以下为博主使用redis时,抽空做的配置文件翻译,水平有限,可能存在错误理解。发现了请通知博主修改,毕竟知识这东西不能糊涂,没人看还好,就怕误导新人。
# Redis configuration file example.
#
# Note that in order to read the configuration file, Redis must be
# started with the file path as first argument:
# 以指定配置文件启动
# ./redis-server /path/to/redis.conf
# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
# 以支持单位指定内存大小
# units are case insensitive so 1GB 1Gb 1gB are all the same.
################################## INCLUDES ###################################
# Include one or more other config files here. This is useful if you
# have a standard template that goes to all Redis servers but also need
# to customize a few per-server settings. Include files can include
# other files, so use this wisely.
#
# Note that option "include" won't be rewritten by command "CONFIG REWRITE"
# from admin or Redis Sentinel. Since Redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# If instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
# 设置启动指令前的配置文件、后加载的配置文件会覆盖先加载的配置文件配置
# include /path/to/local.conf
# include /path/to/other.conf
################################## MODULES #####################################
# Load modules at startup. If the server is not able to load modules
# it will abort. It is possible to use multiple loadmodule directives.
# 在启动时加载模块。如果服务器无法加载模块它将中止。可以使用多个loadmodule指令。
# loadmodule /path/to/my_module.so
# loadmodule /path/to/other_module.so
################################## NETWORK #####################################
# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all available network interfaces on the host machine.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only on the
# IPv4 loopback interface address (this means Redis will only be able to
# accept client connections from the same host that it is running on).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT OUT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 允许该ip端口连接到redis服务、可配置多个。bind 0.0.0.0设置允许通过所有IP地址连接。
# 一台服务器在不同的网段的ip地址是不同的,如果我们只设置了允许在A网段下的ip地址,那么在B网段
# 下的所有服务器即使拥有正确的账号密码也是无法连接redis服务的,生产环境必须设定死ip
bind 127.0.0.1
# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
# "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
#是否开启保护模式,默认开启。要是配置里没有指定bind和密码。开启该参数后,redis只会本地进行访问,拒绝外部访问
protected-mode yes
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
# 启动端口
port 6379
# TCP listen() backlog.
#
# In high requests-per-second environments you need a high backlog in order
# to avoid slow clients connection issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
# tcp积压工作数(默认511)、会被linux的内核/proc/sys/net/core/somaxconn参数
#(默认:128)强行限制(即该值不会大于somaxconn值)
tcp-backlog 128
# Unix socket.
#
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
# unix 套接字支持
# unixsocket /tmp/redis.sock
# unix 套接字权限
# unixsocketperm 700
# Close the connection after a client is idle for N seconds (0 to disable)
# 当连接空闲时间超过N秒后关闭连接(设置为0,标识服务端永不主动关闭客户端连接)
timeout 160
# TCP keepalive.
# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
# of communication. This is useful for two reasons:
# 如果设置非零,则使用SO_KEEPALIVE发送TCP ACKs(确认消息) 向掉线客户端沟通,这有两个好处
#
# 1) Detect dead peers.
# 及时发现宕机的客户端
# 2) Force network equipment in the middle to consider the connection to be
# alive.
# 确保连接设备存活,
#
# On Linux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection the double of the time is needed.
# 在linux设备上,该配置周期单位为秒,需要注意的是关闭一个连接需要两个周期。)
# On other kernels the period depends on the kernel configuration.
#
# A reasonable value for this option is 300 seconds, which is the new
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
################################# TLS/SSL #####################################
# By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
# directive can be used to define TLS-listening ports. To enable TLS on the
# default port, use:
# 默认情况下,TLS/SSL 是关闭的。如果开启,则tls-port配置的端口会用作TLS默认端口(意思应该是配
# 置了tls-port的端口,同时就打开了TLS/SSL服务)
# port 0
# tls-port 6379
# Configure a X.509 certificate and private key to use for authenticating the
# server to connected clients, masters or cluster peers. These files should be
# PEM formatted.
# 使用一个 X.509 证书与密钥来实现客户端连接主节点或者集群的认证过程。这些文件应该是PEM格式
#
# tls-cert-file redis.crt
# 证书
# tls-key-file redis.key
# 密钥
# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange:
# 配置DHfile文件来启动DH密钥交换
#
# tls-dh-params-file redis.dh
# Configure a CA certificate(s) bundle or directory to authenticate TLS/SSL
# clients and peers. Redis requires an explicit configuration of at least one
# of these, and will not implicitly use the system wide configuration.
# 配置一个CA文件或者包含CA文件的文件夹来认证客户端的TLS/SSL连接。这两项配置
# 你至少需要配置一个,因为redis没有为这个做系统默认配置
#
# tls-ca-cert-file ca.crt
# CA文件
# tls-ca-cert-dir /etc/ssl/certs
# CA文件夹地址
# By default, clients (including replica servers) on a TLS port are required
# to authenticate using valid client side certificates.
# 默认情况下,客户端(包含从节点)使用TLS的时候必须进行证书认证
#
# If "no" is specified, client certificates are not required and not accepted.
# 如果配置为no,则客户端证书不是必要的
# If "optional" is specified, client certificates are accepted and must be
# valid if provided, but are not required.
# 如果配置为 optional 则客户端证书有则必须校验通过,或者没有。
#
# tls-auth-clients no
# tls-auth-clients optional
# By default, a Redis replica does not attempt to establish a TLS connection
# with its master.
# 默认情况下,从节点不会以TLS的方式连接主节点
#
# Use the following directive to enable TLS on replication links.
# 从节点同步数据使用TLS
#
# tls-replication yes
# By default, the Redis Cluster bus uses a plain TCP connection. To enable
# TLS for the bus protocol, use the following directive:
# 默认情况下,redis集群使用TCP连接,要启用TLS连接的话,配置为yes
#
# tls-cluster yes
# Explicitly specify TLS versions to support. Allowed values are case insensitive
# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or
# any combination. To enable only TLSv1.2 and TLSv1.3, use:
# 明确指定TLS版本,可以同时指定多个版本(版本大于1.1.1)
#
# tls-protocols "TLSv1.2 TLSv1.3"
# Configure allowed ciphers. See the ciphers(1ssl) manpage for more information
# about the syntax of this string.
# 配置允许访问的密钥,关于更多的密钥信息请参考 ciphers(1ssl) 手册
#
# Note: this configuration applies only to <= TLSv1.2.
#
# tls-ciphers DEFAULT:!MEDIUM
# Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more
# information about the syntax of this string, and specifically for TLSv1.3
# ciphersuites.
#
# tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
# When choosing a cipher, use the server's preference instead of the client
# preference. By default, the server follows the client's preference.
#
# tls-prefer-server-ciphers yes
# By default, TLS session caching is enabled to allow faster and less expensive
# reconnections by clients that support it. Use the following directive to disable
# caching.
#
# tls-session-caching no
# Change the default number of TLS sessions cached. A zero value sets the cache
# to unlimited size. The default size is 20480.
#
# tls-session-cache-size 5000
# Change the default timeout of cached TLS sessions. The default timeout is 300
# seconds.
#
# tls-session-cache-timeout 60
################################# GENERAL #####################################
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
# 是否后台运行
daemonize no
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# requires "expect stop" in your upstart job config
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
# They do not enable continuous pings back to your supervisor.
supervised no
# If a pid file is specified, Redis writes it where specified at startup
# and removes it at exit.
#
# When the server runs non daemonized, no pid file is created if none is
# specified in the configuration. When the server is daemonized, the pid file
# is used even if not specified, defaulting to "/var/run/redis.pid".
#
# Creating a pid file is best effort: if Redis is not able to create it
# nothing bad happens, the server will start and run normally.
# pid文件,redis启动创建,关闭删除。指定不指定无所谓,不指定的话依然能够正常运行(因为会创建默认文件)/var/run/redis.pid
# pidfile /var/run/redis_6379.pid
# Specify the server verbosity level.
# 指定服务器日志级别
# This can be one of:
# debug (a lot of information, useful for development/testing) 调试,大量的信息,开发、测试阶段很有用。开发要看所有东西。基本就是这个了
# verbose (many rarely useful info, but not a mess like the debug level) 冗余,包含许多详细信息,但是没有调试那么乱,也能用
# notice (moderately verbose, what you want in production probably) 公告,很多信息,基本就是你的生产所需要的配置。官方建议生产用
# warning (only very important / critical messages are logged) 警告,只有非常重要、关键的信息被记录
loglevel debug
# Specify the log file name. Also the empty string can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
# 指定日志文件、默认是 /dev/null
logfile ""
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# 系统日志是否启动,就是redis核心进程日志
# syslog-enabled no
# Specify the syslog identity.
# 系统日志标识
# syslog-ident redis
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
# 记录日志的设备、必须在LOCAL0-LOCAL7之间
# syslog-facility local0
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT where
# dbid is a number between 0 and 'databases'-1
# 数据库数量,默认选择数据库0,可以用 select 0/dbid 选择数据库。dbid取值范围为 [0,database-1] 间取整数
databases 16
# By default Redis shows an ASCII art logo only when started to log to the
# standard output and if the standard output is a TTY. Basically this means
# that normally a logo is displayed only in interactive sessions.
#
# However it is possible to force the pre-4.0 behavior and always show a
# ASCII art logo in startup logs by setting the following option to yes.
# redis的log显示与否。这里没整明白说的是什么。唯一知道的就是不管你怎么设置,启动日志必定显示logo。
always-show-logo yes
################################ SNAPSHOTTING ################################
# 快照
# Save the DB on disk:
# 保存数据至磁盘
# save
#
# Will save the DB if both the given number of seconds and the given
# number of write operations against the DB occurred.
#
# In the example below the behavior will be to save:
# 以下配置是基于一个整体配置(3个小配置)来说明的没有照原文翻译,便于理解 在进行一次数据持久化后的第一个键产生开始
# after 900 sec (15 min) if at least 1 key changed 如果只有1-9个键产生,15分钟后进行一次数据持久化
# after 300 sec (5 min) if at least 10 keys changed 如果有10-50个键产生,5分钟后进行一次数据持久化
# after 60 sec if at least 10000 keys changed 如果有10000-(+inf)正无穷个键产生,60秒进行一次数据持久化。 每次数据持久化会刷新所有小配置的⏲计时
# 正常的关闭reids是会进行数据持久化操作的,所以严禁通过杀死进程的方式进行关闭操作
#
# Note: you can disable saving completely by commenting out all "save" lines.
# 你可以通过注释掉所有保存来使得redis不进行磁盘保存,不建议。这样的话redis一死数据完全丢失。一般还是需要维持数据持久化的
# It is also possible to remove all the previously configured save
# points by adding a save directive with a single empty string argument
# like in the following example:
# 可以通过手动使用指令的方式进行数据持久化操作,直接输入 save 。后面不用加东西,save "" 指令是错误的
# save ""
save 900 1
save 300 10
save 60 10000
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
# 当redis进行快照持久化的时候停止redis写操作,(这样会保证redis持久化出问题不会造成大量数据丢失,因为一旦出现问题,不会再产生新数据入库,一旦入库对于用户而言就是正常的服务。)
stop-writes-on-bgsave-error yes
# Compress string objects using LZF when dump .rdb databases?
# By default compression is enabled as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
# rdb持久化的时候启动压缩
rdbcompression yes
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
# 从版本5开始,每个rdb文件末尾会附加 CRC64校验和 在文件的末尾,这样容错性更高。但是每次保存和加
# 载RDB文件的时候会多消耗大约10%的性能。看你的需求进行设置。一般还是开启稳点
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
# 是否进行rdb文件校验,
rdbchecksum yes
# The filename where to dump the DB
# rdb文件
dbfilename dump.rdb
# Remove RDB files used by replication in instances without persistence
# enabled. By default this option is disabled, however there are environments
# where for regulations or other security concerns, RDB files persisted on
# disk by masters in order to feed replicas, or stored on disk by replicas
# in order to load them for the initial synchronization, should be deleted
# ASAP. Note that this option ONLY WORKS in instances that have both AOF
# and RDB persistence disabled, otherwise is completely ignored.
# 开启删除同步rdb文件,默认关闭。大致意思是采用磁盘文件缓冲数据同步时产生的RDB文件是否删除。一般
# 不建议删除。有些场景下,出于服务器安全的考虑需要删除。
#
# An alternative (and sometimes better) way to obtain the same effect is
# to use diskless replication on both master and replicas instances. However
# in the case of replicas, diskless is not always an option.
# 还有一种办法就是直接采用内存同步,不经过RDB文件中间缓冲数据。这样就不会产生RDB同步文件,那么这个配置也将失去意义
rdb-del-sync-files no
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
# 数据文件会以指定文件名保存在这个文件夹里面
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
# 工作空间文件夹,redis的AOF文件与RDB文件保存地址
dir /data/redis
################################# REPLICATION #################################
################################# 复制---主从 #################################
# Master-Replica replication. Use replicaof to make a Redis instance a copy of
# another Redis server. A few things to understand ASAP about Redis replication.
#
# +------------------+ +---------------+
# | Master | ---> | Replica |
# | (receive writes) | | (exact copy) |
# +------------------+ +---------------+
# 主体(主节点) -----> 副本(从节点)
#####以下说明,采用主节点、从节点说明##########################################
# 1) Redis replication is asynchronous, but you can configure a master to
# stop accepting writes if it appears to be not connected with at least
# a given number of replicas.
# 1) 主从复制是异步的。后面这个但是搞得我一脸懵逼
# 2) Redis replicas are able to perform a partial resynchronization with the
# master if the replication link is lost for a relatively small amount of
# time. You may want to configure the replication backlog size (see the next
# sections of this file) with a sensible value depending on your needs.
# 如果从节点丢失与主节点的连接还不长的话,依然能够执行部分同步。你可以根据自己的需求设置
# 复制积压值(超过就开始复制) 大小
# 3) Replication is automatic and does not need user intervention. After a
# network partition replicas automatically try to reconnect to masters
# and resynchronize with them.
# 复制是自动的,不需要用户再次手动的干预(就是内部代码写死的)
# 从什么ip:port下复制数据(就是设置主节点的ip端口)
# replicaof
# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the replica to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the replica request.
# 大致意思就是如果主节点需要密码校验,你个从节点就必须输入密码,不然主节点就不带你玩,就无法复制主节点数据
# #主节点认证密钥:
# masterauth
#
# However this is not enough if you are using Redis ACLs (for Redis version
# 6 or greater), and the default user is not capable of running the PSYNC
# command and/or other commands needed for replication. In this case it's
# better to configure a special user to use with replication, and specify the
# masteruser configuration as such:
# 如果使用的ACLs版本的redis(redis6以后的)。默认用户没有PSYNC权限,所以最好配置一个专门的用户用来做数据复制
# 拥有复制权限的用户
# masteruser
#
# When masteruser is specified, the replica will authenticate against its
# master using the new AUTH form: AUTH .
# 当配置了masteruser账户是,从节点将使用这个账号进行认证,(不明白这句话放在这里的意义是什么)
#
# When a replica loses its connection with the master, or when the replication
# is still in progress, the replica can act in two different ways:
# 当从节点失去与主节点的连接时,或者当从节点正在复制的时候。这个从节点有两种运行方案
#
# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
# 如果设置为yes、那么从节点会响应客户端请求。如果这是第一次同步数据,数据集可能为空
#
# 2) If replica-serve-stale-data is set to 'no' the replica will reply with
# an error "SYNC with master in progress" to all commands except:
# INFO, REPLICAOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
# UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
# HOST and LATENCY.
# 如果设置为no,那么从节点会回复"SYNC with master in progress",当除了《INFO, REPLICAOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
# UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
# HOST and LATENCY》指令外的所有指令,就是只能做配置,调试之类的操作,数据操作就别想了
#
replica-serve-stale-data yes
# You can configure a replica instance to accept writes or not. Writing against
# a replica instance may be useful to store some ephemeral data (because data
# written on a replica will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
# 大致意思是:你可以配置从节点是否只读,可以配置为写操作储存临时数据,但是如果客户端写入很容易导致数据紊乱造成错误
#
# Since Redis 2.6 by default replicas are read-only.
# 从redis 2.6版本开始从节点设置为只读
#
# Note: read only replicas are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only replica exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
# security of read only replicas using 'rename-command' to shadow all the
# administrative / dangerous commands.
# 大致意思是:从节点只读设置不是为了向未授权的客户端公开数据,主要是为了防止实例滥用的保护层
#(说读写分离主要是为了提高性能的打脸了,读写分离很重要。但官方可不是为了提高性能而设计的只读、主要是为了安全性)
# 由于默认情况下从节点依然可以使用部分配置、调试指令。故可以采用重命名指令名字的方式提高从节点的安全性
#
# 从节点配置只读
replica-read-only yes
# Replication SYNC strategy: disk or socket.
# 复制同步策略:磁盘或者套接字
#
# New replicas and reconnecting replicas that are not able to continue the
# replication process just receiving differences, need to do what is called a
# "full synchronization". An RDB file is transmitted from the master to the
# replicas.
# 如果是新连接的从节点,或者断线重连的从节点无法使用部分同步(因为存在严重数据丢失的风险)就会执行
# 全量同步,主节点会生产RDB文件
#
# The transmission can happen in two different ways:
# 主从复制有两种方式提供选择
# 1) Disk-backed: The Redis master creates a new process that writes the RDB
# 磁盘备份方式 file on disk. Later the file is transferred by the parent
# process to the replicas incrementally.
# 方案一:磁盘复制:主节点创建一个新进程在磁盘将数据写入RDB文件,再由主节点发送给从节点进行输入同步
# 2) Diskless: The Redis master creates a new process that directly writes the
# 无磁盘方式 RDB file to replica sockets, without touching the disk at all.
#
# 方案二:主节点直接将数据写进套接字发送给从节点进行数据同步
# With disk-backed replication, while the RDB file is generated, more replicas
# can be queued and served with the RDB file as soon as the current child
# producing the RDB file finishes its work. With diskless replication instead
# once the transfer starts, new replicas arriving will be queued and a new
# transfer will start when the current one terminates.
# 如果使用磁盘复制的话,主节点能够在一个RDB文件生产完毕后同时给多个子节点使用。
# 如果这个磁盘复制在无磁盘复制任务后创建,那么就会进入等待队列,等无磁盘复制完成后进行
#
# When diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple