[redis@Centos6 ~]$ cat run/redis-3.2.6/redis.confredis
# Redis configuration file example.安全
#服務器
# Note that in order to read the configuration file, Redis must be網絡
# started with the file path as first argument:dom
#socket
# ./redis-server /path/to/redis.conftcp
# Note on units: when memory size is needed, it is possible to specifyide
# it in the usual form of 1k 5GB 4M andso forth:[l1] oop
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
#units are case insensitive so 1GB 1Gb 1gB are all the same.[l2]
####### INCLUDES ###################################
#Include one or more other config files here. This is useful if you
# have a standard template that goes toall Redis servers but also need
# to customize a few per-serversettings. Include files can include
# other files, so use this wisely.[l3]
#
# Noticeoption "include" won't be rewritten by command "CONFIGREWRITE"
# from admin or Redis Sentinel. SinceRedis always uses the last processed
# line as value of a configurationdirective, you'd better put includes
# at the beginning of this file to avoidoverwriting config change at runtime.[l4]
#
# Ifinstead you are interested in using includes to override configuration
# options, it is better to use include asthe last line.[l5]
#
# include /path/to/local.conf
# include /path/to/other.conf
######NETWORK #####################################[l6]
# Bydefault, if no "bind" configuration directive is specified, Redislistens
# for connections from all the networkinterfaces available on the server.
# It is possible to listen to just one ormultiple selected interfaces using
# the "bind" configurationdirective, followed by one or more IP addresses.[l7]
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfacesis dangerous and will expose the
# instance to everybody on the internet.So by default we uncomment the
# following bind directive, that willforce Redis to listen only into
# the IPv4 lookback interface address(this means Redis will be able to
# accept connections only from clientsrunning into the same computer it
# is running).[l8]
#
# IFYOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.[l9]
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bind 127.0.0.1
# Protectedmode is a layer of security protection, in order to avoid that
# Redis instances left open on theinternet are accessed and exploited.[l10]
#
# Whenprotected mode is on and if:[l11]
#
# 1)The server is not binding explicitly to a set of addresses using the
# "bind" directive.[l12]
# 2) Nopassword is configured.[l13]
#
#The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses127.0.0.1 and ::1, and from Unix domain
# sockets.[l14]
#
# Bydefault protected mode is enabled. You should disable it only if
# you are sure you want clients fromother hosts to connect to Redis
# even if no authentication isconfigured, nor a specific set of interfaces
# are explicitly listed using the"bind" directive.[l15]
#Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will notlisten on a TCP socket.[l17]
port 6379
#
#In high requests-per-second environments you need an high backlog in order
# to avoid slow clients connectionsissues. Note that the Linux kernel
# will silently truncate it to the valueof /proc/sys/net/core/somaxconn so
# make sure to raise both the value ofsomaxconn and tcp_max_syn_backlog
# in order to get the desired effect.[l19]
tcp-backlog 511
# Unix socket.
#
#Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is nodefault, so Redis will not listen
# on a unix socket when not specified.[l20]
#
# unixsocket /tmp/redis.sock
# unixsocketperm 700
# Closethe connection after a client is idle for N seconds (0 to disable)[l21]
timeout 0
# TCP keepalive.
#
# Ifnon-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
# of communication. This is useful fortwo reasons:[l22]
#
# 2) Take the connection alive from thepoint of view of network
# equipment in the middle.[l23]
#
# OnLinux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection thedouble of the time is needed.
# On other kernels the period depends onthe kernel configuration.[l24]
#
#A reasonable value for this option is 300 seconds, which is the new
# Redis default starting with Redis3.2.1.[l25]
tcp-keepalive 300
[l1]當須要爲某個配置項指定內存大小的時候,必需要帶上單位,同城的格式是1k,5gb,4m等
[l2]單位不區分大小寫,1GB,1GB,1GB都同樣。
[l3]在此處包含一個或多個其餘配置文件。若是您有一個標準模板可用於全部Redis服務器,但還須要自定義幾個每服務器設置,這將很是有用。包含文件能夠包括其餘文件,所以請明智地使用。
[l4]注意選項「include」不會被來自admin或RedisSentinel的命令「CONFIG REWRITE」重寫。因爲Redis老是使用最後處理的行做爲配置指令的值,所以最好將include包含在此文件的開頭,以免在運行時覆蓋配置更改
[l5]相反,若是你有興趣使用包括覆蓋配置選項,最好是使用包括做爲最後一道防線。
[l6]網絡配置說明
[l7]默認狀況下,若是沒有指定「bind」配置指令,Redis會監聽來自服務器上全部可用網絡接口的鏈接。 可使用「綁定」配置指令偵聽一個或多個選定的接口,而後跟一個或多個IP地址。
[l8]~~~警告~~~若是運行Redis的計算機直接暴露在互聯網上,綁定到全部接口是危險的,而且會將實例暴露給互聯網上的每一個人。所以,在默認狀況下,咱們取消如下綁定指令,這將迫使Redis的只監聽到的IPv4回望接口地址(這意味着Redis的將只能從運行到正在運行在同一臺計算機的客戶端接受鏈接)。
[l9]若是你確信你想你的實例可以監聽到全部的界面,註釋下面一行。
[l10]保護模式是安全的保護層,以免該Redis的實例留在互聯網上公開被訪問和利用。
[l11]當保護模式打開時,若是:
[l12]1)服務器沒有使用「bind」指令明確綁定到一組地址。
[l13]2)未配置密碼。
[l14]服務器只接受來自從IPv4和IPv6環回地址127.0.0.1和:: 1以及從Unix域套接字鏈接的客戶端的鏈接。
[l15]默認狀況下啓用保護模式。 只有確保您但願來自其餘主機的客戶端鏈接到Redis,即便未配置身份驗證,也不會使用「bind」指令明確列出特定的接口集,才應禁用它。
[l16]啓用保護模式
[l17]接受指定端口上的鏈接,默認值爲6379(IANA#815344)。若是指定端口0,Redis將不會偵聽TCP套接字。
[l18]TCP監聽的最大容納數量
[l19]在高請求每秒環境中,您須要一個高的容納數量,以免緩慢的客戶端鏈接問題。注意,Linux內核會將其默認截斷爲/ proc / sys / net / core / somaxconn的值,所以請務必同時提升somaxconn和tcp_max_syn_backlog的值,以得到所需的效果。
[l20]指定將用於偵聽傳入鏈接的Unix套接字的路徑。 沒有默認值,因此Redis在沒有指定的時候不會監聽unixsocket
[l21]客戶端空閒N秒後關閉鏈接(0禁用)
[l22]若是非零,則使用SO_KEEPALIVE在沒有通訊的狀況下向客戶端發送TCP ACK。這有兩個緣由:
[l23]1)檢測死對等體。
2)從中間的網絡設備的角度來看鏈接活着
[l24]在Linux上,指定的值(以秒爲單位)是用於發送ACK的週期。注意,要關閉鏈接,須要兩倍的時間。在其餘內核上,週期取決於內核配置。
[l25]此選項的合理值爲300秒,這是從Redis 3.2.1開始的新Redis默認值。