├── .github ├── contributing.md └── pull_request_template.md ├── .gitignore ├── AUTHORS.md ├── LICENSE ├── README.md ├── config ├── Caddyfile.example ├── dev-sqlite.env ├── dev.env ├── nginx.conf ├── prod.env └── redis.conf ├── dev-postgres ├── .env.example ├── README.md └── docker-compose.yml ├── dev ├── .env.example ├── README.md └── docker-compose.yml ├── docker-compose.override.example.yml └── docker-compose.yml /.github/contributing.md: -------------------------------------------------------------------------------- 1 | # Contributing to wger 2 | 3 | 🎉 Thanks for showing interest in contributing! 🎉 4 | 5 | We have centralized the documentation for contributing to wger in the online 6 | docs, especially for non-code contributions such as documentation, translations, 7 | etc.: 8 | 9 | 10 | 11 | ## Questions 12 | 13 | Are you just using the software and have a question or improvement? Let us know! 14 | 15 | * Discord: 16 | * Mastodon: 17 | 18 | ## Issues 19 | 20 | If you run into a bug describe the problem as well as you can. 21 | 22 | - Steps and any useful information to reproduce the issue 23 | - Environment details (app type: web / mobile, installation method, OS, etc.) 24 | - Any changes you may have done, either to the compose file or the configuration 25 | - Any logs if applicable 26 | - Git SHAs of this checkout, docker images, etc. -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | # Proposed Changes 2 | 3 | - 4 | - 5 | 6 | ## Related Issue(s) 7 | 8 | If applicable, please link to any related issues (`Closes #123`, 9 | `Closes wger-project/other-repo#123`, `See also #123`, etc.) 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /config/Caddyfile 2 | /docker-compose.override.yml 3 | /dev-postgres/.env 4 | /dev/.env 5 | -------------------------------------------------------------------------------- /AUTHORS.md: -------------------------------------------------------------------------------- 1 | # Contributors and translators to this repository 2 | 3 | Thank you all for contributing to the project, you are true heroes! 🫶 4 | 5 | ## Contributors 6 | 7 | - Roland Geider - [https://github.com/rolandgeider](https://github.com/rolandgeider) 8 | - Peter Dave Hello - [https://github.com/PeterDaveHello](https://github.com/PeterDaveHello) 9 | - James - [https://github.com/jagg2](https://github.com/jagg2) 10 | - Taylor Fuller - [https://github.com/taylor-fuller](https://github.com/taylor-fuller) 11 | - Dieter Plaetinck - [https://github.com/Dieterbe](https://github.com/Dieterbe) 12 | - goodnewz - [https://github.com/goodnewz](https://github.com/goodnewz) 13 | - Mohammad Rafigh - [https://github.com/mohammadrafigh](https://github.com/mohammadrafigh) 14 | - AlexAsh - [https://github.com/AlexAshs](https://github.com/AlexAshs) 15 | - kuseler - [https://github.com/kuseler](https://github.com/kuseler) 16 | - Allan Nordhøy - [https://github.com/comradekingu](https://github.com/comradekingu) 17 | 18 | ## Translators 19 | 20 | No translators found. 21 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published by 637 | the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | wger logo 2 | 3 | 4 | # docker compose stacks for wger 5 | Contains 3 docker compose environments: 6 | 7 | * prod (in root of this repository) 8 | * dev (uses sqlite) 9 | * dev-postgres (uses postgresql) 10 | 11 | The production Docker Compose file initializes a production environment with the 12 | application server, a reverse proxy, a database, a caching server, and a Celery 13 | queue, all configured. Data is persisted in volumes, if you want to use folders, 14 | read the warning in the env file. 15 | 16 | **TLDR:** just do `docker compose up -d` 17 | 18 | For more details, consult the documentation (and the config files): 19 | 20 | * production: 21 | * development: 22 | 23 | It is recommended to regularly pull the latest version of the compose file, 24 | since sometimes new configurations or environmental variables are added. 25 | 26 | ## Contact 27 | 28 | Feel free to contact us if you found this useful or if there was something that 29 | didn't behave as you expected. We can't fix what we don't know about, so please 30 | report liberally. If you're not sure if something is a bug or not, feel free to 31 | file a bug anyway. 32 | 33 | * Mastodon: 34 | * Discord: 35 | * Issue tracker: 36 | 37 | 38 | ## Sources 39 | 40 | All the code and the content is freely available: 41 | 42 | * 43 | 44 | ## Licence 45 | 46 | The application is licenced under the Affero GNU General Public License 3 or 47 | later (AGPL 3+). 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /config/Caddyfile.example: -------------------------------------------------------------------------------- 1 | # The Caddyfile is an easy way to configure your Caddy web server. 2 | # 3 | # Unless the file starts with a global options block, the first 4 | # uncommented line is always the address of your site. 5 | # 6 | # To use your own domain name (with automatic HTTPS), first make 7 | # sure your domain's A/AAAA DNS records are properly pointed to 8 | # this machine's public IP, then replace ":80" below with your 9 | # domain name. 10 | 11 | { 12 | servers { 13 | metrics 14 | } 15 | 16 | admin :2019 17 | 18 | log access-json { 19 | include http.log.access.wger 20 | output file /var/log/www/access.log 21 | } 22 | 23 | log access-console { 24 | include http.log.access.wger 25 | format console 26 | } 27 | } 28 | 29 | #your.domain.example.com { 30 | localhost { 31 | log wger 32 | 33 | encode 34 | 35 | reverse_proxy web:8000 { 36 | header_up Host {host} 37 | header_up X-Real-IP {remote_host} 38 | header_up X-Forwarded-For {http.X-Forwarded-For} {remote_host} 39 | header_up X-Forwarded-Proto {scheme} 40 | } 41 | 42 | handle /static/* { 43 | root * /wger 44 | file_server 45 | } 46 | 47 | handle /media/* { 48 | root * /wger 49 | file_server 50 | } 51 | } 52 | 53 | # Refer to the Caddy docs for more information: 54 | # https://caddyserver.com/docs/caddyfile -------------------------------------------------------------------------------- /config/dev-sqlite.env: -------------------------------------------------------------------------------- 1 | # Note: this is the path *within* the docker container 2 | DJANGO_DB_ENGINE=django.db.backends.sqlite3 3 | DJANGO_DB_DATABASE=/home/wger/src/database.sqlite 4 | 5 | -------------------------------------------------------------------------------- /config/dev.env: -------------------------------------------------------------------------------- 1 | DJANGO_DEBUG=True 2 | WGER_USE_GUNICORN=False 3 | EXERCISE_CACHE_TTL=30 4 | SYNC_EXERCISES_ON_STARTUP=False 5 | AXES_ENABLED=False 6 | -------------------------------------------------------------------------------- /config/nginx.conf: -------------------------------------------------------------------------------- 1 | upstream wger { 2 | server web:8000; 3 | } 4 | 5 | server { 6 | 7 | listen 80; 8 | 9 | location / { 10 | proxy_pass http://wger; 11 | proxy_set_header Host $host; 12 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 13 | proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; 14 | proxy_set_header X-Forwarded-Host $host:$server_port; 15 | proxy_redirect off; 16 | } 17 | 18 | location /static/ { 19 | alias /wger/static/; 20 | } 21 | 22 | location /media/ { 23 | alias /wger/media/; 24 | } 25 | 26 | # Increase max body size to allow for video uploads 27 | client_max_body_size 100M; 28 | } -------------------------------------------------------------------------------- /config/prod.env: -------------------------------------------------------------------------------- 1 | # Django's secret key, change to a 50 character random string if you are running 2 | # this instance publicly. For an online generator, see e.g. https://djecrety.ir/ 3 | SECRET_KEY=wger-docker-supersecret-key-1234567890!@#$%^&*(-_) 4 | 5 | # Signing key used for JWT, use something different than the secret key 6 | SIGNING_KEY=wger-docker-secret-jwtkey-1234567890!@#$%^&*(-_=+) 7 | 8 | # The server's timezone, for a list of possible names: 9 | # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones 10 | TIME_ZONE=Europe/Berlin 11 | TZ=Europe/Berlin 12 | 13 | # 14 | # Consult the deployment section in the readme if you are running this behind a 15 | # reverse proxy with HTTPS enabled 16 | 17 | # CSRF_TRUSTED_ORIGINS=https://my.domain.example.com,https://118.999.881.119 18 | # X_FORWARDED_PROTO_HEADER_SET=True 19 | 20 | # 21 | # Static files 22 | # If you are running the application behind a reverse proxy or changed the port, the 23 | # links for some images *might* break (specially in the mobile app). Also note that 24 | # the API response is cached and contains the host, if you change this setting, just run 25 | # docker compose exec web python3 manage.py warmup-exercise-api-cache --force 26 | # MEDIA_URL=https://your-domain.example.com/media/ 27 | # STATIC_URL=https://your-domain.example.com/static/ 28 | 29 | # 30 | # These settings usually don't need changing 31 | # 32 | 33 | # 34 | # Application 35 | WGER_INSTANCE=https://wger.de # Wger instance from which to sync exercises, images, etc. 36 | ALLOW_REGISTRATION=True 37 | ALLOW_GUEST_USERS=True 38 | ALLOW_UPLOAD_VIDEOS=True 39 | # Users won't be able to contribute to exercises if their account age is 40 | # lower than this amount in days. 41 | MIN_ACCOUNT_AGE_TO_TRUST=21 42 | # Synchronzing exercises 43 | # It is recommended to keep the local database synchronized with the wger 44 | # instance specified in WGER_INSTANCE since there are new added or translations 45 | # improved. For this you have different possibilities: 46 | # - Sync exercises on startup: 47 | # SYNC_EXERCISES_ON_STARTUP=True 48 | # DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP=True 49 | # - Sync them in the background with celery. This will setup a job that will run 50 | # once a week at a random time (this time is selected once when starting the server) 51 | SYNC_EXERCISES_CELERY=True 52 | SYNC_EXERCISE_IMAGES_CELERY=True 53 | SYNC_EXERCISE_VIDEOS_CELERY=True 54 | # - Manually trigger the process as needed: 55 | # docker compose exec web python3 manage.py sync-exercises 56 | # docker compose exec web python3 manage.py download-exercise-images 57 | # docker compose exec web python3 manage.py download-exercise-videos 58 | 59 | # Synchronzing ingredients 60 | # You can also syncronize the ingredients from a remote wger instance, and have 61 | # basically the same options as for the ingredients: 62 | # - Sync them in the background with celery. This will setup a job that will run 63 | # once a week at a random time (this time is selected once when starting the server) 64 | SYNC_INGREDIENTS_CELERY=True 65 | # - Manually trigger the process as needed: 66 | # docker compose exec web python3 manage.py sync-ingredients 67 | 68 | # This option controls whether to download ingredients and their images from the 69 | # configured wger instance. When scanning products with the barcode scanner, it is 70 | # possible to dynamically fetch the ingredient if it is not known in the local database. 71 | # Possible values: WGER or None. Requires USE_CELERY to be set to true. 72 | DOWNLOAD_INGREDIENTS_FROM=WGER 73 | 74 | # Whether celery is configured and should be used. Can be left to true with 75 | # this setup but can be deactivated if you are using the app in some other way 76 | USE_CELERY=True 77 | 78 | # 79 | # Celery 80 | CELERY_BROKER=redis://cache:6379/2 81 | CELERY_BACKEND=redis://cache:6379/2 82 | CELERY_FLOWER_PASSWORD=adminadmin 83 | 84 | # 85 | # Database 86 | DJANGO_DB_ENGINE=django.db.backends.postgresql 87 | DJANGO_DB_DATABASE=wger 88 | DJANGO_DB_USER=wger 89 | DJANGO_DB_PASSWORD=wger 90 | DJANGO_DB_HOST=db 91 | DJANGO_DB_PORT=5432 92 | DJANGO_PERFORM_MIGRATIONS=True # Perform any new database migrations on startup 93 | 94 | # 95 | # Cache 96 | DJANGO_CACHE_BACKEND=django_redis.cache.RedisCache 97 | DJANGO_CACHE_LOCATION=redis://cache:6379/1 98 | DJANGO_CACHE_TIMEOUT=1296000 # in seconds - 60*60*24*15, 15 Days 99 | DJANGO_CACHE_CLIENT_CLASS=django_redis.client.DefaultClient 100 | # DJANGO_CACHE_CLIENT_PASSWORD=abcde... # Only if you changed the redis config 101 | # DJANGO_CACHE_CLIENT_SSL_KEYFILE=/path/to/ssl_keyfile # Path to an ssl private key. 102 | # DJANGO_CACHE_CLIENT_SSL_CERTFILE=/path/to/ssl_certfile # Path to an ssl certificate. 103 | # DJANGO_CACHE_CLIENT_SSL_CERT_REQS= # The string value for the verify_mode. 104 | # DJANGO_CACHE_CLIENT_SSL_CHECK_HOSTNAME=False # If set, match the hostname during the SSL handshake. 105 | 106 | # 107 | # Brute force login attacks 108 | # https://django-axes.readthedocs.io/en/latest/index.html 109 | AXES_ENABLED=True 110 | AXES_FAILURE_LIMIT=10 111 | AXES_COOLOFF_TIME=30 # in minutes 112 | AXES_HANDLER=axes.handlers.cache.AxesCacheHandler 113 | AXES_LOCKOUT_PARAMETERS=ip_address 114 | AXES_IPWARE_PROXY_COUNT=1 115 | AXES_IPWARE_META_PRECEDENCE_ORDER=HTTP_X_FORWARDED_FOR,REMOTE_ADDR 116 | # 117 | # Others 118 | DJANGO_DEBUG=False 119 | WGER_USE_GUNICORN=True 120 | EXERCISE_CACHE_TTL=18000 # in seconds - 5*60*60, 5 hours 121 | SITE_URL=http://localhost 122 | 123 | # 124 | # JWT auth 125 | ACCESS_TOKEN_LIFETIME=10 # The lifetime duration of the access token, in minutes 126 | REFRESH_TOKEN_LIFETIME=24 # The lifetime duration of the refresh token, in hours 127 | 128 | # 129 | # Auth Proxy Authentication 130 | # 131 | # Please read the documentation before enabling this feature: 132 | # https://wger.readthedocs.io/en/latest/administration/auth_proxy.html 133 | AUTH_PROXY_HEADER='' 134 | AUTH_PROXY_TRUSTED_IPS='' 135 | AUTH_PROXY_CREATE_UNKNOWN_USER=False 136 | AUTH_PROXY_USER_EMAIL_HEADER='' 137 | AUTH_PROXY_USER_NAME_HEADER='' 138 | 139 | # 140 | # Other possible settings 141 | 142 | # Log level: possible values: DEBUG, INFO, WARNING, ERROR, CRITICAL 143 | LOG_LEVEL_PYTHON=INFO 144 | 145 | # Recaptcha keys. You will need to create an account and register your domain 146 | # https://www.google.com/recaptcha/ 147 | # RECAPTCHA_PUBLIC_KEY=abcde... 148 | # RECAPTCHA_PRIVATE_KEY=abcde... 149 | USE_RECAPTCHA=False 150 | 151 | # Clears the static files before copying the new ones (i.e. just calls collectstatic 152 | # with the appropriate flag: "manage.py collectstatic --no-input --clear"). Usually 153 | # This can be left like this but if you have problems and new static files are not 154 | # being copied correctly, clearing everything might help 155 | DJANGO_CLEAR_STATIC_FIRST=False 156 | 157 | # 158 | # Email 159 | # https://docs.djangoproject.com/en/4.1/topics/email/#smtp-backend 160 | # ENABLE_EMAIL=False 161 | # EMAIL_HOST=email.example.com 162 | # EMAIL_PORT=587 163 | # EMAIL_HOST_USER=username 164 | # EMAIL_HOST_PASSWORD=password 165 | # EMAIL_USE_TLS=True 166 | # EMAIL_USE_SSL=False 167 | FROM_EMAIL='wger Workout Manager ' 168 | 169 | # Set your name and email to be notified if an internal server error occurs. 170 | # Needs a working email configuration 171 | # DJANGO_ADMINS=your name,email@example.com 172 | 173 | # Whether to compress css and js files into one (of each) 174 | # COMPRESS_ENABLED=True 175 | 176 | # 177 | # Django Rest Framework 178 | # The number of proxies in front of the application. In the default configuration 179 | # only nginx is. Change as approtriate if your setup differs. Also note that this 180 | # is only used when throttling API requests. 181 | NUMBER_OF_PROXIES=1 182 | 183 | # 184 | # Gunicorn 185 | # 186 | # Additional gunicorn options, change as needed. 187 | # For the number of workers to spawn, a usually recommended value is (2 x $num_cores) + 1 188 | # see: 189 | # - https://docs.gunicorn.org/en/stable/settings.html 190 | # - https://github.com/wger-project/wger/blob/master/extras/docker/production/entrypoint.sh#L95 191 | GUNICORN_CMD_ARGS="--workers 3 --threads 2 --worker-class gthread --proxy-protocol True --timeout 240" -------------------------------------------------------------------------------- /config/redis.conf: -------------------------------------------------------------------------------- 1 | # Downloaded from https://redis.io/docs/latest/operate/oss_and_stack/management/config/ 2 | # 3 | # Changed from default: 4 | # - bind * -::* 5 | # - protected-mode no 6 | # - maxmemory 1gb 7 | # - maxmemory-policy volatile-lru 8 | # - save 3600 1 300 100 60 10000 9 | # - dir /data 10 | # - commented out pidfile 11 | 12 | # Redis configuration file example. 13 | # 14 | # Note that in order to read the configuration file, Redis must be 15 | # started with the file path as first argument: 16 | # 17 | # ./redis-server /path/to/redis.conf 18 | 19 | # Note on units: when memory size is needed, it is possible to specify 20 | # it in the usual form of 1k 5GB 4M and so forth: 21 | # 22 | # 1k => 1000 bytes 23 | # 1kb => 1024 bytes 24 | # 1m => 1000000 bytes 25 | # 1mb => 1024*1024 bytes 26 | # 1g => 1000000000 bytes 27 | # 1gb => 1024*1024*1024 bytes 28 | # 29 | # units are case insensitive so 1GB 1Gb 1gB are all the same. 30 | 31 | ################################## INCLUDES ################################### 32 | 33 | # Include one or more other config files here. This is useful if you 34 | # have a standard template that goes to all Redis servers but also need 35 | # to customize a few per-server settings. Include files can include 36 | # other files, so use this wisely. 37 | # 38 | # Note that option "include" won't be rewritten by command "CONFIG REWRITE" 39 | # from admin or Redis Sentinel. Since Redis always uses the last processed 40 | # line as value of a configuration directive, you'd better put includes 41 | # at the beginning of this file to avoid overwriting config change at runtime. 42 | # 43 | # If instead you are interested in using includes to override configuration 44 | # options, it is better to use include as the last line. 45 | # 46 | # Included paths may contain wildcards. All files matching the wildcards will 47 | # be included in alphabetical order. 48 | # Note that if an include path contains a wildcards but no files match it when 49 | # the server is started, the include statement will be ignored and no error will 50 | # be emitted. It is safe, therefore, to include wildcard files from empty 51 | # directories. 52 | # 53 | # include /path/to/local.conf 54 | # include /path/to/other.conf 55 | # include /path/to/fragments/*.conf 56 | # 57 | 58 | ################################## MODULES ##################################### 59 | 60 | # Load modules at startup. If the server is not able to load modules 61 | # it will abort. It is possible to use multiple loadmodule directives. 62 | # 63 | # loadmodule /path/to/my_module.so 64 | # loadmodule /path/to/other_module.so 65 | # loadmodule /path/to/args_module.so [arg [arg ...]] 66 | 67 | ################################## NETWORK ##################################### 68 | 69 | # By default, if no "bind" configuration directive is specified, Redis listens 70 | # for connections from all available network interfaces on the host machine. 71 | # It is possible to listen to just one or multiple selected interfaces using 72 | # the "bind" configuration directive, followed by one or more IP addresses. 73 | # Each address can be prefixed by "-", which means that redis will not fail to 74 | # start if the address is not available. Being not available only refers to 75 | # addresses that does not correspond to any network interface. Addresses that 76 | # are already in use will always fail, and unsupported protocols will always BE 77 | # silently skipped. 78 | # 79 | # Examples: 80 | # 81 | # bind 192.168.1.100 10.0.0.1 # listens on two specific IPv4 addresses 82 | # bind 127.0.0.1 ::1 # listens on loopback IPv4 and IPv6 83 | # bind * -::* # like the default, all available interfaces 84 | # 85 | # ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the 86 | # internet, binding to all the interfaces is dangerous and will expose the 87 | # instance to everybody on the internet. So by default we uncomment the 88 | # following bind directive, that will force Redis to listen only on the 89 | # IPv4 and IPv6 (if available) loopback interface addresses (this means Redis 90 | # will only be able to accept client connections from the same host that it is 91 | # running on). 92 | # 93 | # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES 94 | # COMMENT OUT THE FOLLOWING LINE. 95 | # 96 | # You will also need to set a password unless you explicitly disable protected 97 | # mode. 98 | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 99 | bind * -::* 100 | 101 | # By default, outgoing connections (from replica to master, from Sentinel to 102 | # instances, cluster bus, etc.) are not bound to a specific local address. In 103 | # most cases, this means the operating system will handle that based on routing 104 | # and the interface through which the connection goes out. 105 | # 106 | # Using bind-source-addr it is possible to configure a specific address to bind 107 | # to, which may also affect how the connection gets routed. 108 | # 109 | # Example: 110 | # 111 | # bind-source-addr 10.0.0.1 112 | 113 | # Protected mode is a layer of security protection, in order to avoid that 114 | # Redis instances left open on the internet are accessed and exploited. 115 | # 116 | # When protected mode is on and the default user has no password, the server 117 | # only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address 118 | # (::1) or Unix domain sockets. 119 | # 120 | # By default protected mode is enabled. You should disable it only if 121 | # you are sure you want clients from other hosts to connect to Redis 122 | # even if no authentication is configured. 123 | protected-mode no 124 | 125 | # Redis uses default hardened security configuration directives to reduce the 126 | # attack surface on innocent users. Therefore, several sensitive configuration 127 | # directives are immutable, and some potentially-dangerous commands are blocked. 128 | # 129 | # Configuration directives that control files that Redis writes to (e.g., 'dir' 130 | # and 'dbfilename') and that aren't usually modified during runtime 131 | # are protected by making them immutable. 132 | # 133 | # Commands that can increase the attack surface of Redis and that aren't usually 134 | # called by users are blocked by default. 135 | # 136 | # These can be exposed to either all connections or just local ones by setting 137 | # each of the configs listed below to either of these values: 138 | # 139 | # no - Block for any connection (remain immutable) 140 | # yes - Allow for any connection (no protection) 141 | # local - Allow only for local connections. Ones originating from the 142 | # IPv4 address (127.0.0.1), IPv6 address (::1) or Unix domain sockets. 143 | # 144 | # enable-protected-configs no 145 | # enable-debug-command no 146 | # enable-module-command no 147 | 148 | # Accept connections on the specified port, default is 6379 (IANA #815344). 149 | # If port 0 is specified Redis will not listen on a TCP socket. 150 | port 6379 151 | 152 | # TCP listen() backlog. 153 | # 154 | # In high requests-per-second environments you need a high backlog in order 155 | # to avoid slow clients connection issues. Note that the Linux kernel 156 | # will silently truncate it to the value of /proc/sys/net/core/somaxconn so 157 | # make sure to raise both the value of somaxconn and tcp_max_syn_backlog 158 | # in order to get the desired effect. 159 | tcp-backlog 511 160 | 161 | # Unix socket. 162 | # 163 | # Specify the path for the Unix socket that will be used to listen for 164 | # incoming connections. There is no default, so Redis will not listen 165 | # on a unix socket when not specified. 166 | # 167 | # unixsocket /run/redis.sock 168 | # unixsocketperm 700 169 | 170 | # Close the connection after a client is idle for N seconds (0 to disable) 171 | timeout 0 172 | 173 | # TCP keepalive. 174 | # 175 | # If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence 176 | # of communication. This is useful for two reasons: 177 | # 178 | # 1) Detect dead peers. 179 | # 2) Force network equipment in the middle to consider the connection to be 180 | # alive. 181 | # 182 | # On Linux, the specified value (in seconds) is the period used to send ACKs. 183 | # Note that to close the connection the double of the time is needed. 184 | # On other kernels the period depends on the kernel configuration. 185 | # 186 | # A reasonable value for this option is 300 seconds, which is the new 187 | # Redis default starting with Redis 3.2.1. 188 | tcp-keepalive 300 189 | 190 | # Apply OS-specific mechanism to mark the listening socket with the specified 191 | # ID, to support advanced routing and filtering capabilities. 192 | # 193 | # On Linux, the ID represents a connection mark. 194 | # On FreeBSD, the ID represents a socket cookie ID. 195 | # On OpenBSD, the ID represents a route table ID. 196 | # 197 | # The default value is 0, which implies no marking is required. 198 | # socket-mark-id 0 199 | 200 | ################################# TLS/SSL ##################################### 201 | 202 | # By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration 203 | # directive can be used to define TLS-listening ports. To enable TLS on the 204 | # default port, use: 205 | # 206 | # port 0 207 | # tls-port 6379 208 | 209 | # Configure a X.509 certificate and private key to use for authenticating the 210 | # server to connected clients, masters or cluster peers. These files should be 211 | # PEM formatted. 212 | # 213 | # tls-cert-file redis.crt 214 | # tls-key-file redis.key 215 | # 216 | # If the key file is encrypted using a passphrase, it can be included here 217 | # as well. 218 | # 219 | # tls-key-file-pass secret 220 | 221 | # Normally Redis uses the same certificate for both server functions (accepting 222 | # connections) and client functions (replicating from a master, establishing 223 | # cluster bus connections, etc.). 224 | # 225 | # Sometimes certificates are issued with attributes that designate them as 226 | # client-only or server-only certificates. In that case it may be desired to use 227 | # different certificates for incoming (server) and outgoing (client) 228 | # connections. To do that, use the following directives: 229 | # 230 | # tls-client-cert-file client.crt 231 | # tls-client-key-file client.key 232 | # 233 | # If the key file is encrypted using a passphrase, it can be included here 234 | # as well. 235 | # 236 | # tls-client-key-file-pass secret 237 | 238 | # Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange, 239 | # required by older versions of OpenSSL (<3.0). Newer versions do not require 240 | # this configuration and recommend against it. 241 | # 242 | # tls-dh-params-file redis.dh 243 | 244 | # Configure a CA certificate(s) bundle or directory to authenticate TLS/SSL 245 | # clients and peers. Redis requires an explicit configuration of at least one 246 | # of these, and will not implicitly use the system wide configuration. 247 | # 248 | # tls-ca-cert-file ca.crt 249 | # tls-ca-cert-dir /etc/ssl/certs 250 | 251 | # By default, clients (including replica servers) on a TLS port are required 252 | # to authenticate using valid client side certificates. 253 | # 254 | # If "no" is specified, client certificates are not required and not accepted. 255 | # If "optional" is specified, client certificates are accepted and must be 256 | # valid if provided, but are not required. 257 | # 258 | # tls-auth-clients no 259 | # tls-auth-clients optional 260 | 261 | # By default, a Redis replica does not attempt to establish a TLS connection 262 | # with its master. 263 | # 264 | # Use the following directive to enable TLS on replication links. 265 | # 266 | # tls-replication yes 267 | 268 | # By default, the Redis Cluster bus uses a plain TCP connection. To enable 269 | # TLS for the bus protocol, use the following directive: 270 | # 271 | # tls-cluster yes 272 | 273 | # By default, only TLSv1.2 and TLSv1.3 are enabled and it is highly recommended 274 | # that older formally deprecated versions are kept disabled to reduce the attack surface. 275 | # You can explicitly specify TLS versions to support. 276 | # Allowed values are case insensitive and include "TLSv1", "TLSv1.1", "TLSv1.2", 277 | # "TLSv1.3" (OpenSSL >= 1.1.1) or any combination. 278 | # To enable only TLSv1.2 and TLSv1.3, use: 279 | # 280 | # tls-protocols "TLSv1.2 TLSv1.3" 281 | 282 | # Configure allowed ciphers. See the ciphers(1ssl) manpage for more information 283 | # about the syntax of this string. 284 | # 285 | # Note: this configuration applies only to <= TLSv1.2. 286 | # 287 | # tls-ciphers DEFAULT:!MEDIUM 288 | 289 | # Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more 290 | # information about the syntax of this string, and specifically for TLSv1.3 291 | # ciphersuites. 292 | # 293 | # tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256 294 | 295 | # When choosing a cipher, use the server's preference instead of the client 296 | # preference. By default, the server follows the client's preference. 297 | # 298 | # tls-prefer-server-ciphers yes 299 | 300 | # By default, TLS session caching is enabled to allow faster and less expensive 301 | # reconnections by clients that support it. Use the following directive to disable 302 | # caching. 303 | # 304 | # tls-session-caching no 305 | 306 | # Change the default number of TLS sessions cached. A zero value sets the cache 307 | # to unlimited size. The default size is 20480. 308 | # 309 | # tls-session-cache-size 5000 310 | 311 | # Change the default timeout of cached TLS sessions. The default timeout is 300 312 | # seconds. 313 | # 314 | # tls-session-cache-timeout 60 315 | 316 | ################################# GENERAL ##################################### 317 | 318 | # By default Redis does not run as a daemon. Use 'yes' if you need it. 319 | # Note that Redis will write a pid file in /var/run/redis.pid when daemonized. 320 | # When Redis is supervised by upstart or systemd, this parameter has no impact. 321 | daemonize no 322 | 323 | # If you run Redis from upstart or systemd, Redis can interact with your 324 | # supervision tree. Options: 325 | # supervised no - no supervision interaction 326 | # supervised upstart - signal upstart by putting Redis into SIGSTOP mode 327 | # requires "expect stop" in your upstart job config 328 | # supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET 329 | # on startup, and updating Redis status on a regular 330 | # basis. 331 | # supervised auto - detect upstart or systemd method based on 332 | # UPSTART_JOB or NOTIFY_SOCKET environment variables 333 | # Note: these supervision methods only signal "process is ready." 334 | # They do not enable continuous pings back to your supervisor. 335 | # 336 | # The default is "no". To run under upstart/systemd, you can simply uncomment 337 | # the line below: 338 | # 339 | # supervised auto 340 | 341 | # If a pid file is specified, Redis writes it where specified at startup 342 | # and removes it at exit. 343 | # 344 | # When the server runs non daemonized, no pid file is created if none is 345 | # specified in the configuration. When the server is daemonized, the pid file 346 | # is used even if not specified, defaulting to "/var/run/redis.pid". 347 | # 348 | # Creating a pid file is best effort: if Redis is not able to create it 349 | # nothing bad happens, the server will start and run normally. 350 | # 351 | # Note that on modern Linux systems "/run/redis.pid" is more conforming 352 | # and should be used instead. 353 | # pidfile /var/run/redis_6379.pid 354 | 355 | # Specify the server verbosity level. 356 | # This can be one of: 357 | # debug (a lot of information, useful for development/testing) 358 | # verbose (many rarely useful info, but not a mess like the debug level) 359 | # notice (moderately verbose, what you want in production probably) 360 | # warning (only very important / critical messages are logged) 361 | # nothing (nothing is logged) 362 | loglevel notice 363 | 364 | # Specify the log file name. Also the empty string can be used to force 365 | # Redis to log on the standard output. Note that if you use standard 366 | # output for logging but daemonize, logs will be sent to /dev/null 367 | logfile "" 368 | 369 | # To enable logging to the system logger, just set 'syslog-enabled' to yes, 370 | # and optionally update the other syslog parameters to suit your needs. 371 | # syslog-enabled no 372 | 373 | # Specify the syslog identity. 374 | # syslog-ident redis 375 | 376 | # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. 377 | # syslog-facility local0 378 | 379 | # To disable the built in crash log, which will possibly produce cleaner core 380 | # dumps when they are needed, uncomment the following: 381 | # 382 | # crash-log-enabled no 383 | 384 | # To disable the fast memory check that's run as part of the crash log, which 385 | # will possibly let redis terminate sooner, uncomment the following: 386 | # 387 | # crash-memcheck-enabled no 388 | 389 | # Set the number of databases. The default database is DB 0, you can select 390 | # a different one on a per-connection basis using SELECT where 391 | # dbid is a number between 0 and 'databases'-1 392 | databases 16 393 | 394 | # By default Redis shows an ASCII art logo only when started to log to the 395 | # standard output and if the standard output is a TTY and syslog logging is 396 | # disabled. Basically this means that normally a logo is displayed only in 397 | # interactive sessions. 398 | # 399 | # However it is possible to force the pre-4.0 behavior and always show a 400 | # ASCII art logo in startup logs by setting the following option to yes. 401 | always-show-logo no 402 | 403 | # To avoid logging personal identifiable information (PII) into server log file, 404 | # uncomment the following: 405 | # 406 | # hide-user-data-from-log yes 407 | 408 | # By default, Redis modifies the process title (as seen in 'top' and 'ps') to 409 | # provide some runtime information. It is possible to disable this and leave 410 | # the process name as executed by setting the following to no. 411 | set-proc-title yes 412 | 413 | # When changing the process title, Redis uses the following template to construct 414 | # the modified title. 415 | # 416 | # Template variables are specified in curly brackets. The following variables are 417 | # supported: 418 | # 419 | # {title} Name of process as executed if parent, or type of child process. 420 | # {listen-addr} Bind address or '*' followed by TCP or TLS port listening on, or 421 | # Unix socket if only that's available. 422 | # {server-mode} Special mode, i.e. "[sentinel]" or "[cluster]". 423 | # {port} TCP port listening on, or 0. 424 | # {tls-port} TLS port listening on, or 0. 425 | # {unixsocket} Unix domain socket listening on, or "". 426 | # {config-file} Name of configuration file used. 427 | # 428 | proc-title-template "{title} {listen-addr} {server-mode}" 429 | 430 | # Set the local environment which is used for string comparison operations, and 431 | # also affect the performance of Lua scripts. Empty String indicates the locale 432 | # is derived from the environment variables. 433 | locale-collate "" 434 | 435 | ################################ SNAPSHOTTING ################################ 436 | 437 | # Save the DB to disk. 438 | # 439 | # save [ ...] 440 | # 441 | # Redis will save the DB if the given number of seconds elapsed and it 442 | # surpassed the given number of write operations against the DB. 443 | # 444 | # Snapshotting can be completely disabled with a single empty string argument 445 | # as in following example: 446 | # 447 | # save "" 448 | # 449 | # Unless specified otherwise, by default Redis will save the DB: 450 | # * After 3600 seconds (an hour) if at least 1 change was performed 451 | # * After 300 seconds (5 minutes) if at least 100 changes were performed 452 | # * After 60 seconds if at least 10000 changes were performed 453 | # 454 | # You can set these explicitly by uncommenting the following line. 455 | # 456 | save 3600 1 300 100 60 10000 457 | 458 | # By default Redis will stop accepting writes if RDB snapshots are enabled 459 | # (at least one save point) and the latest background save failed. 460 | # This will make the user aware (in a hard way) that data is not persisting 461 | # on disk properly, otherwise chances are that no one will notice and some 462 | # disaster will happen. 463 | # 464 | # If the background saving process will start working again Redis will 465 | # automatically allow writes again. 466 | # 467 | # However if you have setup your proper monitoring of the Redis server 468 | # and persistence, you may want to disable this feature so that Redis will 469 | # continue to work as usual even if there are problems with disk, 470 | # permissions, and so forth. 471 | stop-writes-on-bgsave-error yes 472 | 473 | # Compress string objects using LZF when dump .rdb databases? 474 | # By default compression is enabled as it's almost always a win. 475 | # If you want to save some CPU in the saving child set it to 'no' but 476 | # the dataset will likely be bigger if you have compressible values or keys. 477 | rdbcompression yes 478 | 479 | # Since version 5 of RDB a CRC64 checksum is placed at the end of the file. 480 | # This makes the format more resistant to corruption but there is a performance 481 | # hit to pay (around 10%) when saving and loading RDB files, so you can disable it 482 | # for maximum performances. 483 | # 484 | # RDB files created with checksum disabled have a checksum of zero that will 485 | # tell the loading code to skip the check. 486 | rdbchecksum yes 487 | 488 | # Enables or disables full sanitization checks for ziplist and listpack etc when 489 | # loading an RDB or RESTORE payload. This reduces the chances of a assertion or 490 | # crash later on while processing commands. 491 | # Options: 492 | # no - Never perform full sanitization 493 | # yes - Always perform full sanitization 494 | # clients - Perform full sanitization only for user connections. 495 | # Excludes: RDB files, RESTORE commands received from the master 496 | # connection, and client connections which have the 497 | # skip-sanitize-payload ACL flag. 498 | # The default should be 'clients' but since it currently affects cluster 499 | # resharding via MIGRATE, it is temporarily set to 'no' by default. 500 | # 501 | # sanitize-dump-payload no 502 | 503 | # The filename where to dump the DB 504 | dbfilename dump.rdb 505 | 506 | # Remove RDB files used by replication in instances without persistence 507 | # enabled. By default this option is disabled, however there are environments 508 | # where for regulations or other security concerns, RDB files persisted on 509 | # disk by masters in order to feed replicas, or stored on disk by replicas 510 | # in order to load them for the initial synchronization, should be deleted 511 | # ASAP. Note that this option ONLY WORKS in instances that have both AOF 512 | # and RDB persistence disabled, otherwise is completely ignored. 513 | # 514 | # An alternative (and sometimes better) way to obtain the same effect is 515 | # to use diskless replication on both master and replicas instances. However 516 | # in the case of replicas, diskless is not always an option. 517 | rdb-del-sync-files no 518 | 519 | # The working directory. 520 | # 521 | # The DB will be written inside this directory, with the filename specified 522 | # above using the 'dbfilename' configuration directive. 523 | # 524 | # The Append Only File will also be created inside this directory. 525 | # 526 | # Note that you must specify a directory here, not a file name. 527 | dir /data 528 | 529 | ################################# REPLICATION ################################# 530 | 531 | # Master-Replica replication. Use replicaof to make a Redis instance a copy of 532 | # another Redis server. A few things to understand ASAP about Redis replication. 533 | # 534 | # +------------------+ +---------------+ 535 | # | Master | ---> | Replica | 536 | # | (receive writes) | | (exact copy) | 537 | # +------------------+ +---------------+ 538 | # 539 | # 1) Redis replication is asynchronous, but you can configure a master to 540 | # stop accepting writes if it appears to be not connected with at least 541 | # a given number of replicas. 542 | # 2) Redis replicas are able to perform a partial resynchronization with the 543 | # master if the replication link is lost for a relatively small amount of 544 | # time. You may want to configure the replication backlog size (see the next 545 | # sections of this file) with a sensible value depending on your needs. 546 | # 3) Replication is automatic and does not need user intervention. After a 547 | # network partition replicas automatically try to reconnect to masters 548 | # and resynchronize with them. 549 | # 550 | # replicaof 551 | 552 | # If the master is password protected (using the "requirepass" configuration 553 | # directive below) it is possible to tell the replica to authenticate before 554 | # starting the replication synchronization process, otherwise the master will 555 | # refuse the replica request. 556 | # 557 | # masterauth 558 | # 559 | # However this is not enough if you are using Redis ACLs (for Redis version 560 | # 6 or greater), and the default user is not capable of running the PSYNC 561 | # command and/or other commands needed for replication. In this case it's 562 | # better to configure a special user to use with replication, and specify the 563 | # masteruser configuration as such: 564 | # 565 | # masteruser 566 | # 567 | # When masteruser is specified, the replica will authenticate against its 568 | # master using the new AUTH form: AUTH . 569 | 570 | # When a replica loses its connection with the master, or when the replication 571 | # is still in progress, the replica can act in two different ways: 572 | # 573 | # 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will 574 | # still reply to client requests, possibly with out of date data, or the 575 | # data set may just be empty if this is the first synchronization. 576 | # 577 | # 2) If replica-serve-stale-data is set to 'no' the replica will reply with error 578 | # "MASTERDOWN Link with MASTER is down and replica-serve-stale-data is set to 'no'" 579 | # to all data access commands, excluding commands such as: 580 | # INFO, REPLICAOF, AUTH, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE, 581 | # UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST, 582 | # HOST and LATENCY. 583 | # 584 | replica-serve-stale-data yes 585 | 586 | # You can configure a replica instance to accept writes or not. Writing against 587 | # a replica instance may be useful to store some ephemeral data (because data 588 | # written on a replica will be easily deleted after resync with the master) but 589 | # may also cause problems if clients are writing to it because of a 590 | # misconfiguration. 591 | # 592 | # Since Redis 2.6 by default replicas are read-only. 593 | # 594 | # Note: read only replicas are not designed to be exposed to untrusted clients 595 | # on the internet. It's just a protection layer against misuse of the instance. 596 | # Still a read only replica exports by default all the administrative commands 597 | # such as CONFIG, DEBUG, and so forth. To a limited extent you can improve 598 | # security of read only replicas using 'rename-command' to shadow all the 599 | # administrative / dangerous commands. 600 | replica-read-only yes 601 | 602 | # Replication SYNC strategy: disk or socket. 603 | # 604 | # New replicas and reconnecting replicas that are not able to continue the 605 | # replication process just receiving differences, need to do what is called a 606 | # "full synchronization". An RDB file is transmitted from the master to the 607 | # replicas. 608 | # 609 | # The transmission can happen in two different ways: 610 | # 611 | # 1) Disk-backed: The Redis master creates a new process that writes the RDB 612 | # file on disk. Later the file is transferred by the parent 613 | # process to the replicas incrementally. 614 | # 2) Diskless: The Redis master creates a new process that directly writes the 615 | # RDB file to replica sockets, without touching the disk at all. 616 | # 617 | # With disk-backed replication, while the RDB file is generated, more replicas 618 | # can be queued and served with the RDB file as soon as the current child 619 | # producing the RDB file finishes its work. With diskless replication instead 620 | # once the transfer starts, new replicas arriving will be queued and a new 621 | # transfer will start when the current one terminates. 622 | # 623 | # When diskless replication is used, the master waits a configurable amount of 624 | # time (in seconds) before starting the transfer in the hope that multiple 625 | # replicas will arrive and the transfer can be parallelized. 626 | # 627 | # With slow disks and fast (large bandwidth) networks, diskless replication 628 | # works better. 629 | repl-diskless-sync yes 630 | 631 | # When diskless replication is enabled, it is possible to configure the delay 632 | # the server waits in order to spawn the child that transfers the RDB via socket 633 | # to the replicas. 634 | # 635 | # This is important since once the transfer starts, it is not possible to serve 636 | # new replicas arriving, that will be queued for the next RDB transfer, so the 637 | # server waits a delay in order to let more replicas arrive. 638 | # 639 | # The delay is specified in seconds, and by default is 5 seconds. To disable 640 | # it entirely just set it to 0 seconds and the transfer will start ASAP. 641 | repl-diskless-sync-delay 5 642 | 643 | # When diskless replication is enabled with a delay, it is possible to let 644 | # the replication start before the maximum delay is reached if the maximum 645 | # number of replicas expected have connected. Default of 0 means that the 646 | # maximum is not defined and Redis will wait the full delay. 647 | repl-diskless-sync-max-replicas 0 648 | 649 | # ----------------------------------------------------------------------------- 650 | # WARNING: Since in this setup the replica does not immediately store an RDB on 651 | # disk, it may cause data loss during failovers. RDB diskless load + Redis 652 | # modules not handling I/O reads may cause Redis to abort in case of I/O errors 653 | # during the initial synchronization stage with the master. 654 | # ----------------------------------------------------------------------------- 655 | # 656 | # Replica can load the RDB it reads from the replication link directly from the 657 | # socket, or store the RDB to a file and read that file after it was completely 658 | # received from the master. 659 | # 660 | # In many cases the disk is slower than the network, and storing and loading 661 | # the RDB file may increase replication time (and even increase the master's 662 | # Copy on Write memory and replica buffers). 663 | # However, when parsing the RDB file directly from the socket, in order to avoid 664 | # data loss it's only safe to flush the current dataset when the new dataset is 665 | # fully loaded in memory, resulting in higher memory usage. 666 | # For this reason we have the following options: 667 | # 668 | # "disabled" - Don't use diskless load (store the rdb file to the disk first) 669 | # "swapdb" - Keep current db contents in RAM while parsing the data directly 670 | # from the socket. Replicas in this mode can keep serving current 671 | # dataset while replication is in progress, except for cases where 672 | # they can't recognize master as having a data set from same 673 | # replication history. 674 | # Note that this requires sufficient memory, if you don't have it, 675 | # you risk an OOM kill. 676 | # "on-empty-db" - Use diskless load only when current dataset is empty. This is 677 | # safer and avoid having old and new dataset loaded side by side 678 | # during replication. 679 | repl-diskless-load disabled 680 | 681 | # Master send PINGs to its replicas in a predefined interval. It's possible to 682 | # change this interval with the repl-ping-replica-period option. The default 683 | # value is 10 seconds. 684 | # 685 | # repl-ping-replica-period 10 686 | 687 | # The following option sets the replication timeout for: 688 | # 689 | # 1) Bulk transfer I/O during SYNC, from the point of view of replica. 690 | # 2) Master timeout from the point of view of replicas (data, pings). 691 | # 3) Replica timeout from the point of view of masters (REPLCONF ACK pings). 692 | # 693 | # It is important to make sure that this value is greater than the value 694 | # specified for repl-ping-replica-period otherwise a timeout will be detected 695 | # every time there is low traffic between the master and the replica. The default 696 | # value is 60 seconds. 697 | # 698 | # repl-timeout 60 699 | 700 | # Disable TCP_NODELAY on the replica socket after SYNC? 701 | # 702 | # If you select "yes" Redis will use a smaller number of TCP packets and 703 | # less bandwidth to send data to replicas. But this can add a delay for 704 | # the data to appear on the replica side, up to 40 milliseconds with 705 | # Linux kernels using a default configuration. 706 | # 707 | # If you select "no" the delay for data to appear on the replica side will 708 | # be reduced but more bandwidth will be used for replication. 709 | # 710 | # By default we optimize for low latency, but in very high traffic conditions 711 | # or when the master and replicas are many hops away, turning this to "yes" may 712 | # be a good idea. 713 | repl-disable-tcp-nodelay no 714 | 715 | # Set the replication backlog size. The backlog is a buffer that accumulates 716 | # replica data when replicas are disconnected for some time, so that when a 717 | # replica wants to reconnect again, often a full resync is not needed, but a 718 | # partial resync is enough, just passing the portion of data the replica 719 | # missed while disconnected. 720 | # 721 | # The bigger the replication backlog, the longer the replica can endure the 722 | # disconnect and later be able to perform a partial resynchronization. 723 | # 724 | # The backlog is only allocated if there is at least one replica connected. 725 | # 726 | # repl-backlog-size 1mb 727 | 728 | # After a master has no connected replicas for some time, the backlog will be 729 | # freed. The following option configures the amount of seconds that need to 730 | # elapse, starting from the time the last replica disconnected, for the backlog 731 | # buffer to be freed. 732 | # 733 | # Note that replicas never free the backlog for timeout, since they may be 734 | # promoted to masters later, and should be able to correctly "partially 735 | # resynchronize" with other replicas: hence they should always accumulate backlog. 736 | # 737 | # A value of 0 means to never release the backlog. 738 | # 739 | # repl-backlog-ttl 3600 740 | 741 | # During a fullsync, the master may decide to send both the RDB file and the 742 | # replication stream to the replica in parallel. This approach shifts the 743 | # responsibility of buffering the replication stream to the replica during the 744 | # fullsync process. The replica accumulates the replication stream data until 745 | # the RDB file is fully loaded. Once the RDB delivery is completed and 746 | # successfully loaded, the replica begins processing and applying the 747 | # accumulated replication data to the db. The configuration below controls how 748 | # much replication data the replica can accumulate during a fullsync. 749 | # 750 | # When the replica reaches this limit, it will stop accumulating further data. 751 | # At this point, additional data accumulation may occur on the master side 752 | # depending on the 'client-output-buffer-limit ' config of master. 753 | # 754 | # A value of 0 means replica inherits hard limit of 755 | # 'client-output-buffer-limit ' config to limit accumulation size. 756 | # 757 | # replica-full-sync-buffer-limit 0 758 | 759 | # The replica priority is an integer number published by Redis in the INFO 760 | # output. It is used by Redis Sentinel in order to select a replica to promote 761 | # into a master if the master is no longer working correctly. 762 | # 763 | # A replica with a low priority number is considered better for promotion, so 764 | # for instance if there are three replicas with priority 10, 100, 25 Sentinel 765 | # will pick the one with priority 10, that is the lowest. 766 | # 767 | # However a special priority of 0 marks the replica as not able to perform the 768 | # role of master, so a replica with priority of 0 will never be selected by 769 | # Redis Sentinel for promotion. 770 | # 771 | # By default the priority is 100. 772 | replica-priority 100 773 | 774 | # The propagation error behavior controls how Redis will behave when it is 775 | # unable to handle a command being processed in the replication stream from a master 776 | # or processed while reading from an AOF file. Errors that occur during propagation 777 | # are unexpected, and can cause data inconsistency. However, there are edge cases 778 | # in earlier versions of Redis where it was possible for the server to replicate or persist 779 | # commands that would fail on future versions. For this reason the default behavior 780 | # is to ignore such errors and continue processing commands. 781 | # 782 | # If an application wants to ensure there is no data divergence, this configuration 783 | # should be set to 'panic' instead. The value can also be set to 'panic-on-replicas' 784 | # to only panic when a replica encounters an error on the replication stream. One of 785 | # these two panic values will become the default value in the future once there are 786 | # sufficient safety mechanisms in place to prevent false positive crashes. 787 | # 788 | # propagation-error-behavior ignore 789 | 790 | # Replica ignore disk write errors controls the behavior of a replica when it is 791 | # unable to persist a write command received from its master to disk. By default, 792 | # this configuration is set to 'no' and will crash the replica in this condition. 793 | # It is not recommended to change this default, however in order to be compatible 794 | # with older versions of Redis this config can be toggled to 'yes' which will just 795 | # log a warning and execute the write command it got from the master. 796 | # 797 | # replica-ignore-disk-write-errors no 798 | 799 | # ----------------------------------------------------------------------------- 800 | # By default, Redis Sentinel includes all replicas in its reports. A replica 801 | # can be excluded from Redis Sentinel's announcements. An unannounced replica 802 | # will be ignored by the 'sentinel replicas ' command and won't be 803 | # exposed to Redis Sentinel's clients. 804 | # 805 | # This option does not change the behavior of replica-priority. Even with 806 | # replica-announced set to 'no', the replica can be promoted to master. To 807 | # prevent this behavior, set replica-priority to 0. 808 | # 809 | # replica-announced yes 810 | 811 | # It is possible for a master to stop accepting writes if there are less than 812 | # N replicas connected, having a lag less or equal than M seconds. 813 | # 814 | # The N replicas need to be in "online" state. 815 | # 816 | # The lag in seconds, that must be <= the specified value, is calculated from 817 | # the last ping received from the replica, that is usually sent every second. 818 | # 819 | # This option does not GUARANTEE that N replicas will accept the write, but 820 | # will limit the window of exposure for lost writes in case not enough replicas 821 | # are available, to the specified number of seconds. 822 | # 823 | # For example to require at least 3 replicas with a lag <= 10 seconds use: 824 | # 825 | # min-replicas-to-write 3 826 | # min-replicas-max-lag 10 827 | # 828 | # Setting one or the other to 0 disables the feature. 829 | # 830 | # By default min-replicas-to-write is set to 0 (feature disabled) and 831 | # min-replicas-max-lag is set to 10. 832 | 833 | # A Redis master is able to list the address and port of the attached 834 | # replicas in different ways. For example the "INFO replication" section 835 | # offers this information, which is used, among other tools, by 836 | # Redis Sentinel in order to discover replica instances. 837 | # Another place where this info is available is in the output of the 838 | # "ROLE" command of a master. 839 | # 840 | # The listed IP address and port normally reported by a replica is 841 | # obtained in the following way: 842 | # 843 | # IP: The address is auto detected by checking the peer address 844 | # of the socket used by the replica to connect with the master. 845 | # 846 | # Port: The port is communicated by the replica during the replication 847 | # handshake, and is normally the port that the replica is using to 848 | # listen for connections. 849 | # 850 | # However when port forwarding or Network Address Translation (NAT) is 851 | # used, the replica may actually be reachable via different IP and port 852 | # pairs. The following two options can be used by a replica in order to 853 | # report to its master a specific set of IP and port, so that both INFO 854 | # and ROLE will report those values. 855 | # 856 | # There is no need to use both the options if you need to override just 857 | # the port or the IP address. 858 | # 859 | # replica-announce-ip 5.5.5.5 860 | # replica-announce-port 1234 861 | 862 | ############################### KEYS TRACKING ################################# 863 | 864 | # Redis implements server assisted support for client side caching of values. 865 | # This is implemented using an invalidation table that remembers, using 866 | # a radix key indexed by key name, what clients have which keys. In turn 867 | # this is used in order to send invalidation messages to clients. Please 868 | # check this page to understand more about the feature: 869 | # 870 | # https://redis.io/docs/latest/develop/use/client-side-caching/ 871 | # 872 | # When tracking is enabled for a client, all the read only queries are assumed 873 | # to be cached: this will force Redis to store information in the invalidation 874 | # table. When keys are modified, such information is flushed away, and 875 | # invalidation messages are sent to the clients. However if the workload is 876 | # heavily dominated by reads, Redis could use more and more memory in order 877 | # to track the keys fetched by many clients. 878 | # 879 | # For this reason it is possible to configure a maximum fill value for the 880 | # invalidation table. By default it is set to 1M of keys, and once this limit 881 | # is reached, Redis will start to evict keys in the invalidation table 882 | # even if they were not modified, just to reclaim memory: this will in turn 883 | # force the clients to invalidate the cached values. Basically the table 884 | # maximum size is a trade off between the memory you want to spend server 885 | # side to track information about who cached what, and the ability of clients 886 | # to retain cached objects in memory. 887 | # 888 | # If you set the value to 0, it means there are no limits, and Redis will 889 | # retain as many keys as needed in the invalidation table. 890 | # In the "stats" INFO section, you can find information about the number of 891 | # keys in the invalidation table at every given moment. 892 | # 893 | # Note: when key tracking is used in broadcasting mode, no memory is used 894 | # in the server side so this setting is useless. 895 | # 896 | # tracking-table-max-keys 1000000 897 | 898 | ################################## SECURITY ################################### 899 | 900 | # Warning: since Redis is pretty fast, an outside user can try up to 901 | # 1 million passwords per second against a modern box. This means that you 902 | # should use very strong passwords, otherwise they will be very easy to break. 903 | # Note that because the password is really a shared secret between the client 904 | # and the server, and should not be memorized by any human, the password 905 | # can be easily a long string from /dev/urandom or whatever, so by using a 906 | # long and unguessable password no brute force attack will be possible. 907 | 908 | # Redis ACL users are defined in the following format: 909 | # 910 | # user ... acl rules ... 911 | # 912 | # For example: 913 | # 914 | # user worker +@list +@connection ~jobs:* on >ffa9203c493aa99 915 | # 916 | # The special username "default" is used for new connections. If this user 917 | # has the "nopass" rule, then new connections will be immediately authenticated 918 | # as the "default" user without the need of any password provided via the 919 | # AUTH command. Otherwise if the "default" user is not flagged with "nopass" 920 | # the connections will start in not authenticated state, and will require 921 | # AUTH (or the HELLO command AUTH option) in order to be authenticated and 922 | # start to work. 923 | # 924 | # The ACL rules that describe what a user can do are the following: 925 | # 926 | # on Enable the user: it is possible to authenticate as this user. 927 | # off Disable the user: it's no longer possible to authenticate 928 | # with this user, however the already authenticated connections 929 | # will still work. 930 | # skip-sanitize-payload RESTORE dump-payload sanitization is skipped. 931 | # sanitize-payload RESTORE dump-payload is sanitized (default). 932 | # + Allow the execution of that command. 933 | # May be used with `|` for allowing subcommands (e.g "+config|get") 934 | # - Disallow the execution of that command. 935 | # May be used with `|` for blocking subcommands (e.g "-config|set") 936 | # +@ Allow the execution of all the commands in such category 937 | # with valid categories are like @admin, @set, @sortedset, ... 938 | # and so forth, see the full list in the server.c file where 939 | # the Redis command table is described and defined. 940 | # The special category @all means all the commands, but currently 941 | # present in the server, and that will be loaded in the future 942 | # via modules. 943 | # +|first-arg Allow a specific first argument of an otherwise 944 | # disabled command. It is only supported on commands with 945 | # no sub-commands, and is not allowed as negative form 946 | # like -SELECT|1, only additive starting with "+". This 947 | # feature is deprecated and may be removed in the future. 948 | # allcommands Alias for +@all. Note that it implies the ability to execute 949 | # all the future commands loaded via the modules system. 950 | # nocommands Alias for -@all. 951 | # ~ Add a pattern of keys that can be mentioned as part of 952 | # commands. For instance ~* allows all the keys. The pattern 953 | # is a glob-style pattern like the one of KEYS. 954 | # It is possible to specify multiple patterns. 955 | # %R~ Add key read pattern that specifies which keys can be read 956 | # from. 957 | # %W~ Add key write pattern that specifies which keys can be 958 | # written to. 959 | # allkeys Alias for ~* 960 | # resetkeys Flush the list of allowed keys patterns. 961 | # & Add a glob-style pattern of Pub/Sub channels that can be 962 | # accessed by the user. It is possible to specify multiple channel 963 | # patterns. 964 | # allchannels Alias for &* 965 | # resetchannels Flush the list of allowed channel patterns. 966 | # > Add this password to the list of valid password for the user. 967 | # For example >mypass will add "mypass" to the list. 968 | # This directive clears the "nopass" flag (see later). 969 | # < Remove this password from the list of valid passwords. 970 | # nopass All the set passwords of the user are removed, and the user 971 | # is flagged as requiring no password: it means that every 972 | # password will work against this user. If this directive is 973 | # used for the default user, every new connection will be 974 | # immediately authenticated with the default user without 975 | # any explicit AUTH command required. Note that the "resetpass" 976 | # directive will clear this condition. 977 | # resetpass Flush the list of allowed passwords. Moreover removes the 978 | # "nopass" status. After "resetpass" the user has no associated 979 | # passwords and there is no way to authenticate without adding 980 | # some password (or setting it as "nopass" later). 981 | # reset Performs the following actions: resetpass, resetkeys, resetchannels, 982 | # allchannels (if acl-pubsub-default is set), off, clearselectors, -@all. 983 | # The user returns to the same state it has immediately after its creation. 984 | # () Create a new selector with the options specified within the 985 | # parentheses and attach it to the user. Each option should be 986 | # space separated. The first character must be ( and the last 987 | # character must be ). 988 | # clearselectors Remove all of the currently attached selectors. 989 | # Note this does not change the "root" user permissions, 990 | # which are the permissions directly applied onto the 991 | # user (outside the parentheses). 992 | # 993 | # ACL rules can be specified in any order: for instance you can start with 994 | # passwords, then flags, or key patterns. However note that the additive 995 | # and subtractive rules will CHANGE MEANING depending on the ordering. 996 | # For instance see the following example: 997 | # 998 | # user alice on +@all -DEBUG ~* >somepassword 999 | # 1000 | # This will allow "alice" to use all the commands with the exception of the 1001 | # DEBUG command, since +@all added all the commands to the set of the commands 1002 | # alice can use, and later DEBUG was removed. However if we invert the order 1003 | # of two ACL rules the result will be different: 1004 | # 1005 | # user alice on -DEBUG +@all ~* >somepassword 1006 | # 1007 | # Now DEBUG was removed when alice had yet no commands in the set of allowed 1008 | # commands, later all the commands are added, so the user will be able to 1009 | # execute everything. 1010 | # 1011 | # Basically ACL rules are processed left-to-right. 1012 | # 1013 | # The following is a list of command categories and their meanings: 1014 | # * keyspace - Writing or reading from keys, databases, or their metadata 1015 | # in a type agnostic way. Includes DEL, RESTORE, DUMP, RENAME, EXISTS, DBSIZE, 1016 | # KEYS, EXPIRE, TTL, FLUSHALL, etc. Commands that may modify the keyspace, 1017 | # key or metadata will also have `write` category. Commands that only read 1018 | # the keyspace, key or metadata will have the `read` category. 1019 | # * read - Reading from keys (values or metadata). Note that commands that don't 1020 | # interact with keys, will not have either `read` or `write`. 1021 | # * write - Writing to keys (values or metadata) 1022 | # * admin - Administrative commands. Normal applications will never need to use 1023 | # these. Includes REPLICAOF, CONFIG, DEBUG, SAVE, MONITOR, ACL, SHUTDOWN, etc. 1024 | # * dangerous - Potentially dangerous (each should be considered with care for 1025 | # various reasons). This includes FLUSHALL, MIGRATE, RESTORE, SORT, KEYS, 1026 | # CLIENT, DEBUG, INFO, CONFIG, SAVE, REPLICAOF, etc. 1027 | # * connection - Commands affecting the connection or other connections. 1028 | # This includes AUTH, SELECT, COMMAND, CLIENT, ECHO, PING, etc. 1029 | # * blocking - Potentially blocking the connection until released by another 1030 | # command. 1031 | # * fast - Fast O(1) commands. May loop on the number of arguments, but not the 1032 | # number of elements in the key. 1033 | # * slow - All commands that are not Fast. 1034 | # * pubsub - PUBLISH / SUBSCRIBE related 1035 | # * transaction - WATCH / MULTI / EXEC related commands. 1036 | # * scripting - Scripting related. 1037 | # * set - Data type: sets related. 1038 | # * sortedset - Data type: zsets related. 1039 | # * list - Data type: lists related. 1040 | # * hash - Data type: hashes related. 1041 | # * string - Data type: strings related. 1042 | # * bitmap - Data type: bitmaps related. 1043 | # * hyperloglog - Data type: hyperloglog related. 1044 | # * geo - Data type: geo related. 1045 | # * stream - Data type: streams related. 1046 | # 1047 | # For more information about ACL configuration please refer to 1048 | # the Redis web site at https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/ 1049 | 1050 | # ACL LOG 1051 | # 1052 | # The ACL Log tracks failed commands and authentication events associated 1053 | # with ACLs. The ACL Log is useful to troubleshoot failed commands blocked 1054 | # by ACLs. The ACL Log is stored in memory. You can reclaim memory with 1055 | # ACL LOG RESET. Define the maximum entry length of the ACL Log below. 1056 | acllog-max-len 128 1057 | 1058 | # Using an external ACL file 1059 | # 1060 | # Instead of configuring users here in this file, it is possible to use 1061 | # a stand-alone file just listing users. The two methods cannot be mixed: 1062 | # if you configure users here and at the same time you activate the external 1063 | # ACL file, the server will refuse to start. 1064 | # 1065 | # The format of the external ACL user file is exactly the same as the 1066 | # format that is used inside redis.conf to describe users. 1067 | # 1068 | # aclfile /etc/redis/users.acl 1069 | 1070 | # IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility 1071 | # layer on top of the new ACL system. The option effect will be just setting 1072 | # the password for the default user. Clients will still authenticate using 1073 | # AUTH as usually, or more explicitly with AUTH default 1074 | # if they follow the new protocol: both will work. 1075 | # 1076 | # The requirepass is not compatible with aclfile option and the ACL LOAD 1077 | # command, these will cause requirepass to be ignored. 1078 | # 1079 | # requirepass foobared 1080 | 1081 | # New users are initialized with restrictive permissions by default, via the 1082 | # equivalent of this ACL rule 'off resetkeys -@all'. Starting with Redis 6.2, it 1083 | # is possible to manage access to Pub/Sub channels with ACL rules as well. The 1084 | # default Pub/Sub channels permission if new users is controlled by the 1085 | # acl-pubsub-default configuration directive, which accepts one of these values: 1086 | # 1087 | # allchannels: grants access to all Pub/Sub channels 1088 | # resetchannels: revokes access to all Pub/Sub channels 1089 | # 1090 | # From Redis 7.0, acl-pubsub-default defaults to 'resetchannels' permission. 1091 | # 1092 | # acl-pubsub-default resetchannels 1093 | 1094 | # Command renaming (DEPRECATED). 1095 | # 1096 | # ------------------------------------------------------------------------ 1097 | # WARNING: avoid using this option if possible. Instead use ACLs to remove 1098 | # commands from the default user, and put them only in some admin user you 1099 | # create for administrative purposes. 1100 | # ------------------------------------------------------------------------ 1101 | # 1102 | # It is possible to change the name of dangerous commands in a shared 1103 | # environment. For instance the CONFIG command may be renamed into something 1104 | # hard to guess so that it will still be available for internal-use tools 1105 | # but not available for general clients. 1106 | # 1107 | # Example: 1108 | # 1109 | # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 1110 | # 1111 | # It is also possible to completely kill a command by renaming it into 1112 | # an empty string: 1113 | # 1114 | # rename-command CONFIG "" 1115 | # 1116 | # Please note that changing the name of commands that are logged into the 1117 | # AOF file or transmitted to replicas may cause problems. 1118 | 1119 | ################################### CLIENTS #################################### 1120 | 1121 | # Set the max number of connected clients at the same time. By default 1122 | # this limit is set to 10000 clients, however if the Redis server is not 1123 | # able to configure the process file limit to allow for the specified limit 1124 | # the max number of allowed clients is set to the current file limit 1125 | # minus 32 (as Redis reserves a few file descriptors for internal uses). 1126 | # 1127 | # Once the limit is reached Redis will close all the new connections sending 1128 | # an error 'max number of clients reached'. 1129 | # 1130 | # IMPORTANT: When Redis Cluster is used, the max number of connections is also 1131 | # shared with the cluster bus: every node in the cluster will use two 1132 | # connections, one incoming and another outgoing. It is important to size the 1133 | # limit accordingly in case of very large clusters. 1134 | # 1135 | # maxclients 10000 1136 | 1137 | ############################## MEMORY MANAGEMENT ################################ 1138 | 1139 | # Set a memory usage limit to the specified amount of bytes. 1140 | # When the memory limit is reached Redis will try to remove keys 1141 | # according to the eviction policy selected (see maxmemory-policy). 1142 | # 1143 | # If Redis can't remove keys according to the policy, or if the policy is 1144 | # set to 'noeviction', Redis will start to reply with errors to commands 1145 | # that would use more memory, like SET, LPUSH, and so on, and will continue 1146 | # to reply to read-only commands like GET. 1147 | # 1148 | # This option is usually useful when using Redis as an LRU or LFU cache, or to 1149 | # set a hard memory limit for an instance (using the 'noeviction' policy). 1150 | # 1151 | # WARNING: If you have replicas attached to an instance with maxmemory on, 1152 | # the size of the output buffers needed to feed the replicas are subtracted 1153 | # from the used memory count, so that network problems / resyncs will 1154 | # not trigger a loop where keys are evicted, and in turn the output 1155 | # buffer of replicas is full with DELs of keys evicted triggering the deletion 1156 | # of more keys, and so forth until the database is completely emptied. 1157 | # 1158 | # In short... if you have replicas attached it is suggested that you set a lower 1159 | # limit for maxmemory so that there is some free RAM on the system for replica 1160 | # output buffers (but this is not needed if the policy is 'noeviction'). 1161 | # 1162 | # maxmemory 1163 | 1164 | # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory 1165 | # is reached. You can select one from the following behaviors: 1166 | # 1167 | # volatile-lru -> Evict using approximated LRU, only keys with an expire set. 1168 | # allkeys-lru -> Evict any key using approximated LRU. 1169 | # volatile-lfu -> Evict using approximated LFU, only keys with an expire set. 1170 | # allkeys-lfu -> Evict any key using approximated LFU. 1171 | # volatile-random -> Remove a random key having an expire set. 1172 | # allkeys-random -> Remove a random key, any key. 1173 | # volatile-ttl -> Remove the key with the nearest expire time (minor TTL) 1174 | # noeviction -> Don't evict anything, just return an error on write operations. 1175 | # 1176 | # LRU means Least Recently Used 1177 | # LFU means Least Frequently Used 1178 | # 1179 | # Both LRU, LFU and volatile-ttl are implemented using approximated 1180 | # randomized algorithms. 1181 | # 1182 | # Note: with any of the above policies, when there are no suitable keys for 1183 | # eviction, Redis will return an error on write operations that require 1184 | # more memory. These are usually commands that create new keys, add data or 1185 | # modify existing keys. A few examples are: SET, INCR, HSET, LPUSH, SUNIONSTORE, 1186 | # SORT (due to the STORE argument), and EXEC (if the transaction includes any 1187 | # command that requires memory). 1188 | # 1189 | # The default is: 1190 | # 1191 | maxmemory-policy volatile-lru 1192 | 1193 | # LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated 1194 | # algorithms (in order to save memory), so you can tune it for speed or 1195 | # accuracy. By default Redis will check five keys and pick the one that was 1196 | # used least recently, you can change the sample size using the following 1197 | # configuration directive. 1198 | # 1199 | # The default of 5 produces good enough results. 10 Approximates very closely 1200 | # true LRU but costs more CPU. 3 is faster but not very accurate. The maximum 1201 | # value that can be set is 64. 1202 | # 1203 | # maxmemory-samples 5 1204 | 1205 | # Eviction processing is designed to function well with the default setting. 1206 | # If there is an unusually large amount of write traffic, this value may need to 1207 | # be increased. Decreasing this value may reduce latency at the risk of 1208 | # eviction processing effectiveness 1209 | # 0 = minimum latency, 10 = default, 100 = process without regard to latency 1210 | # 1211 | # maxmemory-eviction-tenacity 10 1212 | 1213 | # Starting from Redis 5, by default a replica will ignore its maxmemory setting 1214 | # (unless it is promoted to master after a failover or manually). It means 1215 | # that the eviction of keys will be just handled by the master, sending the 1216 | # DEL commands to the replica as keys evict in the master side. 1217 | # 1218 | # This behavior ensures that masters and replicas stay consistent, and is usually 1219 | # what you want, however if your replica is writable, or you want the replica 1220 | # to have a different memory setting, and you are sure all the writes performed 1221 | # to the replica are idempotent, then you may change this default (but be sure 1222 | # to understand what you are doing). 1223 | # 1224 | # Note that since the replica by default does not evict, it may end using more 1225 | # memory than the one set via maxmemory (there are certain buffers that may 1226 | # be larger on the replica, or data structures may sometimes take more memory 1227 | # and so forth). So make sure you monitor your replicas and make sure they 1228 | # have enough memory to never hit a real out-of-memory condition before the 1229 | # master hits the configured maxmemory setting. 1230 | # 1231 | # replica-ignore-maxmemory yes 1232 | 1233 | # Redis reclaims expired keys in two ways: upon access when those keys are 1234 | # found to be expired, and also in background, in what is called the 1235 | # "active expire key". The key space is slowly and interactively scanned 1236 | # looking for expired keys to reclaim, so that it is possible to free memory 1237 | # of keys that are expired and will never be accessed again in a short time. 1238 | # 1239 | # The default effort of the expire cycle will try to avoid having more than 1240 | # ten percent of expired keys still in memory, and will try to avoid consuming 1241 | # more than 25% of total memory and to add latency to the system. However 1242 | # it is possible to increase the expire "effort" that is normally set to 1243 | # "1", to a greater value, up to the value "10". At its maximum value the 1244 | # system will use more CPU, longer cycles (and technically may introduce 1245 | # more latency), and will tolerate less already expired keys still present 1246 | # in the system. It's a tradeoff between memory, CPU and latency. 1247 | # 1248 | # active-expire-effort 1 1249 | 1250 | ############################# LAZY FREEING #################################### 1251 | 1252 | # Redis has two primitives to delete keys. One is called DEL and is a blocking 1253 | # deletion of the object. It means that the server stops processing new commands 1254 | # in order to reclaim all the memory associated with an object in a synchronous 1255 | # way. If the key deleted is associated with a small object, the time needed 1256 | # in order to execute the DEL command is very small and comparable to most other 1257 | # O(1) or O(log_N) commands in Redis. However if the key is associated with an 1258 | # aggregated value containing millions of elements, the server can block for 1259 | # a long time (even seconds) in order to complete the operation. 1260 | # 1261 | # For the above reasons Redis also offers non blocking deletion primitives 1262 | # such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and 1263 | # FLUSHDB commands, in order to reclaim memory in background. Those commands 1264 | # are executed in constant time. Another thread will incrementally free the 1265 | # object in the background as fast as possible. 1266 | # 1267 | # DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled. 1268 | # It's up to the design of the application to understand when it is a good 1269 | # idea to use one or the other. However the Redis server sometimes has to 1270 | # delete keys or flush the whole database as a side effect of other operations. 1271 | # Specifically Redis deletes objects independently of a user call in the 1272 | # following scenarios: 1273 | # 1274 | # 1) On eviction, because of the maxmemory and maxmemory policy configurations, 1275 | # in order to make room for new data, without going over the specified 1276 | # memory limit. 1277 | # 2) Because of expire: when a key with an associated time to live (see the 1278 | # EXPIRE command) must be deleted from memory. 1279 | # 3) Because of a side effect of a command that stores data on a key that may 1280 | # already exist. For example the RENAME command may delete the old key 1281 | # content when it is replaced with another one. Similarly SUNIONSTORE 1282 | # or SORT with STORE option may delete existing keys. The SET command 1283 | # itself removes any old content of the specified key in order to replace 1284 | # it with the specified string. 1285 | # 4) During replication, when a replica performs a full resynchronization with 1286 | # its master, the content of the whole database is removed in order to 1287 | # load the RDB file just transferred. 1288 | # 1289 | # In all the above cases the default is to delete objects in a blocking way, 1290 | # like if DEL was called. However you can configure each case specifically 1291 | # in order to instead release memory in a non-blocking way like if UNLINK 1292 | # was called, using the following configuration directives. 1293 | 1294 | lazyfree-lazy-eviction no 1295 | lazyfree-lazy-expire no 1296 | lazyfree-lazy-server-del no 1297 | replica-lazy-flush no 1298 | 1299 | # It is also possible, for the case when to replace the user code DEL calls 1300 | # with UNLINK calls is not easy, to modify the default behavior of the DEL 1301 | # command to act exactly like UNLINK, using the following configuration 1302 | # directive: 1303 | 1304 | lazyfree-lazy-user-del no 1305 | 1306 | # FLUSHDB, FLUSHALL, SCRIPT FLUSH and FUNCTION FLUSH support both asynchronous and synchronous 1307 | # deletion, which can be controlled by passing the [SYNC|ASYNC] flags into the 1308 | # commands. When neither flag is passed, this directive will be used to determine 1309 | # if the data should be deleted asynchronously. 1310 | 1311 | lazyfree-lazy-user-flush no 1312 | 1313 | ################################ THREADED I/O ################################# 1314 | 1315 | # Redis is mostly single threaded, however there are certain threaded 1316 | # operations such as UNLINK, slow I/O accesses and other things that are 1317 | # performed on side threads. 1318 | # 1319 | # Now it is also possible to handle Redis clients socket reads and writes 1320 | # in different I/O threads. Since especially writing is so slow, normally 1321 | # Redis users use pipelining in order to speed up the Redis performances per 1322 | # core, and spawn multiple instances in order to scale more. Using I/O 1323 | # threads it is possible to easily speedup several times Redis without resorting 1324 | # to pipelining nor sharding of the instance. 1325 | # 1326 | # By default threading is disabled, we suggest enabling it only in machines 1327 | # that have at least 4 or more cores, leaving at least one spare core. 1328 | # We also recommend using threaded I/O only if you actually have performance 1329 | # problems, with Redis instances being able to use a quite big percentage of 1330 | # CPU time, otherwise there is no point in using this feature. 1331 | # 1332 | # So for instance if you have a four cores boxes, try to use 3 I/O 1333 | # threads, if you have a 8 cores, try to use 7 threads. In order to 1334 | # enable I/O threads use the following configuration directive: 1335 | # 1336 | # io-threads 4 1337 | # 1338 | # Setting io-threads to 1 will just use the main thread as usual. 1339 | # When I/O threads are enabled, we not only use threads for writes, that 1340 | # is to thread the write(2) syscall and transfer the client buffers to the 1341 | # socket, but also use threads for reads and protocol parsing. 1342 | # 1343 | # NOTE: If you want to test the Redis speedup using redis-benchmark, make 1344 | # sure you also run the benchmark itself in threaded mode, using the 1345 | # --threads option to match the number of Redis threads, otherwise you'll not 1346 | # be able to notice the improvements. 1347 | 1348 | ############################ KERNEL OOM CONTROL ############################## 1349 | 1350 | # On Linux, it is possible to hint the kernel OOM killer on what processes 1351 | # should be killed first when out of memory. 1352 | # 1353 | # Enabling this feature makes Redis actively control the oom_score_adj value 1354 | # for all its processes, depending on their role. The default scores will 1355 | # attempt to have background child processes killed before all others, and 1356 | # replicas killed before masters. 1357 | # 1358 | # Redis supports these options: 1359 | # 1360 | # no: Don't make changes to oom-score-adj (default). 1361 | # yes: Alias to "relative" see below. 1362 | # absolute: Values in oom-score-adj-values are written as is to the kernel. 1363 | # relative: Values are used relative to the initial value of oom_score_adj when 1364 | # the server starts and are then clamped to a range of -1000 to 1000. 1365 | # Because typically the initial value is 0, they will often match the 1366 | # absolute values. 1367 | oom-score-adj no 1368 | 1369 | # When oom-score-adj is used, this directive controls the specific values used 1370 | # for master, replica and background child processes. Values range -2000 to 1371 | # 2000 (higher means more likely to be killed). 1372 | # 1373 | # Unprivileged processes (not root, and without CAP_SYS_RESOURCE capabilities) 1374 | # can freely increase their value, but not decrease it below its initial 1375 | # settings. This means that setting oom-score-adj to "relative" and setting the 1376 | # oom-score-adj-values to positive values will always succeed. 1377 | oom-score-adj-values 0 200 800 1378 | 1379 | 1380 | #################### KERNEL transparent hugepage CONTROL ###################### 1381 | 1382 | # Usually the kernel Transparent Huge Pages control is set to "madvise" or 1383 | # "never" by default (/sys/kernel/mm/transparent_hugepage/enabled), in which 1384 | # case this config has no effect. On systems in which it is set to "always", 1385 | # redis will attempt to disable it specifically for the redis process in order 1386 | # to avoid latency problems specifically with fork(2) and CoW. 1387 | # If for some reason you prefer to keep it enabled, you can set this config to 1388 | # "no" and the kernel global to "always". 1389 | 1390 | disable-thp yes 1391 | 1392 | ############################## APPEND ONLY MODE ############################### 1393 | 1394 | # By default Redis asynchronously dumps the dataset on disk. This mode is 1395 | # good enough in many applications, but an issue with the Redis process or 1396 | # a power outage may result into a few minutes of writes lost (depending on 1397 | # the configured save points). 1398 | # 1399 | # The Append Only File is an alternative persistence mode that provides 1400 | # much better durability. For instance using the default data fsync policy 1401 | # (see later in the config file) Redis can lose just one second of writes in a 1402 | # dramatic event like a server power outage, or a single write if something 1403 | # wrong with the Redis process itself happens, but the operating system is 1404 | # still running correctly. 1405 | # 1406 | # AOF and RDB persistence can be enabled at the same time without problems. 1407 | # If the AOF is enabled on startup Redis will load the AOF, that is the file 1408 | # with the better durability guarantees. 1409 | # 1410 | # Note that changing this value in a config file of an existing database and 1411 | # restarting the server can lead to data loss. A conversion needs to be done 1412 | # by setting it via CONFIG command on a live server first. 1413 | # 1414 | # Please check https://redis.io/docs/latest/operate/oss_and_stack/management/persistence/ for more information. 1415 | 1416 | appendonly no 1417 | 1418 | # The base name of the append only file. 1419 | # 1420 | # Redis 7 and newer use a set of append-only files to persist the dataset 1421 | # and changes applied to it. There are two basic types of files in use: 1422 | # 1423 | # - Base files, which are a snapshot representing the complete state of the 1424 | # dataset at the time the file was created. Base files can be either in 1425 | # the form of RDB (binary serialized) or AOF (textual commands). 1426 | # - Incremental files, which contain additional commands that were applied 1427 | # to the dataset following the previous file. 1428 | # 1429 | # In addition, manifest files are used to track the files and the order in 1430 | # which they were created and should be applied. 1431 | # 1432 | # Append-only file names are created by Redis following a specific pattern. 1433 | # The file name's prefix is based on the 'appendfilename' configuration 1434 | # parameter, followed by additional information about the sequence and type. 1435 | # 1436 | # For example, if appendfilename is set to appendonly.aof, the following file 1437 | # names could be derived: 1438 | # 1439 | # - appendonly.aof.1.base.rdb as a base file. 1440 | # - appendonly.aof.1.incr.aof, appendonly.aof.2.incr.aof as incremental files. 1441 | # - appendonly.aof.manifest as a manifest file. 1442 | 1443 | appendfilename "appendonly.aof" 1444 | 1445 | # For convenience, Redis stores all persistent append-only files in a dedicated 1446 | # directory. The name of the directory is determined by the appenddirname 1447 | # configuration parameter. 1448 | 1449 | appenddirname "appendonlydir" 1450 | 1451 | # The fsync() call tells the Operating System to actually write data on disk 1452 | # instead of waiting for more data in the output buffer. Some OS will really flush 1453 | # data on disk, some other OS will just try to do it ASAP. 1454 | # 1455 | # Redis supports three different modes: 1456 | # 1457 | # no: don't fsync, just let the OS flush the data when it wants. Faster. 1458 | # always: fsync after every write to the append only log. Slow, Safest. 1459 | # everysec: fsync only one time every second. Compromise. 1460 | # 1461 | # The default is "everysec", as that's usually the right compromise between 1462 | # speed and data safety. It's up to you to understand if you can relax this to 1463 | # "no" that will let the operating system flush the output buffer when 1464 | # it wants, for better performances (but if you can live with the idea of 1465 | # some data loss consider the default persistence mode that's snapshotting), 1466 | # or on the contrary, use "always" that's very slow but a bit safer than 1467 | # everysec. 1468 | # 1469 | # More details please check the following article: 1470 | # http://antirez.com/post/redis-persistence-demystified.html 1471 | # 1472 | # If unsure, use "everysec". 1473 | 1474 | # appendfsync always 1475 | appendfsync everysec 1476 | # appendfsync no 1477 | 1478 | # When the AOF fsync policy is set to always or everysec, and a background 1479 | # saving process (a background save or AOF log background rewriting) is 1480 | # performing a lot of I/O against the disk, in some Linux configurations 1481 | # Redis may block too long on the fsync() call. Note that there is no fix for 1482 | # this currently, as even performing fsync in a different thread will block 1483 | # our synchronous write(2) call. 1484 | # 1485 | # In order to mitigate this problem it's possible to use the following option 1486 | # that will prevent fsync() from being called in the main process while a 1487 | # BGSAVE or BGREWRITEAOF is in progress. 1488 | # 1489 | # This means that while another child is saving, the durability of Redis is 1490 | # the same as "appendfsync no". In practical terms, this means that it is 1491 | # possible to lose up to 30 seconds of log in the worst scenario (with the 1492 | # default Linux settings). 1493 | # 1494 | # If you have latency problems turn this to "yes". Otherwise leave it as 1495 | # "no" that is the safest pick from the point of view of durability. 1496 | 1497 | no-appendfsync-on-rewrite no 1498 | 1499 | # Automatic rewrite of the append only file. 1500 | # Redis is able to automatically rewrite the log file implicitly calling 1501 | # BGREWRITEAOF when the AOF log size grows by the specified percentage. 1502 | # 1503 | # This is how it works: Redis remembers the size of the AOF file after the 1504 | # latest rewrite (if no rewrite has happened since the restart, the size of 1505 | # the AOF at startup is used). 1506 | # 1507 | # This base size is compared to the current size. If the current size is 1508 | # bigger than the specified percentage, the rewrite is triggered. Also 1509 | # you need to specify a minimal size for the AOF file to be rewritten, this 1510 | # is useful to avoid rewriting the AOF file even if the percentage increase 1511 | # is reached but it is still pretty small. 1512 | # 1513 | # Specify a percentage of zero in order to disable the automatic AOF 1514 | # rewrite feature. 1515 | 1516 | auto-aof-rewrite-percentage 100 1517 | auto-aof-rewrite-min-size 64mb 1518 | 1519 | # An AOF file may be found to be truncated at the end during the Redis 1520 | # startup process, when the AOF data gets loaded back into memory. 1521 | # This may happen when the system where Redis is running 1522 | # crashes, especially when an ext4 filesystem is mounted without the 1523 | # data=ordered option (however this can't happen when Redis itself 1524 | # crashes or aborts but the operating system still works correctly). 1525 | # 1526 | # Redis can either exit with an error when this happens, or load as much 1527 | # data as possible (the default now) and start if the AOF file is found 1528 | # to be truncated at the end. The following option controls this behavior. 1529 | # 1530 | # If aof-load-truncated is set to yes, a truncated AOF file is loaded and 1531 | # the Redis server starts emitting a log to inform the user of the event. 1532 | # Otherwise if the option is set to no, the server aborts with an error 1533 | # and refuses to start. When the option is set to no, the user requires 1534 | # to fix the AOF file using the "redis-check-aof" utility before to restart 1535 | # the server. 1536 | # 1537 | # Note that if the AOF file will be found to be corrupted in the middle 1538 | # the server will still exit with an error. This option only applies when 1539 | # Redis will try to read more data from the AOF file but not enough bytes 1540 | # will be found. 1541 | aof-load-truncated yes 1542 | 1543 | # Redis can create append-only base files in either RDB or AOF formats. Using 1544 | # the RDB format is always faster and more efficient, and disabling it is only 1545 | # supported for backward compatibility purposes. 1546 | aof-use-rdb-preamble yes 1547 | 1548 | # Redis supports recording timestamp annotations in the AOF to support restoring 1549 | # the data from a specific point-in-time. However, using this capability changes 1550 | # the AOF format in a way that may not be compatible with existing AOF parsers. 1551 | aof-timestamp-enabled no 1552 | 1553 | ################################ SHUTDOWN ##################################### 1554 | 1555 | # Maximum time to wait for replicas when shutting down, in seconds. 1556 | # 1557 | # During shut down, a grace period allows any lagging replicas to catch up with 1558 | # the latest replication offset before the master exists. This period can 1559 | # prevent data loss, especially for deployments without configured disk backups. 1560 | # 1561 | # The 'shutdown-timeout' value is the grace period's duration in seconds. It is 1562 | # only applicable when the instance has replicas. To disable the feature, set 1563 | # the value to 0. 1564 | # 1565 | # shutdown-timeout 10 1566 | 1567 | # When Redis receives a SIGINT or SIGTERM, shutdown is initiated and by default 1568 | # an RDB snapshot is written to disk in a blocking operation if save points are configured. 1569 | # The options used on signaled shutdown can include the following values: 1570 | # default: Saves RDB snapshot only if save points are configured. 1571 | # Waits for lagging replicas to catch up. 1572 | # save: Forces a DB saving operation even if no save points are configured. 1573 | # nosave: Prevents DB saving operation even if one or more save points are configured. 1574 | # now: Skips waiting for lagging replicas. 1575 | # force: Ignores any errors that would normally prevent the server from exiting. 1576 | # 1577 | # Any combination of values is allowed as long as "save" and "nosave" are not set simultaneously. 1578 | # Example: "nosave force now" 1579 | # 1580 | # shutdown-on-sigint default 1581 | # shutdown-on-sigterm default 1582 | 1583 | ################ NON-DETERMINISTIC LONG BLOCKING COMMANDS ##################### 1584 | 1585 | # Maximum time in milliseconds for EVAL scripts, functions and in some cases 1586 | # modules' commands before Redis can start processing or rejecting other clients. 1587 | # 1588 | # If the maximum execution time is reached Redis will start to reply to most 1589 | # commands with a BUSY error. 1590 | # 1591 | # In this state Redis will only allow a handful of commands to be executed. 1592 | # For instance, SCRIPT KILL, FUNCTION KILL, SHUTDOWN NOSAVE and possibly some 1593 | # module specific 'allow-busy' commands. 1594 | # 1595 | # SCRIPT KILL and FUNCTION KILL will only be able to stop a script that did not 1596 | # yet call any write commands, so SHUTDOWN NOSAVE may be the only way to stop 1597 | # the server in the case a write command was already issued by the script when 1598 | # the user doesn't want to wait for the natural termination of the script. 1599 | # 1600 | # The default is 5 seconds. It is possible to set it to 0 or a negative value 1601 | # to disable this mechanism (uninterrupted execution). Note that in the past 1602 | # this config had a different name, which is now an alias, so both of these do 1603 | # the same: 1604 | # lua-time-limit 5000 1605 | # busy-reply-threshold 5000 1606 | 1607 | ################################ REDIS CLUSTER ############################### 1608 | 1609 | # Normal Redis instances can't be part of a Redis Cluster; only nodes that are 1610 | # started as cluster nodes can. In order to start a Redis instance as a 1611 | # cluster node enable the cluster support uncommenting the following: 1612 | # 1613 | # cluster-enabled yes 1614 | 1615 | # Every cluster node has a cluster configuration file. This file is not 1616 | # intended to be edited by hand. It is created and updated by Redis nodes. 1617 | # Every Redis Cluster node requires a different cluster configuration file. 1618 | # Make sure that instances running in the same system do not have 1619 | # overlapping cluster configuration file names. 1620 | # 1621 | # cluster-config-file nodes-6379.conf 1622 | 1623 | # Cluster node timeout is the amount of milliseconds a node must be unreachable 1624 | # for it to be considered in failure state. 1625 | # Most other internal time limits are a multiple of the node timeout. 1626 | # 1627 | # cluster-node-timeout 15000 1628 | 1629 | # The cluster port is the port that the cluster bus will listen for inbound connections on. When set 1630 | # to the default value, 0, it will be bound to the command port + 10000. Setting this value requires 1631 | # you to specify the cluster bus port when executing cluster meet. 1632 | # cluster-port 0 1633 | 1634 | # A replica of a failing master will avoid to start a failover if its data 1635 | # looks too old. 1636 | # 1637 | # There is no simple way for a replica to actually have an exact measure of 1638 | # its "data age", so the following two checks are performed: 1639 | # 1640 | # 1) If there are multiple replicas able to failover, they exchange messages 1641 | # in order to try to give an advantage to the replica with the best 1642 | # replication offset (more data from the master processed). 1643 | # Replicas will try to get their rank by offset, and apply to the start 1644 | # of the failover a delay proportional to their rank. 1645 | # 1646 | # 2) Every single replica computes the time of the last interaction with 1647 | # its master. This can be the last ping or command received (if the master 1648 | # is still in the "connected" state), or the time that elapsed since the 1649 | # disconnection with the master (if the replication link is currently down). 1650 | # If the last interaction is too old, the replica will not try to failover 1651 | # at all. 1652 | # 1653 | # The point "2" can be tuned by user. Specifically a replica will not perform 1654 | # the failover if, since the last interaction with the master, the time 1655 | # elapsed is greater than: 1656 | # 1657 | # (node-timeout * cluster-replica-validity-factor) + repl-ping-replica-period 1658 | # 1659 | # So for example if node-timeout is 30 seconds, and the cluster-replica-validity-factor 1660 | # is 10, and assuming a default repl-ping-replica-period of 10 seconds, the 1661 | # replica will not try to failover if it was not able to talk with the master 1662 | # for longer than 310 seconds. 1663 | # 1664 | # A large cluster-replica-validity-factor may allow replicas with too old data to failover 1665 | # a master, while a too small value may prevent the cluster from being able to 1666 | # elect a replica at all. 1667 | # 1668 | # For maximum availability, it is possible to set the cluster-replica-validity-factor 1669 | # to a value of 0, which means, that replicas will always try to failover the 1670 | # master regardless of the last time they interacted with the master. 1671 | # (However they'll always try to apply a delay proportional to their 1672 | # offset rank). 1673 | # 1674 | # Zero is the only value able to guarantee that when all the partitions heal 1675 | # the cluster will always be able to continue. 1676 | # 1677 | # cluster-replica-validity-factor 10 1678 | 1679 | # Cluster replicas are able to migrate to orphaned masters, that are masters 1680 | # that are left without working replicas. This improves the cluster ability 1681 | # to resist to failures as otherwise an orphaned master can't be failed over 1682 | # in case of failure if it has no working replicas. 1683 | # 1684 | # Replicas migrate to orphaned masters only if there are still at least a 1685 | # given number of other working replicas for their old master. This number 1686 | # is the "migration barrier". A migration barrier of 1 means that a replica 1687 | # will migrate only if there is at least 1 other working replica for its master 1688 | # and so forth. It usually reflects the number of replicas you want for every 1689 | # master in your cluster. 1690 | # 1691 | # Default is 1 (replicas migrate only if their masters remain with at least 1692 | # one replica). To disable migration just set it to a very large value or 1693 | # set cluster-allow-replica-migration to 'no'. 1694 | # A value of 0 can be set but is useful only for debugging and dangerous 1695 | # in production. 1696 | # 1697 | # cluster-migration-barrier 1 1698 | 1699 | # Turning off this option allows to use less automatic cluster configuration. 1700 | # It both disables migration to orphaned masters and migration from masters 1701 | # that became empty. 1702 | # 1703 | # Default is 'yes' (allow automatic migrations). 1704 | # 1705 | # cluster-allow-replica-migration yes 1706 | 1707 | # By default Redis Cluster nodes stop accepting queries if they detect there 1708 | # is at least a hash slot uncovered (no available node is serving it). 1709 | # This way if the cluster is partially down (for example a range of hash slots 1710 | # are no longer covered) all the cluster becomes, eventually, unavailable. 1711 | # It automatically returns available as soon as all the slots are covered again. 1712 | # 1713 | # However sometimes you want the subset of the cluster which is working, 1714 | # to continue to accept queries for the part of the key space that is still 1715 | # covered. In order to do so, just set the cluster-require-full-coverage 1716 | # option to no. 1717 | # 1718 | # cluster-require-full-coverage yes 1719 | 1720 | # This option, when set to yes, prevents replicas from trying to failover its 1721 | # master during master failures. However the replica can still perform a 1722 | # manual failover, if forced to do so. 1723 | # 1724 | # This is useful in different scenarios, especially in the case of multiple 1725 | # data center operations, where we want one side to never be promoted if not 1726 | # in the case of a total DC failure. 1727 | # 1728 | # cluster-replica-no-failover no 1729 | 1730 | # This option, when set to yes, allows nodes to serve read traffic while the 1731 | # cluster is in a down state, as long as it believes it owns the slots. 1732 | # 1733 | # This is useful for two cases. The first case is for when an application 1734 | # doesn't require consistency of data during node failures or network partitions. 1735 | # One example of this is a cache, where as long as the node has the data it 1736 | # should be able to serve it. 1737 | # 1738 | # The second use case is for configurations that don't meet the recommended 1739 | # three shards but want to enable cluster mode and scale later. A 1740 | # master outage in a 1 or 2 shard configuration causes a read/write outage to the 1741 | # entire cluster without this option set, with it set there is only a write outage. 1742 | # Without a quorum of masters, slot ownership will not change automatically. 1743 | # 1744 | # cluster-allow-reads-when-down no 1745 | 1746 | # This option, when set to yes, allows nodes to serve pubsub shard traffic while 1747 | # the cluster is in a down state, as long as it believes it owns the slots. 1748 | # 1749 | # This is useful if the application would like to use the pubsub feature even when 1750 | # the cluster global stable state is not OK. If the application wants to make sure only 1751 | # one shard is serving a given channel, this feature should be kept as yes. 1752 | # 1753 | # cluster-allow-pubsubshard-when-down yes 1754 | 1755 | # Cluster link send buffer limit is the limit on the memory usage of an individual 1756 | # cluster bus link's send buffer in bytes. Cluster links would be freed if they exceed 1757 | # this limit. This is to primarily prevent send buffers from growing unbounded on links 1758 | # toward slow peers (E.g. PubSub messages being piled up). 1759 | # This limit is disabled by default. Enable this limit when 'mem_cluster_links' INFO field 1760 | # and/or 'send-buffer-allocated' entries in the 'CLUSTER LINKS` command output continuously increase. 1761 | # Minimum limit of 1gb is recommended so that cluster link buffer can fit in at least a single 1762 | # PubSub message by default. (client-query-buffer-limit default value is 1gb) 1763 | # 1764 | # cluster-link-sendbuf-limit 0 1765 | 1766 | # Clusters can configure their announced hostname using this config. This is a common use case for 1767 | # applications that need to use TLS Server Name Indication (SNI) or dealing with DNS based 1768 | # routing. By default this value is only shown as additional metadata in the CLUSTER SLOTS 1769 | # command, but can be changed using 'cluster-preferred-endpoint-type' config. This value is 1770 | # communicated along the clusterbus to all nodes, setting it to an empty string will remove 1771 | # the hostname and also propagate the removal. 1772 | # 1773 | # cluster-announce-hostname "" 1774 | 1775 | # Clusters can configure an optional nodename to be used in addition to the node ID for 1776 | # debugging and admin information. This name is broadcasted between nodes, so will be used 1777 | # in addition to the node ID when reporting cross node events such as node failures. 1778 | # cluster-announce-human-nodename "" 1779 | 1780 | # Clusters can advertise how clients should connect to them using either their IP address, 1781 | # a user defined hostname, or by declaring they have no endpoint. Which endpoint is 1782 | # shown as the preferred endpoint is set by using the cluster-preferred-endpoint-type 1783 | # config with values 'ip', 'hostname', or 'unknown-endpoint'. This value controls how 1784 | # the endpoint returned for MOVED/ASKING requests as well as the first field of CLUSTER SLOTS. 1785 | # If the preferred endpoint type is set to hostname, but no announced hostname is set, a '?' 1786 | # will be returned instead. 1787 | # 1788 | # When a cluster advertises itself as having an unknown endpoint, it's indicating that 1789 | # the server doesn't know how clients can reach the cluster. This can happen in certain 1790 | # networking situations where there are multiple possible routes to the node, and the 1791 | # server doesn't know which one the client took. In this case, the server is expecting 1792 | # the client to reach out on the same endpoint it used for making the last request, but use 1793 | # the port provided in the response. 1794 | # 1795 | # cluster-preferred-endpoint-type ip 1796 | 1797 | # This configuration defines the sampling ratio (0-100) for checking command 1798 | # compatibility in cluster mode. When a command is executed, it is sampled at 1799 | # the specified ratio to determine if it complies with Redis cluster constraints, 1800 | # such as cross-slot restrictions. 1801 | # 1802 | # - A value of 0 means no commands are sampled for compatibility checks. 1803 | # - A value of 100 means all commands are checked. 1804 | # - Intermediate values (e.g., 10) mean that approximately 10% of the commands 1805 | # are randomly selected for compatibility verification. 1806 | # 1807 | # Higher sampling ratios may introduce additional performance overhead, especially 1808 | # under high QPS. The default value is 0 (no sampling). 1809 | # 1810 | # cluster-compatibility-sample-ratio 0 1811 | 1812 | # In order to setup your cluster make sure to read the documentation 1813 | # available at https://redis.io web site. 1814 | 1815 | ########################## CLUSTER DOCKER/NAT support ######################## 1816 | 1817 | # In certain deployments, Redis Cluster nodes address discovery fails, because 1818 | # addresses are NAT-ted or because ports are forwarded (the typical case is 1819 | # Docker and other containers). 1820 | # 1821 | # In order to make Redis Cluster working in such environments, a static 1822 | # configuration where each node knows its public address is needed. The 1823 | # following four options are used for this scope, and are: 1824 | # 1825 | # * cluster-announce-ip 1826 | # * cluster-announce-port 1827 | # * cluster-announce-tls-port 1828 | # * cluster-announce-bus-port 1829 | # 1830 | # Each instructs the node about its address, client ports (for connections 1831 | # without and with TLS) and cluster message bus port. The information is then 1832 | # published in the header of the bus packets so that other nodes will be able to 1833 | # correctly map the address of the node publishing the information. 1834 | # 1835 | # If tls-cluster is set to yes and cluster-announce-tls-port is omitted or set 1836 | # to zero, then cluster-announce-port refers to the TLS port. Note also that 1837 | # cluster-announce-tls-port has no effect if tls-cluster is set to no. 1838 | # 1839 | # If the above options are not used, the normal Redis Cluster auto-detection 1840 | # will be used instead. 1841 | # 1842 | # Note that when remapped, the bus port may not be at the fixed offset of 1843 | # clients port + 10000, so you can specify any port and bus-port depending 1844 | # on how they get remapped. If the bus-port is not set, a fixed offset of 1845 | # 10000 will be used as usual. 1846 | # 1847 | # Example: 1848 | # 1849 | # cluster-announce-ip 10.1.1.5 1850 | # cluster-announce-tls-port 6379 1851 | # cluster-announce-port 0 1852 | # cluster-announce-bus-port 6380 1853 | 1854 | ################################## SLOW LOG ################################### 1855 | 1856 | # The Redis Slow Log is a system to log queries that exceeded a specified 1857 | # execution time. The execution time does not include the I/O operations 1858 | # like talking with the client, sending the reply and so forth, 1859 | # but just the time needed to actually execute the command (this is the only 1860 | # stage of command execution where the thread is blocked and can not serve 1861 | # other requests in the meantime). 1862 | # 1863 | # You can configure the slow log with two parameters: one tells Redis 1864 | # what is the execution time, in microseconds, to exceed in order for the 1865 | # command to get logged, and the other parameter is the length of the 1866 | # slow log. When a new command is logged the oldest one is removed from the 1867 | # queue of logged commands. 1868 | 1869 | # The following time is expressed in microseconds, so 1000000 is equivalent 1870 | # to one second. Note that a negative number disables the slow log, while 1871 | # a value of zero forces the logging of every command. 1872 | slowlog-log-slower-than 10000 1873 | 1874 | # There is no limit to this length. Just be aware that it will consume memory. 1875 | # You can reclaim memory used by the slow log with SLOWLOG RESET. 1876 | slowlog-max-len 128 1877 | 1878 | ################################ LATENCY MONITOR ############################## 1879 | 1880 | # The Redis latency monitoring subsystem samples different operations 1881 | # at runtime in order to collect data related to possible sources of 1882 | # latency of a Redis instance. 1883 | # 1884 | # Via the LATENCY command this information is available to the user that can 1885 | # print graphs and obtain reports. 1886 | # 1887 | # The system only logs operations that were performed in a time equal or 1888 | # greater than the amount of milliseconds specified via the 1889 | # latency-monitor-threshold configuration directive. When its value is set 1890 | # to zero, the latency monitor is turned off. 1891 | # 1892 | # By default latency monitoring is disabled since it is mostly not needed 1893 | # if you don't have latency issues, and collecting data has a performance 1894 | # impact, that while very small, can be measured under big load. Latency 1895 | # monitoring can easily be enabled at runtime using the command 1896 | # "CONFIG SET latency-monitor-threshold " if needed. 1897 | latency-monitor-threshold 0 1898 | 1899 | ################################ LATENCY TRACKING ############################## 1900 | 1901 | # The Redis extended latency monitoring tracks the per command latencies and enables 1902 | # exporting the percentile distribution via the INFO latencystats command, 1903 | # and cumulative latency distributions (histograms) via the LATENCY command. 1904 | # 1905 | # By default, the extended latency monitoring is enabled since the overhead 1906 | # of keeping track of the command latency is very small. 1907 | # latency-tracking yes 1908 | 1909 | # By default the exported latency percentiles via the INFO latencystats command 1910 | # are the p50, p99, and p999. 1911 | # latency-tracking-info-percentiles 50 99 99.9 1912 | 1913 | ############################# EVENT NOTIFICATION ############################## 1914 | 1915 | # Redis can notify Pub/Sub clients about events happening in the key space. 1916 | # This feature is documented at https://redis.io/docs/latest/develop/use/keyspace-notifications/ 1917 | # 1918 | # For instance if keyspace events notification is enabled, and a client 1919 | # performs a DEL operation on key "foo" stored in the Database 0, two 1920 | # messages will be published via Pub/Sub: 1921 | # 1922 | # PUBLISH __keyspace@0__:foo del 1923 | # PUBLISH __keyevent@0__:del foo 1924 | # 1925 | # It is possible to select the events that Redis will notify among a set 1926 | # of classes. Every class is identified by a single character: 1927 | # 1928 | # K Keyspace events, published with __keyspace@__ prefix. 1929 | # E Keyevent events, published with __keyevent@__ prefix. 1930 | # g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... 1931 | # $ String commands 1932 | # l List commands 1933 | # s Set commands 1934 | # h Hash commands 1935 | # z Sorted set commands 1936 | # x Expired events (events generated every time a key expires) 1937 | # e Evicted events (events generated when a key is evicted for maxmemory) 1938 | # n New key events (Note: not included in the 'A' class) 1939 | # t Stream commands 1940 | # d Module key type events 1941 | # m Key-miss events (Note: It is not included in the 'A' class) 1942 | # A Alias for g$lshzxetd, so that the "AKE" string means all the events 1943 | # (Except key-miss events which are excluded from 'A' due to their 1944 | # unique nature). 1945 | # 1946 | # The "notify-keyspace-events" takes as argument a string that is composed 1947 | # of zero or multiple characters. The empty string means that notifications 1948 | # are disabled. 1949 | # 1950 | # Example: to enable list and generic events, from the point of view of the 1951 | # event name, use: 1952 | # 1953 | # notify-keyspace-events Elg 1954 | # 1955 | # Example 2: to get the stream of the expired keys subscribing to channel 1956 | # name __keyevent@0__:expired use: 1957 | # 1958 | # notify-keyspace-events Ex 1959 | # 1960 | # By default all notifications are disabled because most users don't need 1961 | # this feature and the feature has some overhead. Note that if you don't 1962 | # specify at least one of K or E, no events will be delivered. 1963 | notify-keyspace-events "" 1964 | 1965 | ############################### ADVANCED CONFIG ############################### 1966 | 1967 | # Hashes are encoded using a memory efficient data structure when they have a 1968 | # small number of entries, and the biggest entry does not exceed a given 1969 | # threshold. These thresholds can be configured using the following directives. 1970 | hash-max-listpack-entries 512 1971 | hash-max-listpack-value 64 1972 | 1973 | # Lists are also encoded in a special way to save a lot of space. 1974 | # The number of entries allowed per internal list node can be specified 1975 | # as a fixed maximum size or a maximum number of elements. 1976 | # For a fixed maximum size, use -5 through -1, meaning: 1977 | # -5: max size: 64 Kb <-- not recommended for normal workloads 1978 | # -4: max size: 32 Kb <-- not recommended 1979 | # -3: max size: 16 Kb <-- probably not recommended 1980 | # -2: max size: 8 Kb <-- good 1981 | # -1: max size: 4 Kb <-- good 1982 | # Positive numbers mean store up to _exactly_ that number of elements 1983 | # per list node. 1984 | # The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), 1985 | # but if your use case is unique, adjust the settings as necessary. 1986 | list-max-listpack-size -2 1987 | 1988 | # Lists may also be compressed. 1989 | # Compress depth is the number of quicklist ziplist nodes from *each* side of 1990 | # the list to *exclude* from compression. The head and tail of the list 1991 | # are always uncompressed for fast push/pop operations. Settings are: 1992 | # 0: disable all list compression 1993 | # 1: depth 1 means "don't start compressing until after 1 node into the list, 1994 | # going from either the head or tail" 1995 | # So: [head]->node->node->...->node->[tail] 1996 | # [head], [tail] will always be uncompressed; inner nodes will compress. 1997 | # 2: [head]->[next]->node->node->...->node->[prev]->[tail] 1998 | # 2 here means: don't compress head or head->next or tail->prev or tail, 1999 | # but compress all nodes between them. 2000 | # 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] 2001 | # etc. 2002 | list-compress-depth 0 2003 | 2004 | # Sets have a special encoding when a set is composed 2005 | # of just strings that happen to be integers in radix 10 in the range 2006 | # of 64 bit signed integers. 2007 | # The following configuration setting sets the limit in the size of the 2008 | # set in order to use this special memory saving encoding. 2009 | set-max-intset-entries 512 2010 | 2011 | # Sets containing non-integer values are also encoded using a memory efficient 2012 | # data structure when they have a small number of entries, and the biggest entry 2013 | # does not exceed a given threshold. These thresholds can be configured using 2014 | # the following directives. 2015 | set-max-listpack-entries 128 2016 | set-max-listpack-value 64 2017 | 2018 | # Similarly to hashes and lists, sorted sets are also specially encoded in 2019 | # order to save a lot of space. This encoding is only used when the length and 2020 | # elements of a sorted set are below the following limits: 2021 | zset-max-listpack-entries 128 2022 | zset-max-listpack-value 64 2023 | 2024 | # HyperLogLog sparse representation bytes limit. The limit includes the 2025 | # 16 bytes header. When a HyperLogLog using the sparse representation crosses 2026 | # this limit, it is converted into the dense representation. 2027 | # 2028 | # A value greater than 16000 is totally useless, since at that point the 2029 | # dense representation is more memory efficient. 2030 | # 2031 | # The suggested value is ~ 3000 in order to have the benefits of 2032 | # the space efficient encoding without slowing down too much PFADD, 2033 | # which is O(N) with the sparse encoding. The value can be raised to 2034 | # ~ 10000 when CPU is not a concern, but space is, and the data set is 2035 | # composed of many HyperLogLogs with cardinality in the 0 - 15000 range. 2036 | hll-sparse-max-bytes 3000 2037 | 2038 | # Streams macro node max size / items. The stream data structure is a radix 2039 | # tree of big nodes that encode multiple items inside. Using this configuration 2040 | # it is possible to configure how big a single node can be in bytes, and the 2041 | # maximum number of items it may contain before switching to a new node when 2042 | # appending new stream entries. If any of the following settings are set to 2043 | # zero, the limit is ignored, so for instance it is possible to set just a 2044 | # max entries limit by setting max-bytes to 0 and max-entries to the desired 2045 | # value. 2046 | stream-node-max-bytes 4096 2047 | stream-node-max-entries 100 2048 | 2049 | # Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in 2050 | # order to help rehashing the main Redis hash table (the one mapping top-level 2051 | # keys to values). The hash table implementation Redis uses (see dict.c) 2052 | # performs a lazy rehashing: the more operation you run into a hash table 2053 | # that is rehashing, the more rehashing "steps" are performed, so if the 2054 | # server is idle the rehashing is never complete and some more memory is used 2055 | # by the hash table. 2056 | # 2057 | # The default is to use this millisecond 10 times every second in order to 2058 | # actively rehash the main dictionaries, freeing memory when possible. 2059 | # 2060 | # If unsure: 2061 | # use "activerehashing no" if you have hard latency requirements and it is 2062 | # not a good thing in your environment that Redis can reply from time to time 2063 | # to queries with 2 milliseconds delay. 2064 | # 2065 | # use "activerehashing yes" if you don't have such hard requirements but 2066 | # want to free memory asap when possible. 2067 | activerehashing yes 2068 | 2069 | # The client output buffer limits can be used to force disconnection of clients 2070 | # that are not reading data from the server fast enough for some reason (a 2071 | # common reason is that a Pub/Sub client can't consume messages as fast as the 2072 | # publisher can produce them). 2073 | # 2074 | # The limit can be set differently for the three different classes of clients: 2075 | # 2076 | # normal -> normal clients including MONITOR clients 2077 | # replica -> replica clients 2078 | # pubsub -> clients subscribed to at least one pubsub channel or pattern 2079 | # 2080 | # The syntax of every client-output-buffer-limit directive is the following: 2081 | # 2082 | # client-output-buffer-limit 2083 | # 2084 | # A client is immediately disconnected once the hard limit is reached, or if 2085 | # the soft limit is reached and remains reached for the specified number of 2086 | # seconds (continuously). 2087 | # So for instance if the hard limit is 32 megabytes and the soft limit is 2088 | # 16 megabytes / 10 seconds, the client will get disconnected immediately 2089 | # if the size of the output buffers reach 32 megabytes, but will also get 2090 | # disconnected if the client reaches 16 megabytes and continuously overcomes 2091 | # the limit for 10 seconds. 2092 | # 2093 | # By default normal clients are not limited because they don't receive data 2094 | # without asking (in a push way), but just after a request, so only 2095 | # asynchronous clients may create a scenario where data is requested faster 2096 | # than it can read. 2097 | # 2098 | # Instead there is a default limit for pubsub and replica clients, since 2099 | # subscribers and replicas receive data in a push fashion. 2100 | # 2101 | # Note that it doesn't make sense to set the replica clients output buffer 2102 | # limit lower than the repl-backlog-size config (partial sync will succeed 2103 | # and then replica will get disconnected). 2104 | # Such a configuration is ignored (the size of repl-backlog-size will be used). 2105 | # This doesn't have memory consumption implications since the replica client 2106 | # will share the backlog buffers memory. 2107 | # 2108 | # Both the hard or the soft limit can be disabled by setting them to zero. 2109 | client-output-buffer-limit normal 0 0 0 2110 | client-output-buffer-limit replica 256mb 64mb 60 2111 | client-output-buffer-limit pubsub 32mb 8mb 60 2112 | 2113 | # Client query buffers accumulate new commands. They are limited to a fixed 2114 | # amount by default in order to avoid that a protocol desynchronization (for 2115 | # instance due to a bug in the client) will lead to unbound memory usage in 2116 | # the query buffer. However you can configure it here if you have very special 2117 | # needs, such as a command with huge argument, or huge multi/exec requests or alike. 2118 | # 2119 | # client-query-buffer-limit 1gb 2120 | 2121 | # In some scenarios client connections can hog up memory leading to OOM 2122 | # errors or data eviction. To avoid this we can cap the accumulated memory 2123 | # used by all client connections (all pubsub and normal clients). Once we 2124 | # reach that limit connections will be dropped by the server freeing up 2125 | # memory. The server will attempt to drop the connections using the most 2126 | # memory first. We call this mechanism "client eviction". 2127 | # 2128 | # Client eviction is configured using the maxmemory-clients setting as follows: 2129 | # 0 - client eviction is disabled (default) 2130 | # 2131 | # A memory value can be used for the client eviction threshold, 2132 | # for example: 2133 | # maxmemory-clients 1g 2134 | # 2135 | # A percentage value (between 1% and 100%) means the client eviction threshold 2136 | # is based on a percentage of the maxmemory setting. For example to set client 2137 | # eviction at 5% of maxmemory: 2138 | # maxmemory-clients 5% 2139 | 2140 | # In the Redis protocol, bulk requests, that are, elements representing single 2141 | # strings, are normally limited to 512 mb. However you can change this limit 2142 | # here, but must be 1mb or greater 2143 | # 2144 | # proto-max-bulk-len 512mb 2145 | 2146 | # Redis calls an internal function to perform many background tasks, like 2147 | # closing connections of clients in timeout, purging expired keys that are 2148 | # never requested, and so forth. 2149 | # 2150 | # Not all tasks are performed with the same frequency, but Redis checks for 2151 | # tasks to perform according to the specified "hz" value. 2152 | # 2153 | # By default "hz" is set to 10. Raising the value will use more CPU when 2154 | # Redis is idle, but at the same time will make Redis more responsive when 2155 | # there are many keys expiring at the same time, and timeouts may be 2156 | # handled with more precision. 2157 | # 2158 | # The range is between 1 and 500, however a value over 100 is usually not 2159 | # a good idea. Most users should use the default of 10 and raise this up to 2160 | # 100 only in environments where very low latency is required. 2161 | hz 10 2162 | 2163 | # Normally it is useful to have an HZ value which is proportional to the 2164 | # number of clients connected. This is useful in order, for instance, to 2165 | # avoid too many clients are processed for each background task invocation 2166 | # in order to avoid latency spikes. 2167 | # 2168 | # Since the default HZ value by default is conservatively set to 10, Redis 2169 | # offers, and enables by default, the ability to use an adaptive HZ value 2170 | # which will temporarily raise when there are many connected clients. 2171 | # 2172 | # When dynamic HZ is enabled, the actual configured HZ will be used 2173 | # as a baseline, but multiples of the configured HZ value will be actually 2174 | # used as needed once more clients are connected. In this way an idle 2175 | # instance will use very little CPU time while a busy instance will be 2176 | # more responsive. 2177 | dynamic-hz yes 2178 | 2179 | # When a child rewrites the AOF file, if the following option is enabled 2180 | # the file will be fsync-ed every 4 MB of data generated. This is useful 2181 | # in order to commit the file to the disk more incrementally and avoid 2182 | # big latency spikes. 2183 | aof-rewrite-incremental-fsync yes 2184 | 2185 | # When redis saves RDB file, if the following option is enabled 2186 | # the file will be fsync-ed every 4 MB of data generated. This is useful 2187 | # in order to commit the file to the disk more incrementally and avoid 2188 | # big latency spikes. 2189 | rdb-save-incremental-fsync yes 2190 | 2191 | # Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good 2192 | # idea to start with the default settings and only change them after investigating 2193 | # how to improve the performances and how the keys LFU change over time, which 2194 | # is possible to inspect via the OBJECT FREQ command. 2195 | # 2196 | # There are two tunable parameters in the Redis LFU implementation: the 2197 | # counter logarithm factor and the counter decay time. It is important to 2198 | # understand what the two parameters mean before changing them. 2199 | # 2200 | # The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis 2201 | # uses a probabilistic increment with logarithmic behavior. Given the value 2202 | # of the old counter, when a key is accessed, the counter is incremented in 2203 | # this way: 2204 | # 2205 | # 1. A random number R between 0 and 1 is extracted. 2206 | # 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1). 2207 | # 3. The counter is incremented only if R < P. 2208 | # 2209 | # The default lfu-log-factor is 10. This is a table of how the frequency 2210 | # counter changes with a different number of accesses with different 2211 | # logarithmic factors: 2212 | # 2213 | # +--------+------------+------------+------------+------------+------------+ 2214 | # | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits | 2215 | # +--------+------------+------------+------------+------------+------------+ 2216 | # | 0 | 104 | 255 | 255 | 255 | 255 | 2217 | # +--------+------------+------------+------------+------------+------------+ 2218 | # | 1 | 18 | 49 | 255 | 255 | 255 | 2219 | # +--------+------------+------------+------------+------------+------------+ 2220 | # | 10 | 10 | 18 | 142 | 255 | 255 | 2221 | # +--------+------------+------------+------------+------------+------------+ 2222 | # | 100 | 8 | 11 | 49 | 143 | 255 | 2223 | # +--------+------------+------------+------------+------------+------------+ 2224 | # 2225 | # NOTE: The above table was obtained by running the following commands: 2226 | # 2227 | # redis-benchmark -n 1000000 incr foo 2228 | # redis-cli object freq foo 2229 | # 2230 | # NOTE 2: The counter initial value is 5 in order to give new objects a chance 2231 | # to accumulate hits. 2232 | # 2233 | # The counter decay time is the time, in minutes, that must elapse in order 2234 | # for the key counter to be decremented. 2235 | # 2236 | # The default value for the lfu-decay-time is 1. A special value of 0 means we 2237 | # will never decay the counter. 2238 | # 2239 | # lfu-log-factor 10 2240 | # lfu-decay-time 1 2241 | 2242 | 2243 | # The maximum number of new client connections accepted per event-loop cycle. This configuration 2244 | # is set independently for TLS connections. 2245 | # 2246 | # By default, up to 10 new connection will be accepted per event-loop cycle for normal connections 2247 | # and up to 1 new connection per event-loop cycle for TLS connections. 2248 | # 2249 | # Adjusting this to a larger number can slightly improve efficiency for new connections 2250 | # at the risk of causing timeouts for regular commands on established connections. It is 2251 | # not advised to change this without ensuring that all clients have limited connection 2252 | # pools and exponential backoff in the case of command/connection timeouts. 2253 | # 2254 | # If your application is establishing a large number of new connections per second you should 2255 | # also consider tuning the value of tcp-backlog, which allows the kernel to buffer more 2256 | # pending connections before dropping or rejecting connections. 2257 | # 2258 | # max-new-connections-per-cycle 10 2259 | # max-new-tls-connections-per-cycle 1 2260 | 2261 | 2262 | ########################### ACTIVE DEFRAGMENTATION ####################### 2263 | # 2264 | # What is active defragmentation? 2265 | # ------------------------------- 2266 | # 2267 | # Active (online) defragmentation allows a Redis server to compact the 2268 | # spaces left between small allocations and deallocations of data in memory, 2269 | # thus allowing to reclaim back memory. 2270 | # 2271 | # Fragmentation is a natural process that happens with every allocator (but 2272 | # less so with Jemalloc, fortunately) and certain workloads. Normally a server 2273 | # restart is needed in order to lower the fragmentation, or at least to flush 2274 | # away all the data and create it again. However thanks to this feature 2275 | # implemented by Oran Agra for Redis 4.0 this process can happen at runtime 2276 | # in a "hot" way, while the server is running. 2277 | # 2278 | # Basically when the fragmentation is over a certain level (see the 2279 | # configuration options below) Redis will start to create new copies of the 2280 | # values in contiguous memory regions by exploiting certain specific Jemalloc 2281 | # features (in order to understand if an allocation is causing fragmentation 2282 | # and to allocate it in a better place), and at the same time, will release the 2283 | # old copies of the data. This process, repeated incrementally for all the keys 2284 | # will cause the fragmentation to drop back to normal values. 2285 | # 2286 | # Important things to understand: 2287 | # 2288 | # 1. This feature is disabled by default, and only works if you compiled Redis 2289 | # to use the copy of Jemalloc we ship with the source code of Redis. 2290 | # This is the default with Linux builds. 2291 | # 2292 | # 2. You never need to enable this feature if you don't have fragmentation 2293 | # issues. 2294 | # 2295 | # 3. Once you experience fragmentation, you can enable this feature when 2296 | # needed with the command "CONFIG SET activedefrag yes". 2297 | # 2298 | # The configuration parameters are able to fine tune the behavior of the 2299 | # defragmentation process. If you are not sure about what they mean it is 2300 | # a good idea to leave the defaults untouched. 2301 | 2302 | # Active defragmentation is disabled by default 2303 | # activedefrag no 2304 | 2305 | # Minimum amount of fragmentation waste to start active defrag 2306 | # active-defrag-ignore-bytes 100mb 2307 | 2308 | # Minimum percentage of fragmentation to start active defrag 2309 | # active-defrag-threshold-lower 10 2310 | 2311 | # Maximum percentage of fragmentation at which we use maximum effort 2312 | # active-defrag-threshold-upper 100 2313 | 2314 | # Minimal effort for defrag in CPU percentage, to be used when the lower 2315 | # threshold is reached 2316 | # active-defrag-cycle-min 1 2317 | 2318 | # Maximal effort for defrag in CPU percentage, to be used when the upper 2319 | # threshold is reached 2320 | # active-defrag-cycle-max 25 2321 | 2322 | # Maximum number of set/hash/zset/list fields that will be processed from 2323 | # the main dictionary scan 2324 | # active-defrag-max-scan-fields 1000 2325 | 2326 | # Jemalloc background thread for purging will be enabled by default 2327 | jemalloc-bg-thread yes 2328 | 2329 | # It is possible to pin different threads and processes of Redis to specific 2330 | # CPUs in your system, in order to maximize the performances of the server. 2331 | # This is useful both in order to pin different Redis threads in different 2332 | # CPUs, but also in order to make sure that multiple Redis instances running 2333 | # in the same host will be pinned to different CPUs. 2334 | # 2335 | # Normally you can do this using the "taskset" command, however it is also 2336 | # possible to this via Redis configuration directly, both in Linux and FreeBSD. 2337 | # 2338 | # You can pin the server/IO threads, bio threads, aof rewrite child process, and 2339 | # the bgsave child process. The syntax to specify the cpu list is the same as 2340 | # the taskset command: 2341 | # 2342 | # Set redis server/io threads to cpu affinity 0,2,4,6: 2343 | # server-cpulist 0-7:2 2344 | # 2345 | # Set bio threads to cpu affinity 1,3: 2346 | # bio-cpulist 1,3 2347 | # 2348 | # Set aof rewrite child process to cpu affinity 8,9,10,11: 2349 | # aof-rewrite-cpulist 8-11 2350 | # 2351 | # Set bgsave child process to cpu affinity 1,10,11 2352 | # bgsave-cpulist 1,10-11 2353 | 2354 | # In some cases redis will emit warnings and even refuse to start if it detects 2355 | # that the system is in bad state, it is possible to suppress these warnings 2356 | # by setting the following config which takes a space delimited list of warnings 2357 | # to suppress 2358 | # 2359 | # ignore-warnings ARM64-COW-BUG 2360 | -------------------------------------------------------------------------------- /dev-postgres/.env.example: -------------------------------------------------------------------------------- 1 | # Copy to .env 2 | 3 | WGER_CODEPATH=/path/to/wger/server -------------------------------------------------------------------------------- /dev-postgres/README.md: -------------------------------------------------------------------------------- 1 | # Dev environment for wger 2 | 3 | Please consult for details -------------------------------------------------------------------------------- /dev-postgres/docker-compose.yml: -------------------------------------------------------------------------------- 1 | name: wger-dev-postgres 2 | 3 | services: 4 | web: 5 | build: 6 | pull: true 7 | context: ${WGER_CODEPATH:?set the absolute path to the wger backend code in the .env file or env variable} 8 | dockerfile: ./extras/docker/development/Dockerfile 9 | develop: 10 | watch: 11 | - action: sync 12 | path: ${WGER_CODEPATH} 13 | target: /home/wger/src 14 | - action: rebuild 15 | path: ${WGER_CODEPATH}/pyproject.toml 16 | - action: rebuild 17 | path: ${WGER_CODEPATH}/package.json 18 | env_file: 19 | - ../config/prod.env 20 | - ../config/dev.env 21 | ports: 22 | - "8000:8000" 23 | 24 | command: tail -f /dev/null 25 | 26 | cache: 27 | image: redis 28 | expose: 29 | - 6379 30 | healthcheck: 31 | test: redis-cli ping 32 | interval: 10s 33 | timeout: 5s 34 | retries: 5 35 | start_period: 30s 36 | restart: unless-stopped 37 | 38 | db: 39 | image: postgres:15-alpine 40 | environment: 41 | - POSTGRES_USER=wger 42 | - POSTGRES_PASSWORD=wger 43 | - POSTGRES_DB=wger 44 | volumes: 45 | - postgres-data-dev:/var/lib/postgresql/data/ 46 | ports: 47 | - "5432:5432" 48 | expose: 49 | - 5432 50 | healthcheck: 51 | test: pg_isready -U wger 52 | interval: 10s 53 | timeout: 5s 54 | retries: 5 55 | start_period: 30s 56 | restart: unless-stopped 57 | 58 | volumes: 59 | postgres-data-dev: 60 | -------------------------------------------------------------------------------- /dev/.env.example: -------------------------------------------------------------------------------- 1 | # Copy to .env 2 | 3 | WGER_CODEPATH=/path/to/wger/server -------------------------------------------------------------------------------- /dev/README.md: -------------------------------------------------------------------------------- 1 | # Dev environment for wger 2 | 3 | Please consult for details -------------------------------------------------------------------------------- /dev/docker-compose.yml: -------------------------------------------------------------------------------- 1 | name: wger-dev 2 | 3 | services: 4 | web: 5 | build: 6 | pull: true 7 | context: ${WGER_CODEPATH:?set the absolute path to the wger backend code in the .env file or env variable} 8 | dockerfile: ./extras/docker/development/Dockerfile 9 | develop: 10 | watch: 11 | - action: sync 12 | path: ${WGER_CODEPATH} 13 | target: /home/wger/src 14 | - action: rebuild 15 | path: ${WGER_CODEPATH}/pyproject.toml 16 | - action: rebuild 17 | path: ${WGER_CODEPATH}/package.json 18 | env_file: 19 | - ../config/prod.env 20 | - ../config/dev.env 21 | - ../config/dev-sqlite.env 22 | ports: 23 | - "8000:8000" 24 | 25 | command: tail -f /dev/null 26 | 27 | cache: 28 | image: redis 29 | expose: 30 | - 6379 31 | healthcheck: 32 | test: redis-cli ping 33 | interval: 10s 34 | timeout: 5s 35 | retries: 5 36 | start_period: 30s 37 | restart: unless-stopped 38 | -------------------------------------------------------------------------------- /docker-compose.override.example.yml: -------------------------------------------------------------------------------- 1 | # Example override file. Copy as docker-compose.override.yml and edit as needed 2 | 3 | services: 4 | 5 | web: 6 | env_file: 7 | - ./config/prod.env 8 | - ./config/wger-local.env # Only add the variables that you have changed 9 | 10 | celery_worker: 11 | env_file: 12 | - ./config/prod.env 13 | - ./config/wger-local.env 14 | 15 | celery_beat: 16 | env_file: 17 | - ./config/prod.env 18 | - ./config/wger-local.env 19 | 20 | # 21 | # Example configuration using caddy instead of nginx. Since we don't want to 22 | # change the main compose file as it would break existing deployments, the nginx 23 | # service needs to stay there. Here we simply remove any exposed ports 24 | 25 | # caddy: 26 | # image: caddy:latest 27 | # depends_on: 28 | # - web 29 | # ports: 30 | # - "2019:2019" 31 | # - "80:80" 32 | # - "443:443" 33 | # - "443:443/udp" 34 | # volumes: 35 | # - ./config/Caddyfile:/etc/caddy/Caddyfile 36 | # - caddy-data:/data 37 | # - caddy-logs:/var/www/logs 38 | # - caddy-config:/config 39 | # - static:/wger/static:ro 40 | # - media:/wger/media:ro 41 | # 42 | # nginx: 43 | # ports: !reset [] 44 | 45 | celery_flower: 46 | image: wger/server:latest 47 | command: /start-flower 48 | env_file: 49 | - ./config/prod.env 50 | ports: 51 | - "5555:5555" 52 | healthcheck: 53 | test: wget --no-verbose --tries=1 http://localhost:5555/healthcheck 54 | interval: 10s 55 | timeout: 5s 56 | retries: 5 57 | depends_on: 58 | celery_worker: 59 | condition: service_healthy 60 | 61 | #volumes: 62 | # caddy_data: 63 | # caddy-data: 64 | # caddy-config: 65 | # caddy-logs: -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Please consult the `Deployment` section in the docs if you want to deploy 3 | # this. You *need* to keep this nginx service, even if you have your own, 4 | # otherwise the static files will not be served correctly! If you do remove 5 | # it, configure yours similarly to what's in config/nginx.conf 6 | # Also take a look at the "Static files" section in the .env file 7 | 8 | services: 9 | web: 10 | image: wger/server:latest 11 | depends_on: 12 | db: 13 | condition: service_healthy 14 | cache: 15 | condition: service_healthy 16 | env_file: 17 | - ./config/prod.env 18 | volumes: 19 | - static:/home/wger/static 20 | - media:/home/wger/media 21 | expose: 22 | - 8000 23 | healthcheck: 24 | test: wget --no-verbose --tries=1 --spider http://localhost:8000 25 | interval: 10s 26 | timeout: 5s 27 | start_period: 300s 28 | retries: 5 29 | restart: unless-stopped 30 | 31 | nginx: 32 | image: nginx:stable 33 | depends_on: 34 | - web 35 | volumes: 36 | - ./config/nginx.conf:/etc/nginx/conf.d/default.conf 37 | - static:/wger/static:ro 38 | - media:/wger/media:ro 39 | ports: 40 | - "80:80" 41 | healthcheck: 42 | test: service nginx status 43 | interval: 10s 44 | timeout: 5s 45 | retries: 5 46 | start_period: 30s 47 | restart: unless-stopped 48 | 49 | db: 50 | image: postgres:15-alpine 51 | environment: 52 | - POSTGRES_USER=wger 53 | - POSTGRES_PASSWORD=wger 54 | - POSTGRES_DB=wger 55 | - TZ=Europe/Berlin 56 | volumes: 57 | - postgres-data:/var/lib/postgresql/data/ 58 | expose: 59 | - 5432 60 | healthcheck: 61 | test: pg_isready -U wger 62 | interval: 10s 63 | timeout: 5s 64 | retries: 5 65 | start_period: 30s 66 | restart: unless-stopped 67 | 68 | cache: 69 | image: redis 70 | expose: 71 | - 6379 72 | volumes: 73 | - ./config/redis.conf:/usr/local/etc/redis/redis.conf 74 | - redis-data:/data 75 | command: [ "redis-server", "/usr/local/etc/redis/redis.conf"] 76 | healthcheck: 77 | test: redis-cli ping 78 | interval: 10s 79 | timeout: 5s 80 | retries: 5 81 | start_period: 30s 82 | restart: unless-stopped 83 | 84 | # You probably want to limit the memory usage of the cache, otherwise it might 85 | # hog all the available memory. Remove or change according to your needs. 86 | #mem_limit: 5gb 87 | 88 | celery_worker: 89 | image: wger/server:latest 90 | command: /start-worker 91 | env_file: 92 | - ./config/prod.env 93 | volumes: 94 | - media:/home/wger/media 95 | depends_on: 96 | web: 97 | condition: service_healthy 98 | healthcheck: 99 | test: celery -A wger inspect ping 100 | interval: 10s 101 | timeout: 5s 102 | retries: 5 103 | start_period: 30s 104 | 105 | celery_beat: 106 | image: wger/server:latest 107 | command: /start-beat 108 | volumes: 109 | - celery-beat:/home/wger/beat/ 110 | env_file: 111 | - ./config/prod.env 112 | depends_on: 113 | celery_worker: 114 | condition: service_healthy 115 | 116 | volumes: 117 | postgres-data: 118 | celery-beat: 119 | redis-data: 120 | 121 | # Heads up, if you remove these volumes and use folders directly you need to chown them 122 | # to the UID and GID 1000 even if it doesn't exist on your system. Also, they should 123 | # be readable by everyone. 124 | media: 125 | static: 126 | 127 | networks: 128 | default: 129 | name: wger_network 130 | --------------------------------------------------------------------------------