Redis Security and persistence (for small white reading)

The use of Redis is becoming more and more important, and the following is only a point record of individual learning, for reference only. One, simple Redis security settings

1. Redis for production environments It is a good idea to set bind in the Redis configuration file. Configuration allows the specified IP to be logged into Redis.

// The following IP is for reference only and is specifically configured according to your personal production environment bind   127.0.  0.1

2. Set the password for Redis in redis.conf or on the command line (the recommended password is set to be as complex as possible)

// Add configuration requirepass   "your password"// or Execute command in redis.conf Set " Your password " // use redis-cli-a your password after restarting Redis should be able to successfully use password to login Redis

I. Redis persistence instructions

1. RDB mode persistence mode (save and Bgsave mode)

• Save saves a snapshot of the data in memory to disk in a synchronized manner. Because Redis is single-process. As a result, this approach blocks Redis client access to Redis.
• Bgsave mode, Redis will fork out a subprocess to process the snapshot save.
• The Rdb persistence method is to write the full memory data to a temporary RDB file on disk. Typically a Dump.rdb file (with binary data stored), use locate Dump.rdb to find the file you can use the following command to view the contents of the file. Or you can view the location where your Rdb file is saved through the dir xxxxx configuration in redis.conf.

• Localhost:redis Miaoshiqian [Master] $ od-C Dump.rdb0000000R E D I S0   0   0   6 376\0\0 004m I a0000020o \a s h i q i a n377C355N Z the 2260000040  243a0000042

• Dump.rdb is a compressed binary file that occupies less space than the data occupies in memory.
• Below is a brief introduction to several configuration items with a large relationship to the RDB persistence mode:

• //dir Configuring the Rdb binary file to save the re-disk locationdir/usr/local/var/db/redis///dbfilename configuration saved file namedbfilename Dump.rdb//Rdbcompression Configure whether to use compression to save binary files by default Yesrdbcompress Yes//Save configuration (most important)Save the 1 //take a snapshot within 900 seconds if 1 keys are modifiedSave - Ten //take a snapshot within 300 seconds if 10 keys are modifiedSave - 10000 //take a snapshot within 60 seconds if 10,000 keys are modified

  Because Redis reads the RDB file on the disk at boot time to achieve data recovery. Thus achieving persistence, there are several drawbacks to asking a disk dump snapshot like an RDB from memory:

• If the most recent data is lost when the Redis exception is dead (all data modifications after the last save of the snapshot are lost and how much data is lost depends on the configuration of your save policy), so this is its biggest disadvantage, and when the volume of business is large, the lost data is many.
• Each time a snapshot dumps all of the data in memory to disk. is bound to cause a large amount of IO overhead on the disk. The larger the amount of data, the more obvious.

2. AOF Persistence mode

• In fact, the AOF way is that a xxx.aof file is saved so Redis executes the write command. As a result, data persistence can be achieved at redis startup by simply executing all of the written commands saved in the file in sequence.
• AOF implementation is divided into "command append", "File Write", "File synchronization" three steps.
• Command append: Redis executes a write command and writes the end of a piece of aof_buf buffer that Redis has opened in memory in the protocol format.
• Command Write and Synchronize: Call the Flushappendonlyfile function before the server ends an event loop, and consider whether to save the contents of the Aof_buf in the AoF file. The behavior of this function is determined by the configuration items of the Appendfsync in redis.conf.
• The value of the Appendfsync configuration item is described below:

• // writes and synchronizes all content in the Aof_buf to AoF appendfsync  always// writes all content in the Aof_buf to the AoF file, and whether synchronization depends on whether the last synchronization to the current time exceeds 1s. Synchronization is exceeded. And synchronization is done by a dedicated thread.  appendfsync  everysec// tells the contents of all aof_buf buffers to write to the aof file. However, the synchronization operation is not performed. Appendfsync  No

  AOF persistence-related Redis configuration items in addition to the above Appendfsync are the following:

• //decide whether to turn on aof persistence. The default is No. Redis uses an RDB to persist by default. appendonly No//As with the dir configuration of the Rdb species, it determines where the aof files are stored. dir/usr/local/opt/redis///filename of the aofappendfilename appendonly.aof//The size of the aof file is rewritten when it exceeds the size of the AoF file when it was last rewritten. Auto-aof-rewrite-percentage -//overriding when the AoF file is at least as largeauto-aof-rewrite-min-size 64MB//A simple explanation of the rewriting concept is as follows://because the aof file holds various write commands, it can cause the file to expand rapidly. In fact, a lot of writing commands can be organized into a few write commands and achieve the same effect. Rewriting is simply about sorting through lengthy writing commands. Auto-aof-rewrite-min-size limit size means that aof files that are smaller than this configuration are not required to be collated. 

  The above is only for the individual summary ~, you can selectively absorb.

Redis Security and persistence (for small white reading)