Production Redis Configuration with Persistence and Memory Policy

# ── Networking ────────────────────────────────────────────────
bind 127.0.0.1 ::1   # never bind to 0.0.0.0 in production
port 6379
tcp-backlog 511
tcp-keepalive 300

# ── Auth ──────────────────────────────────────────────────────
requirepass your-very-long-random-password

# Disable dangerous commands
rename-command FLUSHDB  ""
rename-command FLUSHALL ""
rename-command DEBUG    ""
rename-command CONFIG   "REDIS_CONFIG_HIDDEN"

# ── Memory ────────────────────────────────────────────────────
maxmemory       4gb
maxmemory-policy allkeys-lru   # evict LRU keys when at limit
maxmemory-samples 10           # higher = more accurate LRU (default 5)

# ── Persistence: RDB snapshots ────────────────────────────────
save 3600 1     # save if at least 1 key changed in 1 hour
save 300  100   # save if 100 keys changed in 5 min
save 60   10000 # save if 10k keys changed in 1 min
dbfilename dump.rdb
dir /var/lib/redis

# ── Persistence: AOF (append-only file) ──────────────────────
appendonly yes
appendfsync everysec    # good balance of durability vs. performance
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size   64mb
no-appendfsync-on-rewrite   no

# ── Slow log ──────────────────────────────────────────────────
slowlog-log-slower-than 10000   # microseconds (10ms)
slowlog-max-len 128

# ── Clients ───────────────────────────────────────────────────
maxclients 1000
timeout    300

# ── TLS (Redis 6+, optional) ─────────────────────────────────
# tls-port 6380
# tls-cert-file /etc/redis/tls/redis.crt
# tls-key-file  /etc/redis/tls/redis.key
# tls-ca-cert-file /etc/redis/tls/ca.crt

# sentinel.conf
sentinel monitor mymaster 127.0.0.1 6379 2
sentinel auth-pass mymaster your-very-long-random-password
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 60000
sentinel parallel-syncs mymaster 1