Mastering Redis Configuration: Essential Settings for Performance & Security

General Settings

#daemonize no  By default, Redis does not run as a daemon; set to yes to run in background

daemonize yes

# When Redis runs as a daemon, it stores the PID file at /var/run/redis.pid by default; you can change this path

# When running multiple Redis instances, specify different PID files and ports

pidfile /var/run/redis_6379.pid

# Set the listening port, default is 6379

port 6379

# In high‑concurrency environments, set a large TCP backlog to avoid slow‑client issues

tcp-backlog 511

# Bind Redis to specific IP addresses; if not set, it accepts connections from any address

# bind 192.168.1.100 10.0.0.1

# bind 127.0.0.1

# Set client connection timeout in seconds; 0 disables the timeout

timeout 0

# TCP keepalive interval (seconds) for ACK packets; 0 disables it

tcp-keepalive 0

# Log level; production environments usually use "notice"

# Redis supports four levels: debug, verbose, notice, warning (default is verbose)

# debug – logs a lot of information, useful for development and testing

# verbose – useful information, less noisy than debug

# notice – normal verbose, commonly used in production

# warning – only very important or severe messages are logged

loglevel notice

# Log file path; default is stdout (standard output), which goes to /dev/null when daemonized

logfile /var/log/redis/redis.log

# Number of databases; default is 16, database 0 is the default, range is 0‑(databases‑1)

databases 16

Persistence – Snapshots (RDB)

# Save data to disk using the format: save <seconds> <changes>

# Trigger a snapshot when the specified number of changes occur within the given time window

# Default configuration includes three conditions:

# save 900 1   – at least one key changed in 900 seconds

# save 300 10  – at least ten keys changed in 300 seconds

# save 60 10000 – at least 10,000 keys changed in 60 seconds

stop-writes-on-bgsave-error yes

# Compress RDB files (default yes)

rdbcompression yes

# Verify RDB checksum (default yes)

rdbchecksum yes

# RDB filename (default dump.rdb)

dbfilename dump.rdb

# Working directory for database files and AOF files

dir /var/lib/redis-server/

Replication

# Configure this instance as a replica of another Redis server

# slaveof <masterip> <masterport>

# If the master requires a password, set it with masterauth

masterauth <master-password>

# When a replica loses connection to its master, two behaviors are possible:

# 1) slave-serve-stale-data yes (default) – continue serving client requests

# 2) slave-serve-stale-data no – only INFO and SLAVEOF are allowed; other commands return "SYNC with master in progress"

slave-serve-stale-data yes

# Replicas are read‑only by default (since Redis 2.6)

slaveread-only yes

# Frequency of PINGs sent from replica to master (default 10 seconds)

repl-ping-slave-period 10

# Replication timeout (default 60 seconds); must be greater than repl-ping-slave-period

repl-timeout 60

# Disable TCP_NODELAY for replica sync (default no)

repl-disable-tcp-nodelay no

# Size of the replication backlog buffer (default 1mb)

repl-backlog-size 1mb

# Time to keep the backlog after the last replica disconnects (0 = never free)

repl-backlog-ttl 3600

# Replica priority for automatic failover (lower value = higher priority, 0 = never promoted)

slave-priority 100

# Minimum number of replicas required to allow writes (default 0 = disabled)

# Example: at least 3 replicas with lag <= 10 seconds

min-slaves-to-write 3

min-slaves-max-lag 10

Security

# Require a password for client connections

# Strong passwords are essential because Redis can process ~150K password attempts per second

requirepass foobared

# Rename dangerous commands (e.g., rename CONFIG to a random string)

# To disable a command, rename it to an empty string

# Example: rename CONFIG to a hash

rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52

# Disable CONFIG completely

rename-command CONFIG ""

Connection Limits & Memory Management

# Maximum number of client connections (0 = unlimited)

maxclients 10000

# Maximum memory usage; when reached, Redis evicts keys according to the selected policy

# If eviction is not possible, write commands return an error, but reads still work

# Memory policy options:

# volatile-lru – LRU eviction of keys with an expiration

# allkeys-lru – LRU eviction of any key

# volatile-random – random eviction of keys with an expiration

# allkeys-random – random eviction of any key

# volatile-ttl – evict keys with the shortest TTL

# noeviction – never evict, write commands fail

# Default policy is volatile-lru

maxmemory-policy volatile-lru

# Number of samples for LRU algorithm (default 3)

maxmemory-samples 3

Append‑Only File (AOF)

# AOF records every write operation to an appendonly.aof file for durability

# AOF can be large; BGREWRITEAOF rewrites it to a compact form

# You can enable both asynchronous snapshots and AOF

appendonly no

# AOF filename (default "appendonly.aof")

appendfilename appendonly.aof

# AOF fsync policies:

# no – never sync (fast)

# always – sync after every write (slow, safest)

# everysec – sync once per second (balanced)

# Default is everysec

appendfsync everysec

# Disable fsync during AOF rewrite to reduce I/O load

no-appendfsync-on-rewrite no

# Auto‑rewrite AOF when it grows:

# Percentage increase that triggers rewrite (0 disables)

auto-aof-rewrite-percentage 100

# Minimum size to consider for rewrite

auto-aof-rewrite-min-size 64mb

Lua Scripting

# Maximum execution time for a Lua script is 5000 ms (0 or negative means unlimited)

lua-time-limit 5000

Slow Log

# Records commands that exceed a specified execution time (in microseconds)

# Set threshold (e.g., 10000 µs = 10 ms)

slowlog-log-slower-than 10000

# Maximum number of entries kept in the slow log (default 128)

slowlog-max-len 128

Event Notifications

# Enable Pub/Sub notifications for keyspace and keyevent events

# Event type characters:

# K – Keyspace events (prefix: __keyspace@<db>__)

# E – Keyevent events (prefix: __keyevent@<db>__)

# g – Generic commands (DEL, EXPIRE, RENAME, …)

# $ – String commands

# s – Set commands

# h – Hash commands

# z – Sorted set commands

# x – Expired events

# e – Evicted events

# A – Alias for all above (AKE)

# Example: enable list and generic events

notify-keyspace-events Elg

Advanced Configuration

# Hashes: use zipmap encoding for small hashes (max 512 entries, max value size 64 bytes)

hash-max-zipmap-entries 512

hash-max-zipmap-value 64

# Lists: use ziplist encoding for small lists (max 512 entries, max value size 64 bytes)

list-max-ziplist-entries 512

list-max-ziplist-value 64

# Sets: use intset encoding for small integer sets (max 512 entries)

set-max-intset-entries 512

# Sorted sets: use ziplist encoding for small sorted sets (max 128 entries, max value size 64 bytes)

zset-max-ziplist-entries 128

zset-max-ziplist-value 64

# Active rehashing: Redis rehashes hash tables every 100 ms using 1 ms of CPU time; set to no for strict latency requirements

activerehashing yes

# Client output buffer limits for normal, replica, and pub/sub clients

client-output-buffer-limit normal 0 0 0

client-output-buffer-limit slave 256mb 64mb 60

client-output-buffer-limit pubsub 32mb 8mb 60

# Server frequency for background tasks (default 10 Hz). Higher values increase CPU usage but improve responsiveness.

hz 10

# Incremental fsync during AOF rewrite (default yes)

aof-rewrite-incremental-fsync yes