meldestelle/config/backend/infrastructure/redis/redis.conf
2025-12-04 03:34:11 +01:00

150 lines
3.6 KiB
Plaintext

# Redis Production Configuration
# =============================================================================
# This configuration file contains production-ready settings for Redis
# with security, performance, and reliability optimizations.
# =============================================================================
# Network and Security
bind 0.0.0.0
protected-mode yes
port 6379
# Authentication (password will be set via command line)
# requirepass will be set via --requirepass flag in docker-compose
# General Settings
timeout 300
tcp-keepalive 300
tcp-backlog 511
# Memory Management
maxmemory 256mb
maxmemory-policy allkeys-lru
maxmemory-samples 5
# Persistence Settings
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /data
# Append Only File (AOF)
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
# Logging
loglevel notice
logfile ""
syslog-enabled no
# Database Settings
databases 16
# Slow Log
slowlog-log-slower-than 10000
slowlog-max-len 128
# Latency Monitoring
latency-monitor-threshold 100
# Client Settings
maxclients 10000
# Security Settings
rename-command FLUSHDB ""
rename-command FLUSHALL ""
# KEYS ist langsam, sperren ist okay (Admin tools funktionieren dann aber evtl. nicht mehr)
rename-command KEYS ""
rename-command CONFIG "CONFIG_b835c3f8a5d2e7f1"
rename-command SHUTDOWN "SHUTDOWN_a9b4c2d1e3f5g6h7"
rename-command DEBUG ""
# EVAL wird für Lua-Skripte benötigt (Locks, Rate Limiting etc.)
# rename-command EVAL ""
# DEL wird benötigt, damit die App Cache-Einträge invalidieren kann!
# rename-command DEL "DEL_prod_safe"
# TLS Configuration (uncomment and configure for TLS)
# port 0
# tls-port 6380
# tls-cert-file /tls/redis.crt
# tls-key-file /tls/redis.key
# tls-ca-cert-file /tls/ca.crt
# tls-dh-params-file /tls/redis.dh
# tls-protocols "TLSv1.2 TLSv1.3"
# tls-ciphers "ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:!aNULL:!MD5:!DSS"
# tls-ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
# tls-prefer-server-ciphers yes
# tls-session-caching no
# tls-session-cache-size 5000
# tls-session-cache-timeout 60
# Performance Tuning
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
# Active Rehashing
activerehashing yes
# Client Output Buffer Limits
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Client Query Buffer
client-query-buffer-limit 1gb
# Protocol Buffer
proto-max-bulk-len 512mb
# Replication (for Redis cluster/replica setup)
# replica-serve-stale-data yes
# replica-read-only yes
# repl-diskless-sync no
# repl-diskless-sync-delay 5
# repl-ping-replica-period 10
# repl-timeout 60
# repl-disable-tcp-nodelay no
# repl-backlog-size 1mb
# repl-backlog-ttl 3600
# Security: Disable potentially dangerous features
enable-protected-configs no
enable-debug-command no
enable-module-command no
# Notifications (disable for performance)
notify-keyspace-events ""
# Advanced Configuration
hz 10
dynamic-hz yes
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
# Jemalloc Configuration
jemalloc-bg-thread yes
# Threading (Redis 6.0+)
# io-threads 4
# io-threads-do-reads yes