Docker 启动Redis 并设置密码的操作

redis使用 redis version 5的apline(阿尔卑斯)镜像,小巧快速

新建一个docker-compose.yml文件

直接启动,不需连接密码配置如下:

version: '3.3'

services:
 cache:
  image: redis:5-alpine
  restart: always
  ports:
   - "6379:6379"

端口映射为: 6379 (redis默认端口)

在docker-compose.yml文件的目录下运行下面指令,启动redis:

docker-compose up -d

tip: 如果设置主机上设置了docker服务的开机启动,那么机器重启后,redis也会自动启动。

如果需要设置链接密码:

version: '3.3'

services:
 cache:
  image: redis:5-alpine
  restart: always
  ports:
   - "6379:6379"
  command: ["redis-server", "--appendonly", "yes", "--requirepass","123456"]

–requirepass后面参数就是需要设置的链接密码

停止redis,在docker-compose.yml文件的目录下运行下面指令

docker-compose down

补充知识:在yum 安装(docker方式安装)的redis 配置认证密码 和 限定ip登录

一.redis配置密码

1.通过配置文件进行配置

yum方式安装的redis配置文件通常在/etc/redis.conf中,打开配置文件找到

#requirepass foobared

去掉行前的注释,并修改密码为所需的密码,保存文件

requirepass myredis

重启redis

sudo service redis restart

或者

sudo service redis stop

sudo redis-server /etc/redis.conf

这个时候尝试登录redis,发现可以登上,但是执行具体命令是提示操作不允许

redis-cli -h 127.0.0.1 -p 6379 
redis 127.0.0.1:6379> 
redis 127.0.0.1:6379> keys * 
(error) err operation not permitted 
redis 127.0.0.1:6379> select 1 
(error) err operation not permitted 
redis 127.0.0.1:6379[1]>  

尝试用密码登录并执行具体的命令看到可以成功执行

redis-cli -h 127.0.0.1 -p 6379 -a myredis

redis 127.0.0.1:6379> keys *

1) “myset”

2) “mysortset”

redis 127.0.0.1:6379> select 1 
ok 
redis 127.0.0.1:6379[1]> config get requirepass 

1) “requirepass”

2) “myredis”

2.通过命令行进行配置

redis 127.0.0.1:6379[1]> config set requirepass my_redis 
ok 
redis 127.0.0.1:6379[1]> config get requirepass 

1) “requirepass”

2) “my_redis”

无需重启redis

使用第一步中配置文件中配置的老密码登录redis,会发现原来的密码已不可用,操作被拒绝

redis-cli -h 127.0.0.1 -p 6379 -a myredis 
redis 127.0.0.1:6379> config get requirepass 
(error) err operation not permitted 

使用修改后的密码登录redis,可以执行相应操作

redis-cli -h 127.0.0.1 -p 6379 -a my_redis

redis 127.0.0.1:6379> config get requirepass

1) “requirepass”

2) “my_redis

尝试重启一下redis,用新配置的密码登录redis执行操作,发现新的密码失效,redis重新使用了配置文件中的密码

sudo service redis restart 
stopping redis-server:                   [ ok ] 
starting redis-server:                   [ ok ] 
redis-cli -h 127.0.0.1 -p 6379 -a my_redis 
redis 127.0.0.1:6379> config get requirepass 
(error) err operation not permitted 
redis-cli -h 127.0.0.1 -p 6379 -a myredis 
redis 127.0.0.1:6379> config get requirepass 

1) “requirepass”

2) “myredis”

除了在登录时通过 -a 参数制定密码外,还可以登录时不指定密码,而在执行操作前进行认证。

redis-cli -h 127.0.0.1 -p 6379 
redis 127.0.0.1:6379> config get requirepass 
(error) err operation not permitted 
redis 127.0.0.1:6379> auth myredis 
ok 
redis 127.0.0.1:6379> config get requirepass 

1) “requirepass”

2) “myredis”

3.master配置了密码,slave如何配置

若master配置了密码则slave也要配置相应的密码参数否则无法进行正常复制的。

slave中配置文件内找到如下行,移除注释,修改密码即可

#masterauth mstpassword

3.在docker中的redis 进行配置

a. 编写dockerfile文件

from redis
maintainer "roamer <roamerxv@gmail.com>"
#自定义的配置文件,以替换原有image中的配置文件
copy redis.conf /usr/local/etc/redis/redis.conf
cmd [ "redis-server", "/usr/local/etc/redis/redis.conf" ]
#run apt-get update && apt-get install vim -y

b.编写redis的配置文件

这个文件通过dockerfile进行build的时候,复制到redis container里面,并且通过启动redis-server的时候指定使用这个配置文件

# redis configuration file example.
#
# note that in order to read the configuration file, redis must be
# started with the file path as first argument:
#
# ./redis-server /path/to/redis.conf
# note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5gb 4m and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1gb 1gb 1gb are all the same.
################################## includes ###################################
# include one or more other config files here. this is useful if you
# have a standard template that goes to all redis servers but also need
# to customize a few per-server settings. include files can include
# other files, so use this wisely.
#
# notice option "include" won't be rewritten by command "config rewrite"
# from admin or redis sentinel. since redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# if instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
# include /path/to/local.conf
# include /path/to/other.conf
################################## network #####################################
# by default, if no "bind" configuration directive is specified, redis listens
# for connections from all the network interfaces available on the server.
# it is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more ip addresses.
#
# examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ warning ~~~ if the computer running redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. so by default we uncomment the
# following bind directive, that will force redis to listen only into
# the ipv4 lookback interface address (this means redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# if you are sure you want your instance to listen to all the interfaces
# just comment the following line.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# bind 127.0.0.1
# protected mode is a layer of security protection, in order to avoid that
# redis instances left open on the internet are accessed and exploited.
#
# when protected mode is on and if:
#
# 1) the server is not binding explicitly to a set of addresses using the
#  "bind" directive.
# 2) no password is configured.
#
# the server only accepts connections from clients connecting from the
# ipv4 and ipv6 loopback addresses 127.0.0.1 and ::1, and from unix domain
# sockets.
#
# by default protected mode is enabled. you should disable it only if
# you are sure you want clients from other hosts to connect to redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes
# accept connections on the specified port, default is 6379 (iana #815344).
# if port 0 is specified redis will not listen on a tcp socket.
port 6379
# tcp listen() backlog.
#
# in high requests-per-second environments you need an high backlog in order
# to avoid slow clients connections issues. note that the linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511
# unix socket.
#
# specify the path for the unix socket that will be used to listen for
# incoming connections. there is no default, so redis will not listen
# on a unix socket when not specified.
#
# unixsocket /tmp/redis.sock
# unixsocketperm 700
# close the connection after a client is idle for n seconds (0 to disable)
timeout 0
# tcp keepalive.
#
# if non-zero, use so_keepalive to send tcp acks to clients in absence
# of communication. this is useful for two reasons:
#
# 1) detect dead peers.
# 2) take the connection alive from the point of view of network
#  equipment in the middle.
#
# on linux, the specified value (in seconds) is the period used to send acks.
# note that to close the connection the double of the time is needed.
# on other kernels the period depends on the kernel configuration.
#
# a reasonable value for this option is 300 seconds, which is the new
# redis default starting with redis 3.2.1.
tcp-keepalive 300
################################# general #####################################
# by default redis does not run as a daemon. use 'yes' if you need it.
# note that redis will write a pid file in /var/run/redis.pid when daemonized.
daemonize no
# if you run redis from upstart or systemd, redis can interact with your
# supervision tree. options:
#  supervised no   - no supervision interaction
#  supervised upstart - signal upstart by putting redis into sigstop mode
#  supervised systemd - signal systemd by writing ready=1 to $notify_socket
#  supervised auto  - detect upstart or systemd method based on
#            upstart_job or notify_socket environment variables
# note: these supervision methods only signal "process is ready."
#    they do not enable continuous liveness pings back to your supervisor.
supervised no
# if a pid file is specified, redis writes it where specified at startup
# and removes it at exit.
#
# when the server runs non daemonized, no pid file is created if none is
# specified in the configuration. when the server is daemonized, the pid file
# is used even if not specified, defaulting to "/var/run/redis.pid".
#
# creating a pid file is best effort: if redis is not able to create it
# nothing bad happens, the server will start and run normally.
pidfile /var/run/redis_6379.pid
# specify the server verbosity level.
# this can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel notice
# specify the log file name. also the empty string can be used to force
# redis to log on the standard output. note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile ""
# to enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# syslog-enabled no
# specify the syslog identity.
# syslog-ident redis
# specify the syslog facility. must be user or between local0-local7.
# syslog-facility local0
# set the number of databases. the default database is db 0, you can select
# a different one on a per-connection basis using select <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 16
################################ snapshotting ################################
#
# save the db on disk:
#
#  save <seconds> <changes>
#
#  will save the db if both the given number of seconds and the given
#  number of write operations against the db occurred.
#
#  in the example below the behaviour will be to save:
#  after 900 sec (15 min) if at least 1 key changed
#  after 300 sec (5 min) if at least 10 keys changed
#  after 60 sec if at least 10000 keys changed
#
#  note: you can disable saving completely by commenting out all "save" lines.
#
#  it is also possible to remove all the previously configured save
#  points by adding a save directive with a single empty string argument
#  like in the following example:
#
#  save ""
save 900 1
save 300 10
save 60 10000
# by default redis will stop accepting writes if rdb snapshots are enabled
# (at least one save point) and the latest background save failed.
# this will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# if the background saving process will start working again redis will
# automatically allow writes again.
#
# however if you have setup your proper monitoring of the redis server
# and persistence, you may want to disable this feature so that redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
# compress string objects using lzf when dump .rdb databases?
# for default that's set to 'yes' as it's almost always a win.
# if you want to save some cpu in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
# since version 5 of rdb a crc64 checksum is placed at the end of the file.
# this makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading rdb files, so you can disable it
# for maximum performances.
#
# rdb files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
# the filename where to dump the db
dbfilename dump.rdb
# the working directory.
#
# the db will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# the append only file will also be created inside this directory.
#
# note that you must specify a directory here, not a file name.
dir ./
################################# replication #################################
# master-slave replication. use slaveof to make a redis instance a copy of
# another redis server. a few things to understand asap about redis replication.
#
# 1) redis replication is asynchronous, but you can configure a master to
#  stop accepting writes if it appears to be not connected with at least
#  a given number of slaves.
# 2) redis slaves are able to perform a partial resynchronization with the
#  master if the replication link is lost for a relatively small amount of
#  time. you may want to configure the replication backlog size (see the next
#  sections of this file) with a sensible value depending on your needs.
# 3) replication is automatic and does not need user intervention. after a
#  network partition slaves automatically try to reconnect to masters
#  and resynchronize with them.
#
# slaveof <masterip> <masterport>
# if the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the slave to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
# masterauth <master-password>
# when a slave loses its connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
#
# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
#  still reply to client requests, possibly with out of date data, or the
#  data set may just be empty if this is the first synchronization.
#
# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
#  an error "sync with master in progress" to all the kind of commands
#  but to info and slaveof.
#
slave-serve-stale-data yes
# you can configure a slave instance to accept writes or not. writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# since redis 2.6 by default slaves are read-only.
#
# note: read only slaves are not designed to be exposed to untrusted clients
# on the internet. it's just a protection layer against misuse of the instance.
# still a read only slave exports by default all the administrative commands
# such as config, debug, and so forth. to a limited extent you can improve
# security of read only slaves using 'rename-command' to shadow all the
# administrative / dangerous commands.
slave-read-only yes
# replication sync strategy: disk or socket.
#
# -------------------------------------------------------
# warning: diskless replication is experimental currently
# -------------------------------------------------------
#
# new slaves and reconnecting slaves that are not able to continue the replication
# process just receiving differences, need to do what is called a "full
# synchronization". an rdb file is transmitted from the master to the slaves.
# the transmission can happen in two different ways:
#
# 1) disk-backed: the redis master creates a new process that writes the rdb
#         file on disk. later the file is transferred by the parent
#         process to the slaves incrementally.
# 2) diskless: the redis master creates a new process that directly writes the
#       rdb file to slave sockets, without touching the disk at all.
#
# with disk-backed replication, while the rdb file is generated, more slaves
# can be queued and served with the rdb file as soon as the current child producing
# the rdb file finishes its work. with diskless replication instead once
# the transfer starts, new slaves arriving will be queued and a new transfer
# will start when the current one terminates.
#
# when diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple slaves
# will arrive and the transfer can be parallelized.
#
# with slow disks and fast (large bandwidth) networks, diskless replication
# works better.
repl-diskless-sync no
# when diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the rdb via socket
# to the slaves.
#
# this is important since once the transfer starts, it is not possible to serve
# new slaves arriving, that will be queued for the next rdb transfer, so the server
# waits a delay in order to let more slaves arrive.
#
# the delay is specified in seconds, and by default is 5 seconds. to disable
# it entirely just set it to 0 seconds and the transfer will start asap.
repl-diskless-sync-delay 5
# slaves send pings to server in a predefined interval. it's possible to change
# this interval with the repl_ping_slave_period option. the default value is 10
# seconds.
#
# repl-ping-slave-period 10
# the following option sets the replication timeout for:
#
# 1) bulk transfer i/o during sync, from the point of view of slave.
# 2) master timeout from the point of view of slaves (data, pings).
# 3) slave timeout from the point of view of masters (replconf ack pings).
#
# it is important to make sure that this value is greater than the value
# specified for repl-ping-slave-period otherwise a timeout will be detected
# every time there is low traffic between the master and the slave.
#
# repl-timeout 60
# disable tcp_nodelay on the slave socket after sync?
#
# if you select "yes" redis will use a smaller number of tcp packets and
# less bandwidth to send data to slaves. but this can add a delay for
# the data to appear on the slave side, up to 40 milliseconds with
# linux kernels using a default configuration.
#
# if you select "no" the delay for data to appear on the slave side will
# be reduced but more bandwidth will be used for replication.
#
# by default we optimize for low latency, but in very high traffic conditions
# or when the master and slaves are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
# set the replication backlog size. the backlog is a buffer that accumulates
# slave data when slaves are disconnected for some time, so that when a slave
# wants to reconnect again, often a full resync is not needed, but a partial
# resync is enough, just passing the portion of data the slave missed while
# disconnected.
#
# the bigger the replication backlog, the longer the time the slave can be
# disconnected and later be able to perform a partial resynchronization.
#
# the backlog is only allocated once there is at least a slave connected.
#
# repl-backlog-size 1mb
# after a master has no longer connected slaves for some time, the backlog
# will be freed. the following option configures the amount of seconds that
# need to elapse, starting from the time the last slave disconnected, for
# the backlog buffer to be freed.
#
# a value of 0 means to never release the backlog.
#
# repl-backlog-ttl 3600
# the slave priority is an integer number published by redis in the info output.
# it is used by redis sentinel in order to select a slave to promote into a
# master if the master is no longer working correctly.
#
# a slave with a low priority number is considered better for promotion, so
# for instance if there are three slaves with priority 10, 100, 25 sentinel will
# pick the one with priority 10, that is the lowest.
#
# however a special priority of 0 marks the slave as not able to perform the
# role of master, so a slave with priority of 0 will never be selected by
# redis sentinel for promotion.
#
# by default the priority is 100.
slave-priority 100
# it is possible for a master to stop accepting writes if there are less than
# n slaves connected, having a lag less or equal than m seconds.
#
# the n slaves need to be in "online" state.
#
# the lag in seconds, that must be <= the specified value, is calculated from
# the last ping received from the slave, that is usually sent every second.
#
# this option does not guarantee that n replicas will accept the write, but
# will limit the window of exposure for lost writes in case not enough slaves
# are available, to the specified number of seconds.
#
# for example to require at least 3 slaves with a lag <= 10 seconds use:
#
# min-slaves-to-write 3
# min-slaves-max-lag 10
#
# setting one or the other to 0 disables the feature.
#
# by default min-slaves-to-write is set to 0 (feature disabled) and
# min-slaves-max-lag is set to 10.
################################## security ###################################
# require clients to issue auth <password> before processing any other
# commands. this might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# this should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# warning: since redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. this means that you should
# use a very strong password otherwise it will be very easy to break.
#
requirepass myredis
# command renaming.
#
# it is possible to change the name of dangerous commands in a shared
# environment. for instance the config command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# example:
#
# rename-command config b840fc02d524045429941cc15f59e41cb7be6c52
#
# it is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command config ""
#
# please note that changing the name of commands that are logged into the
# aof file or transmitted to slaves may cause problems.
################################### limits ####################################
# set the max number of connected clients at the same time. by default
# this limit is set to 10000 clients, however if the redis server is not
# able to configure the process file limit to allow for the specified limit
# the max number of allowed clients is set to the current file limit
# minus 32 (as redis reserves a few file descriptors for internal uses).
#
# once the limit is reached redis will close all the new connections sending
# an error 'max number of clients reached'.
#
# maxclients 10000
# don't use more memory than the specified amount of bytes.
# when the memory limit is reached redis will try to remove keys
# according to the eviction policy selected (see maxmemory-policy).
#
# if redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', redis will start to reply with errors to commands
# that would use more memory, like set, lpush, and so on, and will continue
# to reply to read-only commands like get.
#
# this option is usually useful when using redis as an lru cache, or to set
# a hard memory limit for an instance (using the 'noeviction' policy).
#
# warning: if you have slaves attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the slaves are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of slaves is full with dels of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# in short... if you have slaves attached it is suggested that you set a lower
# limit for maxmemory so that there is some free ram on the system for slave
# output buffers (but this is not needed if the policy is 'noeviction').
#
# maxmemory <bytes>
# maxmemory policy: how redis will select what to remove when maxmemory
# is reached. you can select among five behaviors:
#
# volatile-lru -> remove the key with an expire set using an lru algorithm
# allkeys-lru -> remove any key according to the lru algorithm
# volatile-random -> remove a random key with an expire set
# allkeys-random -> remove a random key, any key
# volatile-ttl -> remove the key with the nearest expire time (minor ttl)
# noeviction -> don't expire at all, just return an error on write operations
#
# note: with any of the above policies, redis will return an error on write
#    operations, when there are no suitable keys for eviction.
#
#    at the date of writing these commands are: set setnx setex append
#    incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
#    sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
#    zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
#    getset mset msetnx exec sort
#
# the default is:
#
# maxmemory-policy noeviction
# lru and minimal ttl algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can tune it for speed or
# accuracy. for default redis will check five keys and pick the one that was
# used less recently, you can change the sample size using the following
# configuration directive.
#
# the default of 5 produces good enough results. 10 approximates very closely
# true lru but costs a bit more cpu. 3 is very fast but not very accurate.
#
# maxmemory-samples 5
############################## append only mode ###############################
# by default redis asynchronously dumps the dataset on disk. this mode is
# good enough in many applications, but an issue with the redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# the append only file is an alternative persistence mode that provides
# much better durability. for instance using the default data fsync policy
# (see later in the config file) redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the redis process itself happens, but the operating system is
# still running correctly.
#
# aof and rdb persistence can be enabled at the same time without problems.
# if the aof is enabled on startup redis will load the aof, that is the file
# with the better durability guarantees.
#
# please check http://redis.io/topics/persistence for more information.
appendonly no
# the name of the append only file (default: "appendonly.aof")
appendfilename "appendonly.aof"
# the fsync() call tells the operating system to actually write data on disk
# instead of waiting for more data in the output buffer. some os will really flush
# data on disk, some other os will just try to do it asap.
#
# redis supports three different modes:
#
# no: don't fsync, just let the os flush the data when it wants. faster.
# always: fsync after every write to the append only log. slow, safest.
# everysec: fsync only one time every second. compromise.
#
# the default is "everysec", as that's usually the right compromise between
# speed and data safety. it's up to you to understand if you can relax this to
# "no" that will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# more details please check the following article:
# http://antirez.com/post/redis-persistence-demystified.html
#
# if unsure, use "everysec".
# appendfsync always
appendfsync everysec
# appendfsync no
# when the aof fsync policy is set to always or everysec, and a background
# saving process (a background save or aof log background rewriting) is
# performing a lot of i/o against the disk, in some linux configurations
# redis may block too long on the fsync() call. note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# in order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# bgsave or bgrewriteaof is in progress.
#
# this means that while another child is saving, the durability of redis is
# the same as "appendfsync none". in practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default linux settings).
#
# if you have latency problems turn this to "yes". otherwise leave it as
# "no" that is the safest pick from the point of view of durability.
no-appendfsync-on-rewrite no
# automatic rewrite of the append only file.
# redis is able to automatically rewrite the log file implicitly calling
# bgrewriteaof when the aof log size grows by the specified percentage.
#
# this is how it works: redis remembers the size of the aof file after the
# latest rewrite (if no rewrite has happened since the restart, the size of
# the aof at startup is used).
#
# this base size is compared to the current size. if the current size is
# bigger than the specified percentage, the rewrite is triggered. also
# you need to specify a minimal size for the aof file to be rewritten, this
# is useful to avoid rewriting the aof file even if the percentage increase
# is reached but it is still pretty small.
#
# specify a percentage of zero in order to disable the automatic aof
# rewrite feature.
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
# an aof file may be found to be truncated at the end during the redis
# startup process, when the aof data gets loaded back into memory.
# this may happen when the system where redis is running
# crashes, especially when an ext4 filesystem is mounted without the
# data=ordered option (however this can't happen when redis itself
# crashes or aborts but the operating system still works correctly).
#
# redis can either exit with an error when this happens, or load as much
# data as possible (the default now) and start if the aof file is found
# to be truncated at the end. the following option controls this behavior.
#
# if aof-load-truncated is set to yes, a truncated aof file is loaded and
# the redis server starts emitting a log to inform the user of the event.
# otherwise if the option is set to no, the server aborts with an error
# and refuses to start. when the option is set to no, the user requires
# to fix the aof file using the "redis-check-aof" utility before to restart
# the server.
#
# note that if the aof file will be found to be corrupted in the middle
# the server will still exit with an error. this option only applies when
# redis will try to read more data from the aof file but not enough bytes
# will be found.
aof-load-truncated yes
################################ lua scripting ###############################
# max execution time of a lua script in milliseconds.
#
# if the maximum execution time is reached redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# when a long running script exceeds the maximum execution time only the
# script kill and shutdown nosave commands are available. the first can be
# used to stop a script that did not yet called write commands. the second
# is the only way to shut down the server in the case a write command was
# already issued by the script but the user doesn't want to wait for the natural
# termination of the script.
#
# set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit 5000
################################ redis cluster ###############################
#
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# warning experimental: redis cluster is considered to be stable code, however
# in order to mark it as "mature" we need to wait for a non trivial percentage
# of users to deploy it in production.
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
# normal redis instances can't be part of a redis cluster; only nodes that are
# started as cluster nodes can. in order to start a redis instance as a
# cluster node enable the cluster support uncommenting the following:
#
# cluster-enabled yes
# every cluster node has a cluster configuration file. this file is not
# intended to be edited by hand. it is created and updated by redis nodes.
# every redis cluster node requires a different cluster configuration file.
# make sure that instances running in the same system do not have
# overlapping cluster configuration file names.
#
# cluster-config-file nodes-6379.conf
# cluster node timeout is the amount of milliseconds a node must be unreachable
# for it to be considered in failure state.
# most other internal time limits are multiple of the node timeout.
#
# cluster-node-timeout 15000
# a slave of a failing master will avoid to start a failover if its data
# looks too old.
#
# there is no simple way for a slave to actually have a exact measure of
# its "data age", so the following two checks are performed:
#
# 1) if there are multiple slaves able to failover, they exchange messages
#  in order to try to give an advantage to the slave with the best
#  replication offset (more data from the master processed).
#  slaves will try to get their rank by offset, and apply to the start
#  of the failover a delay proportional to their rank.
#
# 2) every single slave computes the time of the last interaction with
#  its master. this can be the last ping or command received (if the master
#  is still in the "connected" state), or the time that elapsed since the
#  disconnection with the master (if the replication link is currently down).
#  if the last interaction is too old, the slave will not try to failover
#  at all.
#
# the point "2" can be tuned by user. specifically a slave will not perform
# the failover if, since the last interaction with the master, the time
# elapsed is greater than:
#
#  (node-timeout * slave-validity-factor) + repl-ping-slave-period
#
# so for example if node-timeout is 30 seconds, and the slave-validity-factor
# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the
# slave will not try to failover if it was not able to talk with the master
# for longer than 310 seconds.
#
# a large slave-validity-factor may allow slaves with too old data to failover
# a master, while a too small value may prevent the cluster from being able to
# elect a slave at all.
#
# for maximum availability, it is possible to set the slave-validity-factor
# to a value of 0, which means, that slaves will always try to failover the
# master regardless of the last time they interacted with the master.
# (however they'll always try to apply a delay proportional to their
# offset rank).
#
# zero is the only value able to guarantee that when all the partitions heal
# the cluster will always be able to continue.
#
# cluster-slave-validity-factor 10
# cluster slaves are able to migrate to orphaned masters, that are masters
# that are left without working slaves. this improves the cluster ability
# to resist to failures as otherwise an orphaned master can't be failed over
# in case of failure if it has no working slaves.
#
# slaves migrate to orphaned masters only if there are still at least a
# given number of other working slaves for their old master. this number
# is the "migration barrier". a migration barrier of 1 means that a slave
# will migrate only if there is at least 1 other working slave for its master
# and so forth. it usually reflects the number of slaves you want for every
# master in your cluster.
#
# default is 1 (slaves migrate only if their masters remain with at least
# one slave). to disable migration just set it to a very large value.
# a value of 0 can be set but is useful only for debugging and dangerous
# in production.
#
# cluster-migration-barrier 1
# by default redis cluster nodes stop accepting queries if they detect there
# is at least an hash slot uncovered (no available node is serving it).
# this way if the cluster is partially down (for example a range of hash slots
# are no longer covered) all the cluster becomes, eventually, unavailable.
# it automatically returns available as soon as all the slots are covered again.
#
# however sometimes you want the subset of the cluster which is working,
# to continue to accept queries for the part of the key space that is still
# covered. in order to do so, just set the cluster-require-full-coverage
# option to no.
#
# cluster-require-full-coverage yes
# in order to setup your cluster make sure to read the documentation
# available at http://redis.io web site.
################################## slow log ###################################
# the redis slow log is a system to log queries that exceeded a specified
# execution time. the execution time does not include the i/o operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# you can configure the slow log with two parameters: one tells redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. when a new command is logged the oldest one is removed from the
# queue of logged commands.
# the following time is expressed in microseconds, so 1000000 is equivalent
# to one second. note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000
# there is no limit to this length. just be aware that it will consume memory.
# you can reclaim memory used by the slow log with slowlog reset.
slowlog-max-len 128
################################ latency monitor ##############################
# the redis latency monitoring subsystem samples different operations
# at runtime in order to collect data related to possible sources of
# latency of a redis instance.
#
# via the latency command this information is available to the user that can
# print graphs and obtain reports.
#
# the system only logs operations that were performed in a time equal or
# greater than the amount of milliseconds specified via the
# latency-monitor-threshold configuration directive. when its value is set
# to zero, the latency monitor is turned off.
#
# by default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. latency
# monitoring can easily be enabled at runtime using the command
# "config set latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0
############################# event notification ##############################
# redis can notify pub/sub clients about events happening in the key space.
# this feature is documented at http://redis.io/topics/notifications
#
# for instance if keyspace events notification is enabled, and a client
# performs a del operation on key "foo" stored in the database 0, two
# messages will be published via pub/sub:
#
# publish __keyspace@0__:foo del
# publish __keyevent@0__:del foo
#
# it is possible to select the events that redis will notify among a set
# of classes. every class is identified by a single character:
#
# k   keyspace events, published with __keyspace@<db>__ prefix.
# e   keyevent events, published with __keyevent@<db>__ prefix.
# g   generic commands (non-type specific) like del, expire, rename, ...
# $   string commands
# l   list commands
# s   set commands
# h   hash commands
# z   sorted set commands
# x   expired events (events generated every time a key expires)
# e   evicted events (events generated when a key is evicted for maxmemory)
# a   alias for g$lshzxe, so that the "ake" string means all the events.
#
# the "notify-keyspace-events" takes as argument a string that is composed
# of zero or multiple characters. the empty string means that notifications
# are disabled.
#
# example: to enable list and generic events, from the point of view of the
#      event name, use:
#
# notify-keyspace-events elg
#
# example 2: to get the stream of the expired keys subscribing to channel
#       name __keyevent@0__:expired use:
#
# notify-keyspace-events ex
#
# by default all notifications are disabled because most users don't need
# this feature and the feature has some overhead. note that if you don't
# specify at least one of k or e, no events will be delivered.
notify-keyspace-events ""
############################### advanced config ###############################
# hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. these thresholds can be configured using the following directives.
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
# lists are also encoded in a special way to save a lot of space.
# the number of entries allowed per internal list node can be specified
# as a fixed maximum size or a maximum number of elements.
# for a fixed maximum size, use -5 through -1, meaning:
# -5: max size: 64 kb <-- not recommended for normal workloads
# -4: max size: 32 kb <-- not recommended
# -3: max size: 16 kb <-- probably not recommended
# -2: max size: 8 kb  <-- good
# -1: max size: 4 kb  <-- good
# positive numbers mean store up to _exactly_ that number of elements
# per list node.
# the highest performing option is usually -2 (8 kb size) or -1 (4 kb size),
# but if your use case is unique, adjust the settings as necessary.
list-max-ziplist-size -2
# lists may also be compressed.
# compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* from compression. the head and tail of the list
# are always uncompressed for fast push/pop operations. settings are:
# 0: disable all list compression
# 1: depth 1 means "don't start compressing until after 1 node into the list,
#  going from either the head or tail"
#  so: [head]->node->node->...->node->[tail]
#  [head], [tail] will always be uncompressed; inner nodes will compress.
# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
#  2 here means: don't compress head or head->next or tail->prev or tail,
#  but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.
list-compress-depth 0
# sets have a special encoding in just one case: when a set is composed
# of just strings that happen to be integers in radix 10 in the range
# of 64 bit signed integers.
# the following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512
# similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. this encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
# hyperloglog sparse representation bytes limit. the limit includes the
# 16 bytes header. when an hyperloglog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# a value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# the suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much pfadd,
# which is o(n) with the sparse encoding. the value can be raised to
# ~ 10000 when cpu is not a concern, but space is, and the data set is
# composed of many hyperloglogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000
# active rehashing uses 1 millisecond every 100 milliseconds of cpu time in
# order to help rehashing the main redis hash table (the one mapping top-level
# keys to values). the hash table implementation redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# the default is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries, freeing memory when possible.
#
# if unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that redis can reply from time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes
# the client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a pub/sub client can't consume messages as fast as the
# publisher can produce them).
#
# the limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including monitor clients
# slave -> slave clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# the syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# a client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# so for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# by default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# instead there is a default limit for pubsub and slave clients, since
# subscribers and slaves receive data in a push fashion.
#
# both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeout, purging expired keys that are
# never requested, and so forth.
#
# not all tasks are performed with the same frequency, but redis checks for
# tasks to perform according to the specified "hz" value.
#
# by default "hz" is set to 10. raising the value will use more cpu when
# redis is idle, but at the same time will make redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# the range is between 1 and 500, however a value over 100 is usually not
# a good idea. most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10
# when a child rewrites the aof file, if the following option is enabled
# the file will be fsync-ed every 32 mb of data generated. this is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes

c. builder docker 的容器

docker build -t simba/redis .

d. 运行docker容器

docker run –name simba-redis -d -p 16379:6379 –restart=always simba/redis

e.配置只允许特定ip访问redis-server

在配置文件中查找

bind 127.0.0.1

部分进行设置

以上这篇docker 启动redis 并设置密码的操作就是www.887551.com分享给大家的全部内容了,希望能给大家一个参考,也希望大家多多支持www.887551.com。

(0)
上一篇 2022年3月21日
下一篇 2022年3月21日

相关推荐