安装 Redis 服务器
Redis 是当下最热门的键值对(Key-Value)存储数据库
bash
su - redis -s /bin/zsh
tar -xzf redis-8.6.0.tar.gz
cd ~/redis-8.6.0
make distclean
make USE_SYSTEMD=yes BUILD_TLS=yes -j4 > make.log
make test > makeTest.log
# 当出现高亮信息 `\o/ All tests passed without errors!` 证明测试通过
make install PREFIX=/server/redis提示
Redis 编译内置依赖库时会用到
C++,如果没有安装会导致各种出错低配虚拟机通常会因为 AOF 持久化的最大延迟(max_latency)> 40 发出异常报错
bash*** [err]: Active defrag - AOF loading in tests/unit/memefficiency.tcl Expected 46 <= 40 (context: type eval line 37 cmd {assert {$max_latency <= 40}} proc ::test)
编译选项
USE_SYSTEMD=yes启用 systemd 支持md- 编译选项:加入 `USE_SYSTEMD=yes` - systemd unit 配置: 1. `Type=notify` 2. 不需要跟踪 PID 文件 - 配置文件: ``` daemonize no supervised systemd ```md- 编译选项:加入 `USE_SYSTEMD=no` - systemd unit 配置: 1. `Type=forking` 2. 需要跟踪 PID 文件 - 配置文件: ``` daemonize yes supervised auto ```md如果编译时未加入 `USE_SYSTEMD` 选项,可能会自动检测(未测试): 1. 如果找到 systemd 开发库,自动启用支持; 2. 如果没找到,编译时不包含 systemd 代码。BUILD_TLS=yes启用 tls 支持
配置文件
redis 源码包中自带了参考配置文件,可以备份该参考配置,按需增减配置,最后清除不必要的注释行
bash
cp ~/redis-8.6.0/redis-full.conf /server/etc/redis/config/source-full.conf
cp ~/redis-8.6.0/redis.conf /server/etc/redis/config/source.confbash
cat > /server/etc/redis/config/redis.conf << EOF
# source config
include /server/etc/redis/config/source.conf
# custom config
include /server/etc/redis/config/custom/01-network.conf
include /server/etc/redis/config/custom/02-tls.conf
include /server/etc/redis/config/custom/03-general.conf
include /server/etc/redis/config/custom/04-rdb.conf
# include /server/etc/redis/config/custom/05-replication.conf
# include /server/etc/redis/config/custom/06-keys-tracking.conf
include /server/etc/redis/config/custom/07-acl.conf
# include /server/etc/redis/config/custom/08-client.conf
# include /server/etc/redis/config/custom/09-memory-management.conf
# include /server/etc/redis/config/custom/10-lazy-freeing.conf
# include /server/etc/redis/config/custom/11-io.conf
# include /server/etc/redis/config/custom/12-oom.conf
# include /server/etc/redis/config/custom/13-thp.conf
# include /server/etc/redis/config/custom/14-aof.conf
# include /server/etc/redis/config/custom/15-shutdown.conf
# include /server/etc/redis/config/custom/16-long-blocking.conf
# include /server/etc/redis/config/custom/17-long-cluster.conf
# include /server/etc/redis/config/custom/18-long-cluster-support.conf
# include /server/etc/redis/config/custom/19-slow-log.conf
# include /server/etc/redis/config/custom/20-latency.conf
# include /server/etc/redis/config/custom/21-event-notification.conf
# include /server/etc/redis/config/custom/22-advanced-config.conf
# include /server/etc/redis/config/custom/23-active-defragmentation.conf
EOF自定义配置
ini
# +----------------------------------------------------------------------
# | 网络 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 绑定服务要监听的网卡列表
bind 127.0.0.1 -::1 -192.168.66.254
# 保护模式
protected-mode yes
# tcp 监听端口
port 6379
# 已完成三次握手的连接队列最大数量,需跟内核的 net.core.somaxconn 同步
tcp-backlog 511
# Unix Socket 通常无须使用
# unixsocket /run/redis.sock
# unixsocketperm 700
# 客户端空闲超时时间(秒),0 表示不主动断开连接
timeout 0
# 默认每 300 秒发送 TCP ACK 保活包,检测死连接并维持网络设备中的连接状态
tcp-keepalive 300
# 无需理会,允许你为 Redis 服务器的监听套接字打上一个特定的标记(mark),主要用于实现复杂的网络路由和流量控制策略
# socket-mark-id 0ini
# +----------------------------------------------------------------------
# | TLS/SSL [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# TLS 监听端口,端口号必须跟 port 不一样
tls-port 16379
# 服务器证书
# X.509证书(PEM格式)
tls-cert-file /server/etc/redis/tls/server.crt
# 私钥文件(PEM格式)
tls-key-file /server/etc/redis/tls/server.key
# 私钥密码(如果有)
# tls-key-file-pass secret
# 客户端证书
# 主要用于传出的连接(作为客户端,例如复制或集群总线连接)
# X.509证书(PEM格式)
tls-client-cert-file /server/etc/redis/tls/client.crt
# 私钥文件(PEM格式)
tls-client-key-file /server/etc/redis/tls/client.key
# 私钥密码(如果有)
# tls-client-key-file-pass secret
# 密钥交换-DH 参数(OpenSSL 3.0+ 不再需要此配置)
# tls-dh-params-file redis.dh
# CA证书配置
# CA证书文件
tls-ca-cert-file /server/etc/redis/tls/ca.crt
# CA证书目录
# tls-ca-cert-dir /server/etc/redis/tls/certs
# 客户端认证
# - 默认情况下,Redis服务要求客户端必须做客户端证书
# - no/optional/注释掉
# optional 客户端证书认证可选可不选,由客户端决定
tls-auth-clients optional
# 复制链路加密
# 启用主从复制加密
# tls-replication yes
# 集群总线加密
# 启用集群通信加密
# tls-cluster yes
# 协议版本控制
tls-protocols "TLSv1.2 TLSv1.3"
# 加密套件
# - TLSv1.2及以下:
tls-ciphers DEFAULT:!MEDIUM
# - TLSv1.3专用:
tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
# 控制加密算法选择优先级
# - yes:服务端优先选择加密算法(推荐)
# - no:客户端优先选择加密算法(默认)
tls-prefer-server-ciphers yes
# 性能优化配置
# 使用此命令禁用会话缓存(默认启用)
# tls-session-caching no
# 缓存会话数(默认20480)
# tls-session-cache-size 5000
# 会话超时(秒,默认300)
# tls-session-cache-timeout 60ini
# +----------------------------------------------------------------------
# | 通用 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 开启守护进程模式
# - 跟编译选项 USE_SYSTEMD 相关
daemonize no
# 自动检测进程监管
# - 跟编译选项 USE_SYSTEMD 相关
supervised systemd
# PID 文件
pidfile /run/redis/process.pid
# 日志级别 debug/verbose/notice/warning/nothing
loglevel notice
# 日志文件
logfile /server/logs/redis/redis-server.log
# 系统日志(Syslog)集成配置
# syslog-enabled no # 是否启用系统日志转发(默认 no)
# syslog-ident redis # 系统日志标识(默认"redis")
# syslog-facility local0 # 日志设施级别(必须为 USER 或 LOCAL0-LOCAL7)
# 崩溃日志控制
# 禁用崩溃日志可获得更干净的core dump文件
# crash-log-enabled no # 禁用崩溃日志(默认启用)
# 禁用内存检查可让Redis更快终止(牺牲诊断信息)
# crash-memcheck-enabled no # 禁用崩溃时的内存检查(默认启用)
# Redis 数据库数量
databases 16
# 控制 Redis 启动时是否显示 ASCII 艺术字标志
always-show-logo no
# 控制是否在日志中隐藏用户敏感数据
# - no 默认值(记录完整数据)
# - yes 启用隐私保护模式
# hide-user-data-from-log yes
# 控制是否允许 Redis 动态修改进程名称,默认启用
set-proc-title yes
# 控制 Redis 进程在系统进程列表(如 ps、top 命令)中的显示格式
proc-title-template "{title} {listen-addr} {server-mode}"
# 控制字符串比较和排序时使用的本地化规则:
# - 默认空字符串
locale-collate "C"ini
# +----------------------------------------------------------------------
# | 快照 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 快照触发条件
save 3600 1 300 100 60 10000
# 当后台 RDB 保存失败时是否拒绝写入请求
stop-writes-on-bgsave-error yes
# RDB 压缩
rdbcompression yes
# RDB 校验和
rdbchecksum yes
# 控制 Redis 在加载 RDB 文件或处理 RESTORE 命令时,对底层数据结构(ziplist/listpack 等)的完整性检查强度
sanitize-dump-payload no
# RDB 文件名
dbfilename dump.rdb
# 控制 Redis 是否自动删除用于复制的 RDB 文件,默认不自动删除
rdb-del-sync-files no
# 工作目录
dir /server/logs/redis/rdbDataini
# +----------------------------------------------------------------------
# | 主从复制 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 略过ini
# +----------------------------------------------------------------------
# | 键跟踪 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 客户端缓存追踪
# tracking-table-max-keys 1000000ini
# +----------------------------------------------------------------------
# | 访问控制列表(ACL)系统 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 记录 ACL 相关事件
acllog-max-len 128
# 外部 ACL 文件
# aclfile /server/etc/redis/config/users.acl
# 将 default 账户密码设为 1,与 aclfile 二选一
requirepass 1
# 新用户默认权限
# acl-pubsub-default resetchannels
# 更改命令名称,已废弃
# rename-command CONFIG ""ini
# +----------------------------------------------------------------------
# | 客户端 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 客户端连接数限制
# maxclients 10000ini
# +----------------------------------------------------------------------
# | 内存管理 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 最大内存限制
# maxmemory <bytes>
# 内存淘汰策略
# maxmemory-policy noeviction
# 淘汰算法精度
# maxmemory-samples 5
# 淘汰过程强度
# maxmemory-eviction-tenacity 10
# 从节点内存限制
# replica-ignore-maxmemory yes
# 主动过期清理强度
# active-expire-effort 1ini
# +----------------------------------------------------------------------
# | 惰性删除机制 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 1. 针对自动触发场景的惰性删除
# 内存淘汰时是否异步删除(默认同步)
lazyfree-lazy-eviction no
# 过期键删除时是否异步(默认同步)
lazyfree-lazy-expire no
# 内部操作导致键删除时是否异步(默认同步)
lazyfree-lazy-server-del no
# 从节点全量同步时是否异步清库(默认同步)
replica-lazy-flush no
# 2. 用户命令行为控制
# 是否将DEL命令自动转为UNLINK(默认不转换)
lazyfree-lazy-user-del no
# FLUSHDB/FLUSHALL默认是否异步(默认同步)
lazyfree-lazy-user-flush noini
# +----------------------------------------------------------------------
# | 多线程 I/O 机制 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 线程数量,需按实际配置和需求调整
# io-threads 4ini
# +----------------------------------------------------------------------
# | 内核 OOM 策略控制 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 默认不干预内核 OOM 策略
oom-score-adj no
# OOM 分数值
oom-score-adj-values 0 200 800ini
# +----------------------------------------------------------------------
# | 内核 THP 控制 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 保持默认(yes)即可
disable-thp yesini
# +----------------------------------------------------------------------
# | AOF 持久化机制 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 是否启用 AOF 持久化模式
appendonly yes
# AOF 基础文件名(Redis 7+会扩展为多文件结构)
appendfilename "appendonly.aof"
# AOF 文件存储的相对目录(Redis 7+引入)
appenddirname "appendonlydir"
# 同步策略 always/everysec/no
appendfsync everysec
# 重写时同步控制
no-appendfsync-on-rewrite no
# 自动重写触发条件(两个条件同时满足)
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
# 损坏文件处理
aof-load-truncated yes
# 混合持久化
aof-use-rdb-preamble yes
# 加载AOF文件时,允许自动截断的最大字节数
# aof-load-corrupt-tail-max-size 4096
# 是否在 AOF 中记录时间戳,默认:禁用(no)
aof-timestamp-enabled noini
# +----------------------------------------------------------------------
# | 关机流程控制 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 副本等待超时
# shutdown-timeout 10
# 信号处理行为
# shutdown-on-sigint default
# shutdown-on-sigterm defaultini
# +----------------------------------------------------------------------
# | 长阻塞命令控制机制 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# lua-time-limit 5000
# busy-reply-threshold 5000ini
# +----------------------------------------------------------------------
# | Redis 集群 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 略过ini
# +----------------------------------------------------------------------
# | Redis 集群在 Docker/NAT 环境中的配置 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 略过ini
# +----------------------------------------------------------------------
# | 慢查询日志 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 定义命令执行时间的阈值,默认:10000(单位:微秒,10000 微秒=10 毫秒)
# 记录超过10毫秒的命令
slowlog-log-slower-than 10000
# 慢查询日志的存储条数,默认:128
slowlog-max-len 128ini
# +----------------------------------------------------------------------
# | 延迟系统 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 当设置为 >0 时,Redis 会记录所有执行时间超过该阈值的操作,默认:关闭(单位:毫秒)
latency-monitor-threshold 0
# 默认启用(Redis 7.0+)
# latency-tracking yes
# 默认 3 个百分位,适用所有生产环境
# latency-tracking-info-percentiles 50 99 99.9ini
# +----------------------------------------------------------------------
# | 键空间事件通知 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 完全禁用所有通知(默认)
notify-keyspace-events ""ini
# +----------------------------------------------------------------------
# | 高级配置 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 哈希表优化
# 单位:个
hash-max-listpack-entries 512
# 单位:字节
hash-max-listpack-value 64
# 列表优化
# 每个列表节点 ≤8KB(-2 表示按大小限制)
list-max-listpack-size -2
# 禁用列表压缩(0=不压缩,1=保留首尾节点不压缩)
list-compress-depth 0
# 集合优化
# 单位:个
set-max-intset-entries 512
# 单位:个
set-max-listpack-entries 128
# 单位:字节
set-max-listpack-value 64
# 有序集合优化
# 单位:个
zset-max-listpack-entries 128
# 单位:字节
zset-max-listpack-value 64
# HyperLogLog(HLL)数据结构的内存表示策略方式
# 单位:字节
hll-sparse-max-bytes 3000
# Stream
# 单位:字节
stream-node-max-bytes 4096
# 单位:个
stream-node-max-entries 100
# 单位:秒
# stream-idmp-duration 100
# 单位:个条目
# stream-idmp-maxsize 100
# 主动重哈希开关
# 启用主动重哈希
activerehashing yes
# 客户端输出缓冲区限制策略
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# 客户端输出缓冲区最大容量
# client-query-buffer-limit 1gb
# 定义每个客户端管道中要解码和预取的命令数
# lookahead 16
# 客户端内存保护机制 1g/5%
# maxmemory-clients 5%
# 大容量字符串限制
# proto-max-bulk-len 512mb
# 基准任务频率
hz 10
# 在基准频率基础上,根据客户端数量动态调整频率
dynamic-hz yes
# 启用 AOF 重写时,每 4MB 刷盘(fsync)一次
aof-rewrite-incremental-fsync yes
# 启用 RDB 保存时,每 4MB 刷盘(fsync)一次
rdb-save-incremental-fsync yes
# 计数器对数因子
# 单位:无,只是对数因子
# lfu-log-factor 10
# 计数器衰减时间
# 单位:分钟
# lfu-decay-time 1
# 普通连接默认 10 个/周期
# max-new-connections-per-cycle 10
# TLS 连接默认 1 个/周期
# max-new-tls-connections-per-cycle 1ini
# +----------------------------------------------------------------------
# | 主动内存碎片整理 [基于 redis-8.4.0]
# +----------------------------------------------------------------------
# 主动内存碎片整理开关,默认禁用
# activedefrag no
# 触发内存碎片自动整理阈值,只要满足任意1个就可以触发自动整理
# 启动整理的碎片浪费最小量
# active-defrag-ignore-bytes 100mb
# 启动整理的碎片率下限百分比
# active-defrag-threshold-lower 10
# 最大努力程度的碎片率上限百分比
# active-defrag-threshold-upper 100
# CPU 控制
# 最小 CPU 努力百分比
# active-defrag-cycle-min 1
# 最大 CPU 努力百分比
# active-defrag-cycle-max 25
# 主字典扫描中处理的 set/hash/zset/list 字段最大值
# active-defrag-max-scan-fields 1000
# 启用 Jemalloc 的后台内存清理线程
# 这有助于内存管理,通常建议启用
jemalloc-bg-thread yes
# CPU 亲和性(CPU Affinity) 调优
# 1. 绑定 Redis 服务的主线程 和 I/O 线程(如果启用了多线程 I/O)
# server-cpulist 0-7:2
# 2. 绑定后台 I/O 线程 (Background I/O threads)
# bio-cpulist 1,3
# 3. 绑定执行 AOF 重写(AOF rewrite) 的 子进程
# aof-rewrite-cpulist 8-11
# 4. 绑定执行 RDB 持久化(bgsave)的子进程
# bgsave-cpulist 1,10-11
# ignore-warnings ARM64-COW-BUG
# key-memory-histograms no日志分割
Redis 可以使用 Logrotate 自动轮转来分割日志,详细说明[👉点此查看]
bash
cat > /etc/logrotate.d/redis << 'EOF'
/server/logs/redis/redis-server.log {
monthly
maxsize 100M
missingok
rotate 12
compress
delaycompress
dateext
dateformat -%Y%m%d.%s
dateyesterday
create 0640 redis redis
sharedscripts
postrotate
if [ -f /run/redis/process.pid ]; then
/usr/bin/kill -USR1 $(/bin/cat /run/redis/process.pid)
fi
endscript
}
EOF配置系统单元
推荐统一使用 systemd 管理各种服务
ini
cat > /etc/systemd/system/redis.service << 'EOF'
[Unit]
Description=Redis In-Memory Data Store
After=network.target
[Service]
Type=notify
UMask=0027
User=redis
Group=redis
RuntimeDirectory=redis
RuntimeDirectoryMode=0750
ExecStart=/server/redis/bin/redis-server /server/etc/redis/config/redis.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/server/redis/bin/redis-cli shutdown
KillMode=mixed
KillSignal=SIGTERM
TimeoutStopSec=60s
Restart=on-failure
RestartSec=10s
LimitNOFILE=10000
LimitNPROC=10000
LimitMEMLOCK=infinity
LimitAS=infinity
NoNewPrivileges=true
PrivateTmp=true
PrivateDevices=true
ProtectSystem=strict
ProtectHome=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
ReadWritePaths=/server/redis /run/redis /server/logs/redis
[Install]
WantedBy=multi-user.target
EOFbash
systemctl daemon-reload
systemctl enable redismd
| common | info |
| ------------------------------- | ------------ |
| systemctl start redis.service | 立即激活单元 |
| systemctl stop redis.service | 立即停止单元 |
| systemctl restart redis.service | 重新启动 |bash
ps -ef|grep -E "redis|PID" |grep -v grep
ps aux|grep -E "redis|PID" |grep -v grep启用 TLS 功能
Redis 支持通过 SSL/TLS 协议进行加密通信,可以提供更高的安全性。要启动 Redis 的 SSL 功能,需要按照以下步骤进行配置:
1. 生成 TLS 证书和密钥
生成 TLS 证书和密钥涉及到多个步骤,包括创建私钥、生成证书签名请求(CSR)、签署证书以及分发证书。
源码包自带生成工具
redis 源码包上的 ./utils/gen-test-certs.sh 脚本,用于一键生成 TLS 相关证书和密钥:
bash
./gen-test-certs.sh
cp -r ~/redis-8.6.0/utils/tests/tls/ /server/etc/redis/
# 文件权限在最后统一授权bash
# tests/tls/ca.{crt,key} 自签名CA证书和私钥
# tests/tls/redis.{crt,key} 没有限制的证书和私钥
# tests/tls/client.{crt,key} 限制为SSL客户端使用的证书和私钥
# tests/tls/server.{crt,key} 限制为SSL服务器使用的证书和私钥
# tests/tls/redis.dh DH参数文件,新版openssl已经不建议使用sh
#!/bin/bash
# Generate some test certificates which are used by the regression test suite:
#
# tests/tls/ca.{crt,key} Self signed CA certificate.
# tests/tls/redis.{crt,key} A certificate with no key usage/policy restrictions.
# tests/tls/client.{crt,key} A certificate restricted for SSL client usage.
# tests/tls/server.{crt,key} A certificate restricted for SSL server usage.
# tests/tls/redis.dh DH Params file.
generate_cert() {
local name=$1
local cn="$2"
local opts="$3"
local keyfile=tests/tls/${name}.key
local certfile=tests/tls/${name}.crt
[ -f $keyfile ] || openssl genrsa -out $keyfile 2048
openssl req \
-new -sha256 \
-subj "/O=Redis Test/CN=$cn" \
-key $keyfile | \
openssl x509 \
-req -sha256 \
-CA tests/tls/ca.crt \
-CAkey tests/tls/ca.key \
-CAserial tests/tls/ca.txt \
-CAcreateserial \
-days 365 \
$opts \
-out $certfile
}
mkdir -p tests/tls
[ -f tests/tls/ca.key ] || openssl genrsa -out tests/tls/ca.key 4096
openssl req \
-x509 -new -nodes -sha256 \
-key tests/tls/ca.key \
-days 3650 \
-subj '/O=Redis Test/CN=Certificate Authority' \
-out tests/tls/ca.crt
cat > tests/tls/openssl.cnf <<_END_
[ server_cert ]
keyUsage = digitalSignature, keyEncipherment
nsCertType = server
[ client_cert ]
keyUsage = digitalSignature, keyEncipherment
nsCertType = client
_END_
generate_cert server "Server-only" "-extfile tests/tls/openssl.cnf -extensions server_cert"
generate_cert client "Client-only" "-extfile tests/tls/openssl.cnf -extensions client_cert"
generate_cert redis "Generic-cert"
[ -f tests/tls/redis.dh ] || openssl dhparam -out tests/tls/redis.dh 20482. 配置 TLS
Redis 配置 TLS 相关[👉请点此查看详情]
3. 分发证书
将 CA 证书(ca.crt)分发给所有客户端,以便它们能够验证服务器的身份。
如果使用了客户端证书认证,还需要将客户端证书(client.crt)分发给客户端,并将 CA 证书分发给服务器,以便服务器能够验证客户端的身份。
使用 redis-cli 登录
bash
redis-cli -p 6379
# 带用户密码时(其他登录此功能相同,略)
auth [username] password
# 可以选择特定数据库(其他登录此功能相同,略)
SELECT 3bash
redis-cli -p 16379 --tls --cacert /server/etc/redis/tls/ca.crtbash
redis-cli -p 16379 --tls \
--cacert /server/etc/redis/tls/ca.crt \
--cert /server/etc/redis/tls/client.crt \
--key /server/etc/redis/tls/client.keybash
redis-cli -h 192.168.66.256 -p 6379bash
redis-cli -h 192.168.66.256 -p 16379 --tls --cacert /server/etc/redis/tls/ca.crtbash
redis-cli -h 192.168.66.256 -p 16379 --tls \
--cacert /server/etc/redis/tls/ca.crt \
--cert /server/etc/redis/tls/client.crt \
--key /server/etc/redis/tls/client.key权限
bash
chown redis:redis -R /server/redis /server/logs/redis /server/etc/redis
find /server/redis /server/logs/redis /server/etc/redis -type f -exec chmod 640 {} \;
find /server/redis /server/logs/redis /server/etc/redis -type d -exec chmod 750 {} \;
chmod 750 -R /server/redis/bin
find /server/etc/redis/tls -type f -exec chmod 600 {} \;
find /server/etc/redis/tls -type d -exec chmod 700 {} \;