Environment: Cent OS 7.0 Redis 3.2.1
Redis installation and start-up
Here I put Redis under/home/xuliugen/software/, so execute the following command in this directory:
$ wget http://download.redis.io/releases/redis-3.2.1.tar.gz$ tar xzf redis-3.2.1.tar.gz$ cd redis-3.2.1$ make
Now that Redis is installed, first try to get started:
Start command (executed under the/home/xuliugen/software/redis-3.2.1 directory):
[root@localhost redis-3.2.1]# ./src/redis-server ../redis.conf
As follows:
Frequently asked questions and how to solve
Depending on the warning message, the following is the specific workaround
1. The configuration file is not set when starting
This version of the time need to specify, if not specified, in the late modification of the configuration file will not play a corresponding effect
112922513:13:58.034filedefaultIntofileuse ./redis-server /path/to/redis.conf
This is said that when the start of the configuration file, if not specified will follow the default configuration, so we have to make a specific location, the specific command is:
[root@localhost src]# ./redis-server ../redis.conf
2, start the Times wrong and solution
1, WARNING Overcommit_memory isSet to 0! Background save may fail under low memory condition. To fix this issueAdd ' vm.overcommit_memory = 1 ' to/etc/sysctl.conf and ThenRebootorRun the command ' sysctl vm.overcommit_memory=1 ' for the effect.2, Warning:the TCP Backlog setting of 511Cannot be enforced because/proc/sys/net/core/somaxconn isSet to the Lower value of .
Solution in fact, according to the above instructions can be resolved
First warning two ways to solve (overcommit_memory)
"vm.overcommit_memory=1" > /etc/sysctl.conf 或 vi /etcsysctl.conf
Then reboot restarts the machine and executes the contents below after rebooting.
1/proc/sys/vm/overcommit_memory 不需要启机器就生效
A second warning resolves
511/proc/sys/net/core/somaxconn
In fact, when the error message has been given a solution, according to a given specific method to solve.
3, in the above 2 the solution of some parameter description
(1) overcommit_memory parameter description:
Set the memory allocation policy (optional, set according to the actual situation of the server)
/proc/sys/vm/overcommit_memory
Optional values: 0, 1, 2.
0, 表示内核将检查是否有足够的可用内存供应用进程使用;如果有足够的可用内存,内存申请允许;否则,内存申请失败,并把错误返回给应用进程。1, 表示内核允许分配所有的物理内存,而不管当前的内存状态如何。2, 表示内核允许分配超过所有物理内存和交换空间总和的内存
Note: Redis in the dump data, will fork out a sub-process, in theory the child process occupies the same memory and the parent is the same, such as the parent occupies 8G of memory, this time also to allocate 8G of memory to child, if the memory is not affordable, Will often cause the Redis server down or IO load is too high, inefficient. So the more optimized memory allocation policy here should be set to 1 (indicating that the kernel allows all physical memory to be allocated regardless of the current memory state).
(2) This involves Overcommit and oom.
What is Overcommit and Oom, in Unix, when a user process uses the malloc () function to request memory, if the return value is NULL, the process knows that there is currently no available memory space and will do the appropriate processing. Many processes print error messages and exit.
Linux uses a different approach, which responds "yes" to most requests for memory, so that it can run a larger number of programs. Memory is not used immediately after memory is applied. This technique is called overcommit.
When memory is low, OOM killer (oom=out-of-memory) occurs. It chooses to kill some processes (the user-state process, not the kernel thread) in order to free up memory.
(3) Strategy of Overcommit
There are three strategies for Linux under Overcommit (documentation/vm/overcommit-accounting):
- Heuristic strategy. Reasonable overcommit will be accepted and unreasonable overcommit will be rejected.
- Any overcommit will be accepted.
- Commit is rejected when the system allocates more memory than swap+n%* physical RAM (N% determined by Vm.overcommit_ratio).
The Overcommit policy is set through Vm.overcommit_memory.
The percentage of Overcommit is set by Vm.overcommit_ratio.
2/proc/sys/vm/overcommit80/proc/sys/vm/overcommit_ratio
When oom-killer occurs, the function that Linux chooses to kill which process selection process is the Oom_badness function (in mm/oom_kill.c), the function calculates the number of points (0~1000) per process. The higher the number of points, the more likely the process is to be killed. The number of points per process is related to Oom_score_adj, and Oom_score_adj can be set (-1000 min, 1000 max).
Set up a Redis extranet to access
It is noteworthy that a pattern has been introduced in the new version after 3.2.0 proteced mode
, see: Http://redis.io/topics/security
Without modifying any of the configuration files, there are several default configurations:
# By default, if no ' bind ' configuration directive is specified, Redis listens# for connections from the network interfaces available on the server.# It is possible to listen to just one or multiple selected interfaces using# The "bind" configuration directive, followed by one or more IP addresses.## Examples:## bind 192.168.1.100 10.0.0.1# bind 127.0.0.1:: 1## ~ ~ ~ WARNING ~ ~ ~ If the computer running Redis is directly exposed to the# Internet, binding to all the interfaces is dangerous and would expose the# instance to everybody on the internet. So by default we uncomment the# following BIND directive, that would force Redis-listen only into# The IPV4 Lookback interface address (this means Redis would be able to# Accept connections only from clients running to the same computer it# is running).## IF You is sure want YOUR INSTANCE to LISTEN to all the INTERFACES# JUST COMMENT the following line.# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Bind127.0. 0. 1# By default protected mode is enabled. Should disable it only if# You is sure want clients from the other hosts to connect to Redis# Even if no authentication is configured, nor a specific set of interfaces# is explicitly listed using the "bind" directive.protected-mode Yes# Require clients to issue AUTH <PASSWORD> before processing# commands. This might is useful in environments in which don't trust# Others with access to the host running Redis-server.## This should stay commented out for backward compatibility and because most# People do not need auth (e.g. they run their own servers).## warning:since Redis is pretty fast a outside user can try up to# 150k passwords per second against a good box. This means , you should# Use a very strong password otherwise it 'll be very easy to break.## Requirepass foobared
The simple thing is:
127.0.0.1protected-mode yes# requirepass foobared
The default binding is 127.0.01, which is enabled by default: Protected-mode mode, according to the official statement, if the default Protected-mode mode is turned on without configuring the binding IP and password, is only allowed to access the loopback address, only allow 127.0.0.1 access, then we Start with the default configuration and access it on other machines via the SSH tool to see how it works:
[root@localhost redis-3.2.1]# ./src/redis-server ../redis.conf
Obviously there is no way to access that the bound IP can be modified to native IP in the previous version of 3.2.0, for example, I am running Redis with a server IP of 192.168.1.149, that my configuration is, by the 0.0.0.0
way specify the password for Redis, # Requirepass Foobared this line to remove comments, choose your favorite password, restart the service to normal access.
DENIED Redis is running in protected mode because protected mode is enabled
(Error) DENIED Redis isRunninginch protectedmode becauseprotectedMode isEnabled, no bind address was specified, no authentication password isRequested toClients.inchThis mode connections is only accepted fromThe LookbackInterface.IfYou want toConnect from ExternalComputers toRedis Adopt One ofThe following solutions:1) Just DisableprotectedMode sending the command' CONFIG SET protected-mode no ' fromThe loopbackInterface byConnecting toRedis fromThe same host the server isRunning, however make sure Redis is notPublicly accessible fromInternetifYou DoSo. Use CONFIG REWRITE toMake this change permanent.2) Alternatively you can just disable theprotectedMode byEditing the Redis configuration file, andSetting theprotectedMode option to ' No ', and ThenRestarting the server.3)IfYou started the server manually just forTesting, restart it withThe--portected-mode no option.4) Setup a bind addressorAn authentication password. Note:you only need to DoOne ofThe above thingsinch Order forThe server toStart accepting connections fromThe outside.
Access to Redis via extranet may encounter this problem, Redis Protected-mode is a new feature added after 3.2, and in Redis.conf's comments we can learn about his specific role and enabling conditions:
# Protected mode is a layer of security protection with order to avoid that# Redis Instances left open on the Internet is accessed and exploited.## When Protected mode was on and if:## 1) The server is not binding explicitly to a set of addresses using the# "bind" directive.# 2) No password is configured.## The server is accepts connections from clients connecting from the# IPV4 and IPV6 loopback addresses 127.0.0.1 and:: 1, and from Unix domain# sockets.## By default protected mode is enabled. Should disable it only if# You is sure want clients from the other hosts to connect to Redis# Even if no authentication is configured, nor a specific set of interfaces# is explicitly listed using the "bind" directive.protected-mode Yes
You can see that Protected-mode is designed to prohibit public access to redis caches, and to enhance Redis security. It is enabled with two conditions:
1) No bind IP
2) No access password set
If enabled, the Redis cache is only accessible through the Lookback IP (127.0.0.1), and if accessed from the extranet, it returns the appropriate error message, which is the information in.
Therefore, in the new version, you should configure the binding IP and access password, so that will not report errors, in a Redis forum, the foreigner also explored this issue, you can refer to: https://www.reddit.com/r/redis/comments/3zv85m/ new_security_feature_redis_protected_mode/
Redis Common Commands
1, start Redis, specify the specific configuration file here
[root@localhost redis-3.2.1]# ./redis-server ../redis.conf
2. View Redis Services and processes
[root@localhost redis-3.2.1]# ps -ef | grep redis[root@localhost redis-3.2.1]# netstat -ano | grep 6379
3. Accessing the client CLI
[root@localhost redis-3.2.1]# ./src/redis-cli
If you set a password, specify the password with parameter-a
[root@localhost redis-3.2.1]# ./src/redis-cli -a yourpassword
Note: During the above operation, the firewall is always turned off, and the command to close is as follows:
7stop#停止#禁用7stop#停止off#禁用
If you just want to open a port, for example: 6379, you can search the specific configuration process, here no longer described.
Centos7.0 installing Redis 3.2.1 Detailed procedures and usage FAQs