This page provides a minimal, real-world Redis configuration baseline for current Debian and RHEL releases.
Typical location:
/etc/redis/redis.conf
Typical location:
/etc/redis/redis.conf
Some installs also include drop-in files under /etc/redis/*.conf.
redis.conf (Debian/RHEL)Use this as a baseline for a small production deployment on a private network.
# Network
bind 127.0.0.1 10.0.0.10
port 6379
protected-mode yes
# Authentication (Redis 6+ ACL model)
# Set a strong password or use ACL users
requirepass change-me-strong-password
# Memory and eviction
maxmemory 1gb
maxmemory-policy allkeys-lru
# Persistence (RDB + AOF)
save 900 1
save 300 10
save 60 10000
appendonly yes
appendfsync everysec
# Logging
loglevel notice
logfile /var/log/redis/redis-server.log
# Data dir
# Ensure this directory exists and is owned by redis user
dir /var/lib/redis
# New features in recent versions
# Hot keys detection (Redis 8.6+)
latency-monitor-threshold 100
# Time series improvements (if using TS modules)
# For Redis 8.6+ with time series support
notify-keyspace-events Ex
bind: Restrict Redis to localhost and trusted private IPs only.protected-mode yes: Adds protection when auth/network is misconfigured.requirepass: Minimum access control for simple deployments.maxmemory: Prevents uncontrolled memory growth.maxmemory-policy: Controls key eviction behavior under memory pressure.appendonly yes: Enables AOF persistence for better durability.appendfsync everysec: Balanced durability vs write performance.save ...: Snapshot schedule for RDB backups.latency-monitor-threshold: Enable latency monitoring for performance analysis (Redis 8.6+).notify-keyspace-events: Enable keyspace notifications for event-driven applications.Redis 8.6 introduced new eviction policies:
volatile-lrm: Least Recently Modified (with expiration set)allkeys-lrm: Least Recently Modified (any key)For newer Redis versions, prefer ACL users over shared password-only access:
redis-cli ACL SETUSER appuser on >change-me-strong-password ~app:* +@read +@write
redis-cli ACL SETUSER monitor on >monitor-password +@admin +@read ~* -set -del -flushdb -flushall
For secure connections across networks:
# TLS settings
tls-port 6380
port 0 # Disable non-TLS port
tls-cert-file /etc/redis/tls/redis.crt
tls-key-file /etc/redis/tls/redis.key
tls-ca-cert-file /etc/redis/tls/ca.crt
tls-auth-clients yes
tls-protocols "TLSv1.2 TLSv1.3"
tls-ciphers "DEFAULT:!MEDIUM"
tls-prefer-server-ciphers yes
Restart Redis after updating configuration:
sudo systemctl restart redis-server
On some RHEL-based installs the service may be redis:
sudo systemctl restart redis
Validate runtime settings and connectivity:
redis-cli -a 'change-me-strong-password' PING
redis-cli -a 'change-me-strong-password' CONFIG GET bind
redis-cli -a 'change-me-strong-password' CONFIG GET maxmemory
redis-cli -a 'change-me-strong-password' INFO persistence
redis-cli -a 'change-me-strong-password' INFO server
maxmemory to ~75% of available RAMmaxmemory-policy based on use caseINFO memoryappendfsync everysecprotected-mode yes in productionbind addresses6379 to the public internet.