下载地址: http://download.redis.io/releases/
官方文档: https://redis.io/documentation
一、Redis单机版安装
$ wget http://download.redis.io/releases/redis-4.0.11.tar.gz
$ tar xzf redis-4.0.11.tar.gz
$ cd redis-4.0.11
$ make
1.2 安全加固
1.2.1 禁用或者重命名危险命令
修改 redis.conf 文件,添加
rename-command FLUSHALL ""
rename-command FLUSHDB ""
rename-command CONFIG ""
rename-command KEYS ""
rename-command SHUTDOWN ""
rename-command DEL ""
rename-command EVAL ""
1.2.2 限制redis 配置文件访问权限
chmod 600 /<filepath>/redis.conf
1.2.3 禁止使用root用户启动
使用root切换到redis用户启动服务:
useradd -s /sbin/nolog -M redis
sudo -u redis /<redis-server-path>/redis-server /<configpath>/redis.conf
1.2.4 开启redis密码认证,并设置高复杂度密码
打开redis.conf,找到requirepass所在的地方,修改为指定的密码,密码应符合复杂性要求,
再去掉前面的#号注释符,然后重启redis
1.2.5 禁止监听在公网
在redis的配置文件redis.conf中配置如下: bind 127.0.0.1或者内网IP,然后重启redis
1.2.6 修改默认6379端口
编辑文件redis的配置文件redis.conf,找到包含port的行,将默认的6379修改为自定义的端口号,然后重启redis
1.2.7 打开保护模式
redis.conf安全设置: # 打开保护模式 protected-mode yes
二、Redis Sentine主从复制
方案: 1 master,2 slave,3 sentinel
注:在以下配置为单机伪集群搭建,生产建议多台机器搭建.
2.1配置master
a.将安装好的单机版,移动到/usr/local/ 下
$ mv redis-4.0.11 /usr/local/redis
b.编辑master配置文件,主要修改以下内容
$ vi /usr/local/redis/redis.conf
bind 192.168.20.250 #
dir "/usr/local/redis/"
pidfile /var/run/redis_6379.pid
logfile "/usr/local/redis/redis.log"
databases 51
masterauth redis1234
requirepass redis1234
c.启动master服务
$ /usr/local/redis/src/redis-server /usr/local/redis/redis.conf &
d.查看日志
$ tail -f /usr/local/redis/redis.log
2.2配置两个slave
a. 创建目录
$ mkdir /usr/local/redis_slave1 /usr/local/redis_slave2
b.复制server,cli,conf等文件
$ cp /usr/local/redis/src/redis-server /usr/local/redis_slave1
$ cp /usr/local/redis/src/redis-server /usr/local/redis_slave2
$ cp /usr/local/redis/src/redis-cli /usr/local/redis_slave1
$ cp /usr/local/redis/src/redis-cli /usr/local/redis_slave2
$ cp /usr/local/redis/redis.conf /usr/local/redis_slave1
$ cp /usr/local/redis/redis.conf /usr/local/redis_slave2
c.编辑slave配置文件,主要修改以下内容
$ vi /usr/local/redis_slave1/redis.conf
port 6380
bind 127.0.0.1
daemonize no
pidfile "/var/run/redis_6380.pid"
logfile "/usr/local/redis_slave1/redis_slave1.log"
databases 51
dir "/usr/local/redis_slave1"
masterauth "redis1234"
requirepass "redis1234"
slaveof 127.0.0.1 6379
$ vi /usr/local/redis_slave2/redis.conf
port 6381
bind 127.0.0.1
daemonize no
pidfile "/var/run/redis_6381.pid"
logfile "/usr/local/redis_slave2/redis_slave2.log"
databases 51
dir "/usr/local/redis_slave2"
masterauth "redis1234"
requirepass "redis1234"
slaveof 127.0.0.1 6379
d.启动两个slave
$ /usr/local/redis_slave1/redis-server /usr/local/redis_slave1/redis.conf &
$ /usr/local/redis_slave2/redis-server /usr/local/redis_slave2/redis.conf &
e.查看两个slave日志
$ tail -f /usr/local/redis_slave1/redis_slave1.log
$ tail -f /usr/local/redis_slave2/redis_slave2.log
2.3配置三个sentinel
a.创建三个sentinel目录
$ mkdir /usr/local/redis_sentinel1 /usr/local/redis_sentinel2 /usr/local/redis_sentinel3
b.拷贝sentinel,conf等文件
$ cp /usr/local/redis/src/redis-sentinel /usr/local/redis_sentinel1
$ cp /usr/local/redis/src/redis-sentinel /usr/local/redis_sentinel2
$ cp /usr/local/redis/src/redis-sentinel /usr/local/redis_sentinel3
$ cp /usr/local/redis/sentinel.conf /usr/local/redis_sentinel1
$ cp /usr/local/redis/sentinel.conf /usr/local/redis_sentinel2
$ cp /usr/local/redis/sentinel.conf /usr/local/redis_sentinel3
c.编辑sentinel配置文件,主要一下配置
$ vi /usr/local/redis_sentinel1/sentinel.conf
port 26379
protected-mode no
dir "/usr/local/redis_sentinel1"
logfile "/usr/local/redis_sentinel1/redis_sentinel1.log"
sentinel auth-pass mymaster redis
sentinel monitor mymaster 127.0.0.1 6379
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 180000
$ vi /usr/local/redis_sentinel2/sentinel.conf
port 26380
protected-mode no
dir "/usr/local/redis_sentinel2"
logfile "/usr/local/redis_sentinel2/redis_sentinel2.log"
sentinel auth-pass mymaster redis1234
sentinel monitor mymaster 127.0.0.1 6379
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 180000
$ vi /usr/local/redis_sentinel3/sentinel.conf
port 26381
protected-mode no
dir "/usr/local/redis_sentinel3"
logfile "/usr/local/redis_sentinel3/redis_sentinel3.log"
sentinel auth-pass mymaster redis1234
sentinel monitor mymaster 127.0.0.1 6379
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 180000
2.4测试master和slave
a.启动master和2个slave服务!
查看上述启动方法
b.用master或者slave中的任意cli连接master节点进行操作
$ /usr/local/redis_slave1/redis-cli -p 6379
$ auth redis1234
$ select 2
$ set name sunjianhua
$ info Replication
c.连接slave节点查询数据是否存在
$ /usr/local/redis_slave1/redis-cli -p 6381
$ auth redis1234
$ select 2
$ select name
2.5测试sentinel
a.先启动主从,后启动sentinel服务
主从启动看上面
$ /usr/local/redis_sentinel1/redis-sentinel /usr/local/redis_sentinel1/sentinel.conf &
$ /usr/local/redis_sentinel2/redis-sentinel /usr/local/redis_sentinel2/sentinel.conf &
$ /usr/local/redis_sentinel3/redis-sentinel /usr/local/redis_sentinel3/sentinel.conf &
b.查看sentinel日志
$ tail -f /usr/local/redis_sentinel1/redis-sentinel1.log
c.关闭master,查看sentinel控制台
d.连接之前的slave服务,查看info replication,两个slave 节点之一变为了master
版权属于:sunjianhua
本文链接:https://www.sunjianhua.cn/archives/centos-redis.html
转载时须注明出处及本声明,如果不小心侵犯了您的权益,请联系邮箱:NTA2MTkzNjQ1QHFxLmNvbQ==
