本文最后更新于 259 天前,其中的信息可能已经过时,如有错误请发送邮件到wuxianglongblog@163.com
自定义Redis的配置文件
一.创建存放配置文件,日志文件和数据目录
(1)创建专用于存放redis服务的配置文件目录
[root@redis201.oldboyedu.com ~]# mkdir -pv /oldboyedu/softwares/redis/conf
mkdir: 已创建目录 "/oldboyedu/softwares/redis/conf"
[root@redis201.oldboyedu.com ~]#
(2)创建专用于存放redis服务的日志文件目录
[root@redis201.oldboyedu.com ~]# mkdir -pv /oldboyedu/logs/redis
mkdir: 已创建目录 "/oldboyedu/logs/redis"
[root@redis201.oldboyedu.com ~]#
(3)创建专用于存放redis服务的数据目录
[root@redis201.oldboyedu.com ~]# mkdir -pv /oldboyedu/data/redis
mkdir: 已创建目录 "/oldboyedu/data/redis"
[root@redis201.oldboyedu.com ~]#
以上3条命令我们可以直接使用: "mkdir -pv /oldboyedu/{softwares,logs,data}/redis"
二.创建配置文件
创建配置文件:
install -d /oldboyedu/softwares/redis/conf
cat > /oldboyedu/softwares/redis/conf/redis.conf <<EOF
daemonize yes
port 6379
logfile /oldboyedu/logs/redis/redis.log
dir /oldboyedu/data/redis
dbfilename oldboyedu_linux
EOF
配置文件参数说明:
daemonize:
是否后台运行。
port:
指定运行的端口。
logfile:
指定Redis日志的路放路径。
dir:
指定数据目录的存储路径,尤其是我们将Redis当做数据库用时,需要用到数据的持久化功能。
dbfilename:
指定RDB持久化数据文件的名称。
三.重启Redis服务
(1)关闭redis服务
[root@redis201.oldboyedu.com ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:6379 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-cli shutdown
18060:M 25 Feb 21:19:21.102 # User requested shutdown...
18060:M 25 Feb 21:19:21.102 * Saving the final RDB snapshot before exiting.
18060:M 25 Feb 21:19:21.103 * DB saved on disk
18060:M 25 Feb 21:19:21.103 # Redis is now ready to exit, bye bye...
[1]+ 完成 redis-server
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@redis201.oldboyedu.com ~]#
(2)启动redis服务时指定配置文件
[root@redis201.oldboyedu.com ~]# redis-server /oldboyedu/softwares/redis/conf/redis.conf # 启动服务时,直接指定配置文件的存储位置即可
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:6379 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]#
四.验证服务是否正常运行
[root@redis201.oldboyedu.com ~]# redis-cli
127.0.0.1:6379> get name
(nil)
127.0.0.1:6379>
127.0.0.1:6379> set name "Jason Yin 2020"
OK
127.0.0.1:6379>
127.0.0.1:6379> get name
"Jason Yin 2020"
127.0.0.1:6379>
127.0.0.1:6379> quit
[root@redis201.oldboyedu.com ~]#
五.基于配置文件设置Redis安全相关参数
1.Redis默认开启了安全保护模式,只允许本地回环地址登录并访问数据库。即'--protected-mode yes'
(1)基于本地连接Redis服务,是可以正常读写入数据的
[root@redis201.oldboyedu.com ~]# redis-cli
127.0.0.1:6379> get name
(nil)
127.0.0.1:6379>
127.0.0.1:6379> set name "Jason Yin 2020"
OK
127.0.0.1:6379>
127.0.0.1:6379> get name
"Jason Yin 2020"
127.0.0.1:6379>
127.0.0.1:6379> quit
[root@redis201.oldboyedu.com ~]#
(2)基于"IP:Port"方式连接Redis服务,发现无法从Redis获取数据:
[root@redis201.oldboyedu.com ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:6379 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# hostname -i
172.200.1.201
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-cli -h 172.200.1.201 -p 6379
172.200.1.201:6379>
172.200.1.201:6379> get name
(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connecti
ons are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
172.200.1.201:6379>
172.200.1.201:6379>
综上所述,我们基于"IP:Port"方式访问Redis时,默认就会出现上面的报错信息,并给出了四种解决方案:
1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent.
2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server.
3) If you started the server manually just for testing, restart it with the '--protected-mode no' option.
4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
温馨提示:
(1)上述的4个解决方案中,其中前3个解决方案都是设置'--protected-mode no'。但前3种种解决方案用于测试还是可以的,但是在生产环境中使用时并不建议使用,因为其治标不治本。我们推荐大家使用第4种方法。
(2)其中上述的第四种方法说我们可以绑定地址(bind address),或者设置验证密码(authentication password)
2.配置Redis的安全参数
[root@redis201.oldboyedu.com ~]# vim /oldboyedu/softwares/redis/conf/redis.conf
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# cat /oldboyedu/softwares/redis/conf/redis.conf
daemonize yes
port 6379
logfile /oldboyedu/logs/redis/redis.log
dir /oldboyedu/data/redis
dbfilename mydump.rdb
bind 172.200.1.201 127.0.0.1
requirepass oldboyedu2021
[root@redis201.oldboyedu.com ~]#
配置文件参数说明:
daemonize:
是否后台运行。
port:
指定运行的端口。
logfile:
指定Redis日志的路放路径。
dir:
指定数据目录的存储路径,尤其是我们将Redis当做数据库用时,需要用到数据的持久化功能。
dbfilename:
指定RDB持久化数据文件的名称。
bind:
绑定可以访问Redis服务的IP地址。
requirepass:
设置连接Redis服务的认证口令。
3.重启Redis服务使得配置生效
[root@redis201.oldboyedu.com ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:6379 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-cli shutdown
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-server /oldboyedu/softwares/redis/conf/redis.conf
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6379 *:*
LISTEN 0 128 172.200.1.201:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@redis201.oldboyedu.com ~]#
4.验证Redis安全设置是否生效
(1)在redis-cli工具的交互式字符界面中认证:
[root@redis201.oldboyedu.com ~]# redis-cli
127.0.0.1:6379> GET name # 未认证之前,是无法获取到数据的
(error) NOAUTH Authentication required.
127.0.0.1:6379>
127.0.0.1:6379> AUTH oldboyedu2021 # 此处输入我们在配置文件设置的密码即可认证成功
OK
127.0.0.1:6379>
127.0.0.1:6379> GET name # 由于我们重启了Redis服务,那么之前设置的字符串变量也随之消失了,因此默认为空("nil")
(nil)
127.0.0.1:6379>
127.0.0.1:6379> SET name "Jason Yin"
OK
127.0.0.1:6379>
127.0.0.1:6379> GET name
"Jason Yin"
127.0.0.1:6379>
127.0.0.1:6379> quit
[root@redis201.oldboyedu.com ~]#
(2)我们也可以直接在启动时使用认证密码,但我并不推荐大家这样使用,因为这意味着能执行"history"命令的人都能知道你的Redis数据库实例密码啦!
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021
127.0.0.1:6379>
127.0.0.1:6379> get name
"Jason Yin"
127.0.0.1:6379>
127.0.0.1:6379> quit
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# history | grep redis-cli | tail -2
1047 redis-cli -a oldboyedu2021
1048 history | grep redis-cli | tail -2
[root@redis201.oldboyedu.com ~]#
(3)除了使用会还地址登录,我们还可以使用另一个bind的IP地址来访问哟:
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 -h 172.200.1.201 -p 6379
172.200.1.201:6379> GET name
"Jason Yin"
172.200.1.201:6379>
172.200.1.201:6379> quit
[root@redis201.oldboyedu.com ~]#
六.在线查看和修改Redis的配置
1.在线查看配置参数
查看Redis所有的配置信息
我们在交互式命令行输入"CONFIG GET *",就可以查看Redis所有的配置信息,如下所示:
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 -h 172.200.1.201 -p 6379
172.200.1.201:6379>
172.200.1.201:6379> CONFIG GET * # 表示获取所有的配置参数
1) "dbfilename"
2) "mydump.rdb"
3) "requirepass"
4) "oldboyedu2021"
5) "masterauth"
6) ""
7) "unixsocket"
8) ""
9) "logfile"
10) "/oldboyedu/logs/redis/redis.log"
11) "pidfile"
12) "/var/run/redis.pid"
13) "slave-announce-ip"
14) ""
15) "maxmemory"
16) "0"
17) "maxmemory-samples"
18) "5"
19) "timeout"
20) "0"
21) "auto-aof-rewrite-percentage"
22) "100"
23) "auto-aof-rewrite-min-size"
24) "67108864"
25) "hash-max-ziplist-entries"
26) "512"
27) "hash-max-ziplist-value"
28) "64"
29) "list-max-ziplist-size"
30) "-2"
31) "list-compress-depth"
32) "0"
33) "set-max-intset-entries"
34) "512"
35) "zset-max-ziplist-entries"
36) "128"
37) "zset-max-ziplist-value"
38) "64"
39) "hll-sparse-max-bytes"
40) "3000"
41) "lua-time-limit"
42) "5000"
43) "slowlog-log-slower-than"
44) "10000"
45) "latency-monitor-threshold"
46) "0"
47) "slowlog-max-len"
48) "128"
49) "port"
50) "6379"
51) "tcp-backlog"
52) "511"
53) "databases"
54) "16"
55) "repl-ping-slave-period"
56) "10"
57) "repl-timeout"
58) "60"
59) "repl-backlog-size"
60) "1048576"
61) "repl-backlog-ttl"
62) "3600"
63) "maxclients"
64) "10000"
65) "watchdog-period"
66) "0"
67) "slave-priority"
68) "100"
69) "slave-announce-port"
70) "0"
71) "min-slaves-to-write"
72) "0"
73) "min-slaves-max-lag"
74) "10"
75) "hz"
76) "10"
77) "cluster-node-timeout"
78) "15000"
79) "cluster-migration-barrier"
80) "1"
81) "cluster-slave-validity-factor"
82) "10"
83) "repl-diskless-sync-delay"
84) "5"
85) "tcp-keepalive"
86) "300"
87) "cluster-require-full-coverage"
88) "yes"
89) "no-appendfsync-on-rewrite"
90) "no"
91) "slave-serve-stale-data"
92) "yes"
93) "slave-read-only"
94) "yes"
95) "stop-writes-on-bgsave-error"
96) "yes"
97) "daemonize"
98) "yes"
99) "rdbcompression"
100) "yes"
101) "rdbchecksum"
102) "yes"
103) "activerehashing"
104) "yes"
105) "protected-mode"
106) "yes"
107) "repl-disable-tcp-nodelay"
108) "no"
109) "repl-diskless-sync"
110) "no"
111) "aof-rewrite-incremental-fsync"
112) "yes"
113) "aof-load-truncated"
114) "yes"
115) "maxmemory-policy"
116) "noeviction"
117) "loglevel"
118) "notice"
119) "supervised"
120) "no"
121) "appendfsync"
122) "everysec"
123) "syslog-facility"
124) "local0"
125) "appendonly"
126) "no"
127) "dir"
128) "/oldboyedu/data/redis"
129) "save"
130) ""
131) "client-output-buffer-limit"
132) "normal 0 0 0 slave 268435456 67108864 60 pubsub 33554432 8388608 60"
133) "unixsocketperm"
134) "0"
135) "slaveof"
136) ""
137) "notify-keyspace-events"
138) ""
139) "bind"
140) "172.200.1.201 127.0.0.1"
172.200.1.201:6379>
如上所述,总共有140行数据输出,细心地小伙伴已经发现了其中是70个配置参数,因为他将配置项和其配置项的属性值分成两行进行存储,共计140行。
模糊查询参数,例如:查看以"re","re*"的配置信息
我们在交互式命令行输入"CONFIG GET re*",就可以查看Redis所有的配置信息中以"re*"开头的配置,如下所示:
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 -h 172.200.1.201 -p 6379
172.200.1.201:6379> CONFIG GET re*
1) "requirepass"
2) "oldboyedu2021"
3) "repl-ping-slave-period"
4) "10"
5) "repl-timeout"
6) "60"
7) "repl-backlog-size"
8) "1048576"
9) "repl-backlog-ttl"
10) "3600"
11) "repl-diskless-sync-delay"
12) "5"
13) "repl-disable-tcp-nodelay"
14) "no"
15) "repl-diskless-sync"
16) "no"
172.200.1.201:6379>
172.200.1.201:6379> CONFIG GET *re* # 查询包含re的配置参数。
1) "requirepass"
2) "oldboyedu2021"
3) "auto-aof-rewrite-percentage"
4) "100"
5) "auto-aof-rewrite-min-size"
6) "67108864"
7) "list-compress-depth"
8) "0"
9) "latency-monitor-threshold"
10) "0"
11) "repl-ping-slave-period"
12) "10"
13) "repl-timeout"
14) "60"
15) "repl-backlog-size"
16) "1048576"
17) "repl-backlog-ttl"
18) "3600"
19) "repl-diskless-sync-delay"
20) "5"
21) "cluster-require-full-coverage"
22) "yes"
23) "no-appendfsync-on-rewrite"
24) "no"
25) "slave-read-only"
26) "yes"
27) "rdbcompression"
28) "yes"
29) "activerehashing"
30) "yes"
31) "repl-disable-tcp-nodelay"
32) "no"
33) "repl-diskless-sync"
34) "no"
35) "aof-rewrite-incremental-fsync"
36) "yes"
172.200.1.201:6379>
如上所示,只有16行数据,共计8对配置信息是以"re*"开头的。但是包含"*re*"的配置参数相对较多了,有36行,也就是说有18对配置参数符合。
查看具体参数信息,即只获取Redis某一个特定的配置
我们在交互式命令行使用"CONFIG GET"命令获取某一个特定的参数值,就可以查看Redis对应的配置信息,如下所示:
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 -h 172.200.1.201 -p 6379
172.200.1.201:6379>
172.200.1.201:6379> CONFIG GET requirepass
1) "requirepass"
2) "oldboyedu2021"
172.200.1.201:6379>
172.200.1.201:6379> CONFIG GET repl-backlog-ttl
1) "repl-backlog-ttl"
2) "3600"
172.200.1.201:6379>
如上所述,当我们记得配置的名称后,可以直接查询具体的参数信息哟。
2.在线设置配置参数
临时设置参数不保存
如下所示,我们可以通过"CONFIG SET"命令来临时修改参数值:
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 -h 172.200.1.201 -p 6379
172.200.1.201:6379> CONFIG GET maxmemory # 查看Redis默认使用的内存为"0",这意味着不对Redis内存使用做限制,生产环境中建议设置为服务器的70%的资源。
1) "maxmemory"
2) "0"
172.200.1.201:6379>
172.200.1.201:6379> CONFIG SET maxmemory 28000M # 很明显,我这里设置的是28G的内存给Redis使用。
OK
172.200.1.201:6379>
172.200.1.201:6379> CONFIG GET maxmemory
1) "maxmemory"
2) "28000000000"
172.200.1.201:6379>
172.200.1.201:6379> quit
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 shutdown # 我们对Redis服务进行重启
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-server /oldboyedu/softwares/redis/conf/redis.conf
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 -h 172.200.1.201 -p 6379
172.200.1.201:6379>
172.200.1.201:6379> CONFIG GET maxmemory # 发现配置还是使用配置文件的信息,上面的修改只是在内存中发生的。
1) "maxmemory"
2) "0"
172.200.1.201:6379>
温馨提示:
使用"CONFIG SET"命令可以临时修改Redis的配置,但此次修改的配置并不会被写入到配置文件,因此我们说这样修改为临时修改,下次重启后是不生效的。
临时设置参数并保存
(1)查看Redis的配置文件
[root@redis201.oldboyedu.com ~]# cat /oldboyedu/softwares/redis/conf/redis.conf
daemonize yes
port 6379
logfile /oldboyedu/logs/redis/redis.log
dir /oldboyedu/data/redis
dbfilename mydump.rdb
bind 172.200.1.201 127.0.0.1
requirepass oldboyedu2021
[root@redis201.oldboyedu.com ~]#
(2)临时设置参数并保存
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 -h 172.200.1.201 -p 6379
172.200.1.201:6379> CONFIG GET maxmemory
1) "maxmemory"
2) "0"
172.200.1.201:6379>
172.200.1.201:6379> CONFIG SET maxmemory 28000M
OK
172.200.1.201:6379>
172.200.1.201:6379> CONFIG GET maxmemory
1) "maxmemory"
2) "28000000000"
172.200.1.201:6379>
172.200.1.201:6379> CONFIG REWRITE
OK
172.200.1.201:6379>
172.200.1.201:6379> QUIT
[root@redis201.oldboyedu.com ~]#
(3)再次查看配置文件,不难发现在配置文件末尾多了2行配置!
[root@redis201.oldboyedu.com ~]# cat /oldboyedu/softwares/redis/conf/redis.conf
daemonize yes
port 6379
logfile "/oldboyedu/logs/redis/redis.log"
dir "/oldboyedu/data/redis"
dbfilename "mydump.rdb"
bind 172.200.1.201 127.0.0.1
requirepass "oldboyedu2021"
# Generated by CONFIG REWRITE
maxmemory 27343750kb
[root@redis201.oldboyedu.com ~]#
(4)重启Redis服务,发现上一次修改生效了
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 shutdown
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-server /oldboyedu/softwares/redis/conf/redis.conf
[root@redis201.oldboyedu.com ~]#
[root@redis201.oldboyedu.com ~]# redis-cli -a oldboyedu2021 -h 172.200.1.201 -p 6379
172.200.1.201:6379>
172.200.1.201:6379> CONFIG GET maxmemory
1) "maxmemory"
2) "28000000000"
172.200.1.201:6379>
七.补充内容
(1)修改内核参数
vim /etc/sysctl.d/redis.conf
# 内存分配策略,可选值:0、1、2。
# 0:
# 表示内核将检查是否有足够的可用内存供应用进程使用.
# 如果有足够的可用内存,内存申请允许;否则,内存申请失败,并把错误返回给应用进程.
# 1:
# 表示内核允许分配所有的物理内存,而不管当前的内存状态如何.
# 2:
# 表示内核允许分配超过所有物理内存和交换空间总和的内存.
vm.overcommit_memory = 1
# 处理的消息队列大小
net.core.somaxconn = 65535
(2)在不重启服务器的情况,使上面的内核参数配置生效
sysctl -p /etc/sysctl.d/redis.conf
(3)查看某个内核参数可以使用
sysctl -q net.core.somaxconn