下载地址: http://download.redis.io/releases/

官方文档: https://redis.io/documentation

一、Redis单机版安装

$ wget http://download.redis.io/releases/redis-4.0.11.tar.gz
$ tar xzf redis-4.0.11.tar.gz
$ cd redis-4.0.11
$ make

1.2 安全加固

1.2.1 禁用或者重命名危险命令

修改 redis.conf 文件，添加
rename-command FLUSHALL ""
rename-command FLUSHDB  ""
rename-command CONFIG   ""
rename-command KEYS     ""
rename-command SHUTDOWN ""
rename-command DEL ""
rename-command EVAL ""

1.2.2 限制redis 配置文件访问权限

chmod 600 /<filepath>/redis.conf

1.2.3 禁止使用root用户启动

使用root切换到redis用户启动服务:
useradd -s /sbin/nolog -M redis 
sudo -u redis /<redis-server-path>/redis-server /<configpath>/redis.conf

1.2.4 开启redis密码认证,并设置高复杂度密码

打开redis.conf，找到requirepass所在的地方，修改为指定的密码，密码应符合复杂性要求，
再去掉前面的#号注释符，然后重启redis

1.2.5 禁止监听在公网

在redis的配置文件redis.conf中配置如下： bind 127.0.0.1或者内网IP，然后重启redis

1.2.6 修改默认6379端口

编辑文件redis的配置文件redis.conf，找到包含port的行，将默认的6379修改为自定义的端口号，然后重启redis

1.2.7 打开保护模式

redis.conf安全设置： # 打开保护模式 protected-mode yes

二、Redis Sentine主从复制

方案: 1 master,2 slave,3 sentinel

注:在以下配置为单机伪集群搭建,生产建议多台机器搭建.

2.1配置master

a.将安装好的单机版,移动到/usr/local/ 下
$ mv redis-4.0.11 /usr/local/redis

b.编辑master配置文件,主要修改以下内容
$ vi /usr/local/redis/redis.conf
 bind 192.168.20.250 #
 dir "/usr/local/redis/"
 pidfile /var/run/redis_6379.pid
 logfile "/usr/local/redis/redis.log"
 databases 51
 masterauth redis1234
 requirepass redis1234

c.启动master服务
$ /usr/local/redis/src/redis-server /usr/local/redis/redis.conf &

d.查看日志
$ tail -f /usr/local/redis/redis.log

2.2配置两个slave

a. 创建目录
$ mkdir /usr/local/redis_slave1  /usr/local/redis_slave2

b.复制server,cli,conf等文件    
$ cp /usr/local/redis/src/redis-server /usr/local/redis_slave1
$ cp /usr/local/redis/src/redis-server /usr/local/redis_slave2

$ cp /usr/local/redis/src/redis-cli /usr/local/redis_slave1
$ cp /usr/local/redis/src/redis-cli /usr/local/redis_slave2

$ cp /usr/local/redis/redis.conf /usr/local/redis_slave1
$ cp /usr/local/redis/redis.conf /usr/local/redis_slave2

c.编辑slave配置文件,主要修改以下内容
$ vi /usr/local/redis_slave1/redis.conf
port 6380 
bind 127.0.0.1
daemonize no
pidfile "/var/run/redis_6380.pid"
logfile "/usr/local/redis_slave1/redis_slave1.log"
databases 51
dir "/usr/local/redis_slave1"
masterauth "redis1234"
requirepass "redis1234"
slaveof 127.0.0.1 6379 

$ vi /usr/local/redis_slave2/redis.conf
port 6381 
bind 127.0.0.1
daemonize no
pidfile "/var/run/redis_6381.pid"
logfile "/usr/local/redis_slave2/redis_slave2.log"
databases 51
dir "/usr/local/redis_slave2"
masterauth "redis1234"
requirepass "redis1234"
slaveof 127.0.0.1 6379

d.启动两个slave
$ /usr/local/redis_slave1/redis-server  /usr/local/redis_slave1/redis.conf &
$ /usr/local/redis_slave2/redis-server  /usr/local/redis_slave2/redis.conf &

e.查看两个slave日志
$ tail -f /usr/local/redis_slave1/redis_slave1.log
$ tail -f /usr/local/redis_slave2/redis_slave2.log

2.3配置三个sentinel

a.创建三个sentinel目录
$ mkdir /usr/local/redis_sentinel1 /usr/local/redis_sentinel2 /usr/local/redis_sentinel3

b.拷贝sentinel,conf等文件
$ cp /usr/local/redis/src/redis-sentinel /usr/local/redis_sentinel1
$ cp /usr/local/redis/src/redis-sentinel /usr/local/redis_sentinel2
$ cp /usr/local/redis/src/redis-sentinel /usr/local/redis_sentinel3

$ cp /usr/local/redis/sentinel.conf /usr/local/redis_sentinel1
$ cp /usr/local/redis/sentinel.conf /usr/local/redis_sentinel2
$ cp /usr/local/redis/sentinel.conf /usr/local/redis_sentinel3

c.编辑sentinel配置文件,主要一下配置
$ vi /usr/local/redis_sentinel1/sentinel.conf
port 26379
protected-mode no
dir "/usr/local/redis_sentinel1"
logfile "/usr/local/redis_sentinel1/redis_sentinel1.log"
sentinel auth-pass mymaster redis
sentinel monitor mymaster 127.0.0.1 6379
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 180000

$ vi /usr/local/redis_sentinel2/sentinel.conf
port 26380
protected-mode no
dir "/usr/local/redis_sentinel2"
logfile "/usr/local/redis_sentinel2/redis_sentinel2.log"
sentinel auth-pass mymaster redis1234
sentinel monitor mymaster 127.0.0.1 6379
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 180000

$ vi /usr/local/redis_sentinel3/sentinel.conf
port 26381
protected-mode no
dir "/usr/local/redis_sentinel3"
logfile "/usr/local/redis_sentinel3/redis_sentinel3.log"
sentinel auth-pass mymaster redis1234
sentinel monitor mymaster 127.0.0.1 6379
sentinel down-after-milliseconds mymaster 5000
sentinel parallel-syncs mymaster 1
sentinel failover-timeout mymaster 180000 

2.4测试master和slave

a.启动master和2个slave服务!
查看上述启动方法

b.用master或者slave中的任意cli连接master节点进行操作
$ /usr/local/redis_slave1/redis-cli -p 6379
$ auth redis1234
$ select 2
$ set name sunjianhua
$ info Replication

c.连接slave节点查询数据是否存在
$ /usr/local/redis_slave1/redis-cli -p 6381
$ auth redis1234
$ select 2
$ select name

2.5测试sentinel

a.先启动主从,后启动sentinel服务
主从启动看上面
$ /usr/local/redis_sentinel1/redis-sentinel  /usr/local/redis_sentinel1/sentinel.conf &
$ /usr/local/redis_sentinel2/redis-sentinel  /usr/local/redis_sentinel2/sentinel.conf &
$ /usr/local/redis_sentinel3/redis-sentinel  /usr/local/redis_sentinel3/sentinel.conf &

b.查看sentinel日志
$ tail -f /usr/local/redis_sentinel1/redis-sentinel1.log

c.关闭master,查看sentinel控制台

d.连接之前的slave服务,查看info replication,两个slave 节点之一变为了master

版权属于：sunjianhua

本文链接：https://sunjianhua.cn/archives/centos-redis.html

转载时须注明出处及本声明，如果不小心侵犯了您的权益，请联系邮箱：NTA2MTkzNjQ1QHFxLmNvbQ==