$OpenBSD: patch-redis_conf,v 1.28 2021/09/17 01:39:38 tb Exp $

Main changes in this file:

* Redis socket and pid files were moved to /var/run/redis
* Suggest using the system-wide root certificates /etc/ssl/certs.pem
* redis will daemonize and use syslog

Index: redis.conf
--- redis.conf.orig
+++ redis.conf
@@ -112,8 +112,8 @@ tcp-backlog 511
 # incoming connections. There is no default, so Redis will not listen
 # on a unix socket when not specified.
 #
-# unixsocket /run/redis.sock
-# unixsocketperm 700
+# unixsocket /var/run/redis/redis.sock
+# unixsocketperm 770
 
 # Close the connection after a client is idle for N seconds (0 to disable)
 timeout 0
@@ -182,6 +182,7 @@ tcp-keepalive 300
 # of these, and will not implicitly use the system wide configuration.
 #
 # tls-ca-cert-file ca.crt
+# tls-ca-cert-file /etc/ssl/cert.pem
 # tls-ca-cert-dir /etc/ssl/certs
 
 # By default, clients (including replica servers) on a TLS port are required
@@ -215,14 +216,14 @@ tcp-keepalive 300
 #
 # tls-protocols "TLSv1.2 TLSv1.3"
 
-# Configure allowed ciphers.  See the ciphers(1ssl) manpage for more information
+# Configure allowed ciphers.  See SSL_set_cipher_list(3) for more information
 # about the syntax of this string.
 #
 # Note: this configuration applies only to <= TLSv1.2.
 #
 # tls-ciphers DEFAULT:!MEDIUM
 
-# Configure allowed TLSv1.3 ciphersuites.  See the ciphers(1ssl) manpage for more
+# Configure allowed TLSv1.3 ciphersuites.  See SSL_set_cipher_list(3) for more
 # information about the syntax of this string, and specifically for TLSv1.3
 # ciphersuites.
 #
@@ -252,9 +253,9 @@ tcp-keepalive 300
 ################################# GENERAL #####################################
 
 # By default Redis does not run as a daemon. Use 'yes' if you need it.
-# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
+# Note that Redis will write a pid file in /var/run/redis/redis.pid when daemonized.
 # When Redis is supervised by upstart or systemd, this parameter has no impact.
-daemonize no
+daemonize yes
 
 # If you run Redis from upstart or systemd, Redis can interact with your
 # supervision tree. Options:
@@ -279,14 +280,14 @@ daemonize no
 #
 # When the server runs non daemonized, no pid file is created if none is
 # specified in the configuration. When the server is daemonized, the pid file
-# is used even if not specified, defaulting to "/var/run/redis.pid".
+# is used even if not specified, defaulting to "/var/run/redis/redis.pid".
 #
 # Creating a pid file is best effort: if Redis is not able to create it
 # nothing bad happens, the server will start and run normally.
 #
 # Note that on modern Linux systems "/run/redis.pid" is more conforming
 # and should be used instead.
-pidfile /var/run/redis_6379.pid
+pidfile /var/run/redis/redis_6379.pid
 
 # Specify the server verbosity level.
 # This can be one of:
@@ -299,17 +300,18 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile ""
+# logfile ""
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
-# syslog-enabled no
+syslog-enabled yes
 
 # Specify the syslog identity.
-# syslog-ident redis
+syslog-ident redis
 
-# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
-# syslog-facility local0
+# Specify the syslog facility. Must be one of DAEMON, USER or between
+# LOCAL0-LOCAL7.
+syslog-facility daemon
 
 # To disable the built in crash log, which will possibly produce cleaner core
 # dumps when they are needed, uncomment the following:
@@ -451,7 +453,7 @@ rdb-del-sync-files no
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir ./
+dir ${DBDIR}
 
 ################################# REPLICATION #################################
 
@@ -963,6 +965,7 @@ acllog-max-len 128
 # limit accordingly in case of very large clusters.
 #
 # maxclients 10000
+maxclients 96
 
 ############################## MEMORY MANAGEMENT ################################
 
