适用于

当前查看：

Debian 13 (Trixie)

相同于：

Debian 12 (Bookworm) Ubuntu 24.04 LTS (Noble Numbat)

其他版本：

Debian 10 (Buster) Debian 11 (Bullseye) Ubuntu 18.04 LTS (Bionic Beaver) Ubuntu 20.04 LTS (Focal Fossa) Ubuntu 22.04 LTS (Jammy Jellyfish)

详情

大小: 91 行
MD5: 3450c61e28809e6d1d5c49d0beec589a
SHA256: b97b4c0ce03dbdf2b2631f8af7c6ff38d10228c083cd8e683e11dac391ff1e9d

/etc/systemd/redis-server@.service

# Templated service file for redis-server(1)
#
# Each instance of redis-server requires its own configuration file:
#
#   $ cp /etc/redis/redis.conf /etc/redis/redis-myname.conf
#   $ chown redis:redis /etc/redis/redis-myname.conf
#
# Ensure each instance is using their own database:
#
#   $ sed -i -e 's@^dbfilename .*@dbfilename dump-myname.rdb@' /etc/redis/redis-myname.conf
#
# We then listen exlusively on UNIX sockets to avoid TCP port collisions:
#
#   $ sed -i -e 's@^port .*@port 0@' /etc/redis/redis-myname.conf
#   $ sed -i -e 's@^\(# \)\{0,1\}unixsocket .*@unixsocket /run/redis-myname/redis-server.sock@' /etc/redis/redis-myname.conf
#
# ... and ensure we are logging, etc. in a unique location:
#
#   $ sed -i -e 's@^logfile .*@logfile /var/log/redis/redis-server-myname.log@' /etc/redis/redis-myname.conf
#   $ sed -i -e 's@^pidfile .*@pidfile /run/redis-myname/redis-server.pid@' /etc/redis/redis-myname.conf
#
# We can then start the service as follows, validating we are using our own
# configuration:
#
#   $ systemctl start redis-server@myname.service
#   $ redis-cli -s /run/redis-myname/redis-server.sock info | grep config_file
#
#  -- Chris Lamb <lamby@debian.org>  Mon, 09 Oct 2017 22:17:24 +0100
[Unit]
Description=Advanced key-value store (%I)
After=network.target
Documentation=http://redis.io/documentation, man:redis-server(1)

[Service]
Type=notify
ExecStart=/usr/bin/redis-server /etc/redis/redis-%i.conf --supervised systemd --daemonize no
PIDFile=/run/redis-%i/redis-server.pid
TimeoutStopSec=0
Restart=always
User=redis
Group=redis
RuntimeDirectory=redis-%i
RuntimeDirectoryMode=2755

UMask=007
PrivateTmp=true
LimitNOFILE=65535
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=-/var/lib/redis
ReadWritePaths=-/var/log/redis
ReadWritePaths=-/var/run/redis-%i

CapabilityBoundingSet=
LockPersonality=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
RemoveIPC=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~ @privileged @resources

# redis-server can write to its own config file when in cluster mode so we
# permit writing there by default. If you are not using this feature, it is
# recommended that you remove this line.
ReadWriteDirectories=-/etc/redis

# This restricts this service from executing binaries other than redis-server
# itself. This is really effective at e.g. making it impossible to an
# attacker to spawn a shell on the system, but might be more restrictive
# than desired. If you need to, you can permit the execution of extra
# binaries by adding an extra ExecPaths= directive with the command
# systemctl edit redis-server.service
NoExecPaths=/
ExecPaths=/usr/bin/redis-server /usr/lib /lib

[Install]
WantedBy=multi-user.target

复制粘贴

curl：

curl https://exampleconfig.com/api/v1/config/original/3450c61e28809e6d1d5c49d0beec589a?hint=redis-server@.service

wget：

wget -O redis-server@.service https://exampleconfig.com/api/v1/config/original/3450c61e28809e6d1d5c49d0beec589a?hint=redis-server@.service

给 AI Agent 用

<prompt><role>DevOps agent</role><source url='https://exampleconfig.com/api/v1/config/original/3450c61e28809e6d1d5c49d0beec589a?hint=redis-server@.service' /><config><app>Redis</app><os>Debian 13 (Trixie)</os><location>/etc/systemd/redis-server@.service</location><lines>91</lines><md5>3450c61e28809e6d1d5c49d0beec589a</md5><sha256>b97b4c0ce03dbdf2b2631f8af7c6ff38d10228c083cd8e683e11dac391ff1e9d</sha256></config></prompt>

粘贴到 Claude、ChatGPT 或任何 AI 助手里。

安装 Redis

Alpine Linux

sudo apk add redis

Debian

sudo apt update && sudo apt install redis-server

Ubuntu

sudo apt update && sudo apt install redis-server

文件位置

文件路径

/etc/systemd/redis-server@.service

/etc/systemd/

用途

系统级配置目录

说明

/etc/ 里的文件是系统级配置，影响所有用户。

FAQ

什么时候该用这个 redis-server@.service？

用来恢复缺失的默认文件、确认发行版本带了什么，或拿你的 Redis config 做 diff。

怎么恢复 Redis 的默认配置？

下载文件，把 /etc/systemd/redis-server@.service 里的当前配置备份好，替换掉，然后 reload 或 restart Redis。

redis-server@.service 适合直接上生产吗？

这是 Debian 13 (Trixie) 的厂商默认配置，只能当基线。上生产前请检查安全和性能设置。

和其他 OS 版本有什么不同？

默认值会随发行版和版本变化，这份对应 Debian 13 (Trixie)。

我可以用它来排查 Redis 吗？

可以。和你的配置做 diff 找出漂移，然后只恢复需要的段落。

Redis /etc/systemd/redis-server@.service

适用于

详情