# Redis Production Configuration # ============================================================================= # This configuration file contains production-ready settings for Redis # with security, performance, and reliability optimizations. # ============================================================================= # Network and Security bind 0.0.0.0 protected-mode yes port 6379 # Authentication (password will be set via command line) # requirepass will be set via --requirepass flag in docker-compose # General Settings timeout 300 tcp-keepalive 300 tcp-backlog 511 # Memory Management maxmemory 256mb maxmemory-policy allkeys-lru maxmemory-samples 5 # Persistence Settings save 900 1 save 300 10 save 60 10000 stop-writes-on-bgsave-error yes rdbcompression yes rdbchecksum yes dbfilename dump.rdb dir /data # Append Only File (AOF) appendonly yes appendfilename "appendonly.aof" appendfsync everysec no-appendfsync-on-rewrite no auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 64mb aof-load-truncated yes aof-use-rdb-preamble yes # Logging loglevel notice logfile "" syslog-enabled no # Database Settings databases 16 # Slow Log slowlog-log-slower-than 10000 slowlog-max-len 128 # Latency Monitoring latency-monitor-threshold 100 # Client Settings maxclients 10000 # Security Settings rename-command FLUSHDB "" rename-command FLUSHALL "" # KEYS ist langsam, sperren ist okay (Admin tools funktionieren dann aber evtl. nicht mehr) rename-command KEYS "" rename-command CONFIG "CONFIG_b835c3f8a5d2e7f1" rename-command SHUTDOWN "SHUTDOWN_a9b4c2d1e3f5g6h7" rename-command DEBUG "" # EVAL wird für Lua-Skripte benötigt (Locks, Rate Limiting etc.) # rename-command EVAL "" # DEL wird benötigt, damit die App Cache-Einträge invalidieren kann! # rename-command DEL "DEL_prod_safe" # TLS Configuration (uncomment and configure for TLS) # port 0 # tls-port 6380 # tls-cert-file /tls/redis.crt # tls-key-file /tls/redis.key # tls-ca-cert-file /tls/ca.crt # tls-dh-params-file /tls/redis.dh # tls-protocols "TLSv1.2 TLSv1.3" # tls-ciphers "ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:!aNULL:!MD5:!DSS" # tls-ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" # tls-prefer-server-ciphers yes # tls-session-caching no # tls-session-cache-size 5000 # tls-session-cache-timeout 60 # Performance Tuning hash-max-ziplist-entries 512 hash-max-ziplist-value 64 list-max-ziplist-size -2 list-compress-depth 0 set-max-intset-entries 512 zset-max-ziplist-entries 128 zset-max-ziplist-value 64 hll-sparse-max-bytes 3000 stream-node-max-bytes 4096 stream-node-max-entries 100 # Active Rehashing activerehashing yes # Client Output Buffer Limits client-output-buffer-limit normal 0 0 0 client-output-buffer-limit replica 256mb 64mb 60 client-output-buffer-limit pubsub 32mb 8mb 60 # Client Query Buffer client-query-buffer-limit 1gb # Protocol Buffer proto-max-bulk-len 512mb # Replication (for Redis cluster/replica setup) # replica-serve-stale-data yes # replica-read-only yes # repl-diskless-sync no # repl-diskless-sync-delay 5 # repl-ping-replica-period 10 # repl-timeout 60 # repl-disable-tcp-nodelay no # repl-backlog-size 1mb # repl-backlog-ttl 3600 # Security: Disable potentially dangerous features enable-protected-configs no enable-debug-command no enable-module-command no # Notifications (disable for performance) notify-keyspace-events "" # Advanced Configuration hz 10 dynamic-hz yes aof-rewrite-incremental-fsync yes rdb-save-incremental-fsync yes # Jemalloc Configuration jemalloc-bg-thread yes # Threading (Redis 6.0+) # io-threads 4 # io-threads-do-reads yes