第二章 详解redis.conf配置文件

# Redis configuration file example

# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1GB 1Gb 1gB are all the same.
# [翻译]单位不区分大小写,所以1GB 1Gb 1gB都是一样的。

################################## INCLUDES # Include one or more other config files here.  This is useful if you
# have a standard template that goes to all Redis servers but also need
# to customize a few per-server settings.  Include files can include
# other files, so use this wisely.
#
# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
# from admin or Redis Sentinel. Since Redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# If instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
# include .\path\to\local.conf
# include c:\path\to\other.conf

 (1). 网络接口说明
 docker0:安装docker时自动创建的网桥
 eth0:内网接口
 eth1:公网接口
 lo:本地回环接口
 (2). 如果要让公网可以连接该服务器上的redis服务,除了直接注释掉bind这一行来绑定到所有的网络接口之外,更正确的做法应该是不注释,再绑定多eth1这个公网接口,地址是120.76.207.187
 bind 127.0.0.1 120.76.207.187
 然后重启下redis服务即可,这样配置,Redis就只监听IPv4的本地回环接口和公网接口
 (3). 连接Docker容器中的Redis
 如果在docker容器里运行redis服务,可以在run的时候使用-p端口映射,比如：
 docker run -ti -p 6380:6379 centos:7 /bin/bash
 然后到容器里,查看网络接口:
     $ ifconfig
    eth0      Link encap:Ethernet  HWaddr 02:42:C0:A8:2A:03
              inet addr:192.168.42.3  Bcast:0.0.0.0  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:162 errors:0 dropped:0 overruns:0 frame:0
              TX packets:120 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:18533 (18.0 KiB)  TX bytes:44625 (43.5 KiB)
              
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 (4). 可以发现只有两个网络接口
 eth0实际上是veth pair 的一端,另一端veth88f3e3c连在宿主机的docker0网桥上
 lo就是容器里的本地回环地址
 接下来修改配置文件redis.conf,添加绑定eth0接口即可,地址为192.168.42.3
 bind 127.0.0.1 192.168.42.3
 配置完成后,在外网就可以通过服务器的公网IP 120.76.207.187 和6380端口,映射到容器内的6379端口连接redis

#(1). 例如
protected-mode yes // 打开保护模式
#bind 127.0.0.1 //不绑定任何网络接口
#requirepass xiaoyi //不设置密码 

#(2). 保护模式生效后非本地回环与unix domain socket连接将报错:
$ redis-cli -h 10.10.10.10
10.10.10.10:6379> set a 1
(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.

#(3). 保护模式生效后本地回环与unix domain socket连接将成功:
$ redis-cli -h ::1
[::1]:6379> set a 1
OK
[::1]:6379>

daemonize yes # 以守护进程的方式运行,默认是 no,我们需要自己开启为yes!
pidfile /var/run/redis_6379.pid # 如果以后台的方式运行,我们就需要指定一个 pid 文件!
# 日志
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably) 生产环境
# warning (only very important / critical messages are logged)
loglevel notice
logfile "" # 日志的文件位置名
databases 16 # 数据库的数量,默认是 16 个数据库
always-show-logo yes # 是否总是显示LOGO

################################ SNAPSHOTTING  ################################
# ...
# 在900秒内,至少有一个key被修改(添加),就会进行持久化操作
save 900 1
# 在300秒内,至少有10个key被修改,就会进行持久化操作
save 300 10
# 在60秒内,至少有1万个key被修改,就会进行持久化操作
save 60 10000

# 如果Redis在进行持久化的时候出现错误,是否停止写入,默认为是
top-writes-on-bgsave-error yes

#是否在进行数据备份时压缩持久化文件,默认为是,这个操作会耗费CPU资源,可以设置为no
rdbcompression yes

# 在保存持久化文件的同时,对文件内容进行数据校验
rdbchecksum yes

# 持久化文件保存的目录,默认保存在当前目录下
dir ./

# 复制主机上的数据,当前配置所指定的IP和端口号即为主机
################################# REPLICATION #################################
# Redis在配置文件中将此配置注释,默认不使用,下同
# replicaof <masterip> <masterport>

# 如果配置的主机有密码,需要配置此密码以通过master的验证
# masterauth <master-password>

127.0.0.1:6379> ping
PONG
127.0.0.1:6379> config get requirepass # 获取redis的密码
1) "requirepass"
2) ""
127.0.0.1:6379> config set requirepass "123456" # 设置redis的密码
OK
127.0.0.1:6379> config get requirepass # 发现所有的命令都没有权限了
(error) NOAUTH Authentication required.
127.0.0.1:6379> ping
(error) NOAUTH Authentication required.
127.0.0.1:6379> auth 123456 # 使用密码进行登录!
OK
127.0.0.1:6379> config get requirepass
1) "requirepass"
2) "123456"

# Redis允许存在的客户端的最大数量,默认有一万个
################################### CLIENTS ####################################
# Redis允许存在的客户端的最大数量,默认有一万个
# maxclients 10000
############################## MEMORY MANAGEMENT ################################
# Redis配置最大的内存容量
# maxmemory <bytes>

# 内存达到上限之后默认的处理策略
# maxmemory-policy noeviction

appendonly no
# AOF持久化的文件名称
appendfilename "appendonly.aof"
# 每秒执行一次同步,但是可能会丢失这一秒的数据
# 对于 appendfsync 它有以下几个属性 
# appendfsync always 表示每次修改都会进行数据同步,速度较慢,消耗性能
# appendfsync no 不执行同步,不消耗性能
appendfsync everysec # 数据不同步,每秒记录一次