting the AOF file even if the percentage increase
369# is reached but it is still pretty small.
370#
371# Specify a percentage of zero in order to disable the automatic AOF
372# rewrite feature.
373
374auto-aof-rewrite-percentage 100
375auto-aof-rewrite-min-size 64mb
376
377################################ LUA SCRIPTING ###############################
378
379# Max execution time of a Lua script in milliseconds.
380#
381# If the maximum execution time is reached Redis will log that a script is
382# still in execution after the maximum allowed time and will start to
383# reply to queries with an error.
384#
385# When a long running script exceed the maximum execution time only the
386# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
387# used to stop a script that did not yet called write commands. The second
388# is the only way to shut down the server in the case a write commands was
389# already issue by the script but the user don't want to wait for the natural
390# termination of the script.
391#
392# Set it to 0 or a negative value for unlimited execution without warnings.
393lua-time-limit 5000
394
395################################## SLOW LOG ###################################
396
397# The Redis Slow Log is a system to log queries that exceeded a specified
398# execution time. The execution time does not include the I/O operations
399# like talking with the client, sending the reply and so forth,
400# but just the time needed to actually execute the command (this is the only
401# stage of command execution where the thread is blocked and can not serve
402# other requests in the meantime).
403#
404# You can configure the slow log with two parameters: one tells Redis
405# what is the execution time, in microseconds, to exceed in order for the
406# command to get logged, and the other parameter is the length of the
407# slow log. When a new command is logged the oldest one is removed from the
408# queue of logged commands.
409
410# The following time is expressed in microseconds, so 1000000 is equivalent
411# to one second. Note that a negative number disables the slow log, while
412# a value of zero forces the logging of every command.
413slowlog-log-slower-than 10000
414
415# There is no limit to this length. Just be aware that it will consume memory.
416# You can reclaim memory used by the slow log with SLOWLOG RESET.
417slowlog-max-len 1024
418
419############################### ADVANCED CONFIG ###############################
420
421# Hashes are encoded using a memory efficient data structure when they have a
422# small number of entries, and the biggest entry does not exceed a given
423# threshold. These thresholds can be configured using the following directives.
424hash-max-ziplist-entries 512
425hash-max-ziplist-value 64
426
427# Similarly to hashes, small lists are also encoded in a special way in order
428# to save a lot of space. The special representation is only used when
429# you are under the following limits:
430list-max-ziplist-entries 512
431list-max-ziplist-value 64
432
433# Sets have a special encoding in just one case: when a set is composed
434# of just strings that happens to be integers in radix 10 in the range
435# of 64 bit signed integers.
436# The following configuration setting sets the limit in the size of the
437# set in order to use this special memory saving encoding.
438set-max-intset-entries 512
439
440# Similarly to hashes and lists, sorted sets are also specially encoded in
441# order to save a lot of space. This encoding is only used when the length and
442# elements of a sorted set are below the following limits:
443zset-max-ziplist-entries 128
444zset-max-ziplist-value 64
445
446# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
447# order to help rehashing the main Redis hash table (the one mapping top-level
448# keys to values). The hash table implementation Redis uses (see dict.c)
449# performs a lazy rehashing: the more operation you run into an hash table
450# that is rehashing, the more rehashing "steps" are performed, so if the
451# server is idle the rehashing is never complete and some more memory is used
452# by the hash table.
453#
454# The default is to use this millisecond 10 times every second in order to
455# active rehashing the main dictionaries, freeing memory when possible.
456#
457# If unsure:
458# use "activerehashing no" if you have hard latency requirements and it is
459# not a good thing in your environment that Redis can reply form time to time
460# to queries with 2 milliseconds delay.
461#
462# use "activerehashing yes" if you don't have such hard requirements but
463# want to free memory asap when possible.
464activerehashing yes
465
466# The client output buffer limits can be used to force disconnection of clients
467# that are not reading data from the server fast enough for some reason (a
468# common reason is that a Pub/Sub client can't consume messages as fast as the
469# publisher can produce them).
470#
471# The limit can be set differently for the three different classes of clients:
472#
473# normal -> normal clients
474# slave -> slave clients and MONITOR clients
475# pubsub -> clients subcribed to at least one pubsub channel or pattern
476#
477# The syntax of every client-output-buffer-limit directive is the following:
478#
479# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
480#
481# A client is immediately disconnected once the hard limit is reached, or if
482# the soft limit is reached and remains reached for the specified number of
483# seconds (continuously).
484# So for instance if the hard limit is 32 megabytes and the soft limit is
485# 16 megabytes / 10 seconds, the client will get disconnected immediately
486# if the size of the output buffers reach 32 megabytes, but will also get
487# disconnected if the client reaches 16 megabytes and continuously overcomes
488# the limit for 10 seconds.
489#
490# By default normal clients are not limited because they don't receive data
491# without asking (in a push way), but just after a request, so only
492# asynchronous clients may create a scenario where data is requested faster
493# than it can read.
494#
495# Instead there is a default limit for pubsub and slave clients, since
496# subscribers and slaves receive data in a push fashion.
497#
498# Both the hard or the soft limit can be disabled just setting it to zero.
499client-output-buffer-limit normal 0 0 0
500client-output-buffer-limit slave 256mb 64mb 60
501client-output-buffer-limit pubsub 32mb 8mb 60
502
503################################## INCLUDES ###################################
504
505# Include one or more other config files here. This is useful if you
506# have a standard template that goes to all Redis server but also need
507# to customize a few per-server settings. Include files can include
508# other files, so use this wisely.
509#
510# include /path/to/local.conf
511# include /path/to/other.conf