Redis is highly configurable and exposes all the configuration parameters through a file that should be passed as a parameter to the server executable. In our previous recipe, we used the configuration file placed at the path /etc/redis/6379.conf. The configuration options available in Redis are extensive. Let us take a look at what the options are to use these files and how to tune the server for maximum performance. Data persistence in Redis and various other options of persistence are explained in the next recipe in detail. In this section, let us see how to configure the network and security in Redis.
To start configuring, open the file in the path /etc/redis/6379.conf in your favourite editor, be it VIM, Emacs, GEdit, or Nano. After changing and saving any configuration, Redis needs to be restarted for the changes to take effect.
The first and foremost configuration is to daemonize the server. Look for
daemonize noand change it todaemonize yes. By default, Redis listens to all network interfaces. If you want to connect to Redis only from a local system and do not want to connect from other computers in the network, you can uncomment the following line:bind 127.0.0.1The next important configuration that you may want in the production environment is
timeout. This configuration defines the time after which the idle connection with a client will be closed.timeout 20Redis logs provide important information about the server operations. Set the
loglevelattribute tonoticein the production environment to prevent the bloating of the logfile.loglevel noticeBy default,
logis piped to the standard output. As we have daemonized the process, the logs will vanish into the black hole (/dev/null). In order to store the logfile, replacelogfile stdoutwithlogfile /var/log/redis.log.If you do not want another log file, you can manage the logs using the system logger by setting the value of
syslog-enabledtoyes.Another important configuration is
databases. This parameter defines how many databases are allowed in the current instance of Redis. The default value is16. If you want to have more databases, change the number appropriately. The database ID is zero-based. In the case of 16 databases, the database ID starts from0and ranges up to15.databases 16Slow log is a feature that logs the queries or operations that take more than the configured execution time. Slow Logs help in debugging the queries that cause performance issues.
slowlog-log-slower-than 10000The Slow log feature consumes memory. When the newest slow query is logged, the oldest one is removed if the maximum length of the Slow log is reached.
slowlog-max-len 128
By default, Redis starts as a foreground process and stuffs the terminal window with the server output. So it is important to run Redis as a background process. The timeout parameter helps the server by terminating idle connections when clients make connections and forgot to close them. Set this to some reasonable time period (in seconds) based on the operations you might perform with the server. Set this to 0 to disable the timeout. The configuration parameters in this file control Redis and its behaviour.
By default, Redis uses port 6379 for listening to clients. If you want to change the port number, you can change the port to an appropriate value. For the context of this book, default port 6379 is assumed.
Security comes into picture only when Redis is connected to the systems through the network. When you want the clients to connect to Redis from external systems, you need to take extra measures to make sure your data is safe and cannot be exploited. If there is no authentication to the Redis instance, it is very easy to clear the entire data using a single command. In order to prevent this, Redis provides an authentication mechanism using a password.
Uncomment the line that starts with requirepass and replace the word next to it with a strong password. As mentioned in the configuration file, it is very easy to break a simple password using brute force due to the sheer speed of Redis.
requirepass reD1$$er\/erR0ck$
Another security feature provided by Redis is command renaming. For an authenticated client, it is easy to change the configuration of the server using the CONFIG command. To prevent any misuse of commands and to restrict clients from using certain commands, you can use the command-renaming option.
For instance, if you see the command in the configuration file, then the CONFIG command can be renamed to some random sequence—preventing any clients, except internal tools, from using the command.
rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
You can also kill any command completely by just renaming the command to an empty string.
One of the limits you might want to set is maxclients, which controls how many clients can connect to the server simultaneously. After reaching the maximum connections, the new connections will be ignored. So, set this with caution after considering your use case. This parameter, along with timeout, can be used to limit and control the client's connection to the server.
maxclients 100
Redis encodes the data types into more efficient data structures to optimize the memory space when the size of data in the memory is less than the configured limit. Data types like hashes, lists, sets made of integers, and sorted sets with size less than the configured element size are encoded in an efficient way that uses up to 10 times lesser memory. This is completely transparent to the clients that are performing the operations and can be controlled using the configuration parameters. Redis performs the operation of converting these special encoded types to normal data structures as soon as the data size exceeds the configured value, in a completely transparent manner.
Let us leave the configuration to default. We will discuss how these work and what the significance of these numbers is, in the Optimizing memory recipe.