diff --git a/CHANGELOG.md b/CHANGELOG.md
index dfee481d..930d38cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 3.1.0 (release date: TBD)
+ * Upgraded image base to phusion/baseimage:noble-1.0.0
+ * Upgraded to Ubuntu 24.04 LTS (Noble)
+ - note updated compiler chain and all tools; please test your apps thoroughly
+ * Default Python version is now 3.12 (from 3.10)
+ * Python 2.7 and 3.7 are no longer available from the Deadsnakes PPA; we weren't providing images for either previously
+ * Nginx version is now 1.24 (from 1.18)
+ - changelog can be found at https://nginx.org/en/CHANGES-1.24
+ - if you provide your own nginx.conf, please define error_log at the root scope, not the http scope; see https://github.com/phusion/passenger/issues/2541
+ - a number of modules are no longer installed and enabled by default (mod-http-geoip2, mod-http-image-filter, mod-http-xslt-filter, mod-mail, mod-stream, mod-stream-geoip2)
+ * Redis version is now 7.0.15 (from 6.0.16)
+
## 3.0.8 (release date: TBD)
* Upgraded to Ruby 3.3.5
* Added a Python 3.13 image
diff --git a/Makefile b/Makefile
index c3bec6b2..1b593228 100644
--- a/Makefile
+++ b/Makefile
@@ -82,7 +82,7 @@ build_%: build_base
@if [ "${*}" == "full" ]; then \
for i in ${CRUBY_IMAGES}; do echo "$${i}=1" >> ${*}_image/buildconfig; done; \
for i in ${MISC_IMAGES}; do echo "$${i}=1" >> ${*}_image/buildconfig; done; \
- echo python310=1 >> ${*}_image/buildconfig; \
+ echo python312=1 >> ${*}_image/buildconfig; \
echo redis=1 >> ${*}_image/buildconfig; \
echo memcached=1 >> ${*}_image/buildconfig; \
fi
diff --git a/README.md b/README.md
index 3526fed5..a4a045b6 100644
--- a/README.md
+++ b/README.md
@@ -85,7 +85,7 @@ Why use passenger-docker instead of doing everything yourself in Dockerfile?
Basics (learn more at [baseimage-docker](http://phusion.github.io/baseimage-docker/)):
- * Ubuntu 22.04 LTS as base system.
+ * Ubuntu 24.04 LTS as base system.
* A **correct** init process ([learn more](http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)).
* Fixes APT incompatibilities with Docker.
* syslog-ng.
@@ -99,13 +99,13 @@ Language support:
* 3.3.5 is configured as the default.
* JRuby is installed from source, but we register an APT entry for it.
* JRuby uses OpenJDK 17.
- * Python 2.7 or 3.10, or any version provided by the Deadsnakes PPA (currently 3.7, 3.8, 3.9, 3.11, 3.12, and 3.13; see https://launchpad.net/~deadsnakes/+archive/ubuntu/ppa).
- * Node.js 18 by default, or any version provided by Nodesource (currently 16, 18, 20, 21; see https://github.com/nodesource/distributions).
+ * Python 3.12, or any version provided by the Deadsnakes PPA (currently 3.8, 3.9, 3.10, and 3.11; see https://launchpad.net/~deadsnakes/+archive/ubuntu/ppa).
+ * Node.js 20 by default, or any version provided by Nodesource (currently 18, 20, 21, 22; see https://github.com/nodesource/distributions).
* A build system, git, and development headers for many popular libraries, so that the most popular Ruby, Python and Node.js native extensions can be compiled without problems.
Web server and application server:
- * Nginx 1.18. Disabled by default.
+ * Nginx 1.24. Disabled by default.
* [Phusion Passenger 6](https://www.phusionpassenger.com/). Disabled by default (because it starts along with Nginx).
* This is a fast and lightweight tool for simplifying web application integration into Nginx.
* It adds many production-grade features, such as process monitoring, administration and status inspection.
@@ -114,7 +114,7 @@ Web server and application server:
Auxiliary services and tools:
- * Redis 6.0. Not installed by default.
+ * Redis 7.0. Not installed by default.
* Memcached. Not installed by default.
@@ -220,7 +220,7 @@ CMD ["/sbin/my_init"]
#RUN /pd_build/jruby-9.4.*.sh
#
# Python support
-#RUN /pd_build/python.sh 3.10
+#RUN /pd_build/python.sh 3.12
# ...put your own build instructions here...
@@ -281,7 +281,7 @@ server {
# For Python ie. Django
passenger_app_type wsgi;
- passenger_startup_file passenger_wsgi.py; (contents example: https://gist.github.com/ajhodgson/96c51dba349697e5c7e46027cc530434)
+ passenger_startup_file passenger_wsgi.py; # (contents example: https://gist.github.com/ajhodgson/96c51dba349697e5c7e46027cc530434)
# For Node.js
passenger_app_type node;
@@ -521,7 +521,7 @@ The following example shows how you can add a startup script. This script simply
### Upgrading the operating system inside the container
-passenger-docker images contain an Ubuntu 22.04 operating system. You may want to update this OS from time to time, for example to pull in the latest security updates. OpenSSL is a notorious example. Vulnerabilities are discovered in OpenSSL on a regular basis, so you should keep OpenSSL up-to-date as much as you can.
+passenger-docker images contain an Ubuntu 24.04 operating system. You may want to update this OS from time to time, for example to pull in the latest security updates. OpenSSL is a notorious example. Vulnerabilities are discovered in OpenSSL on a regular basis, so you should keep OpenSSL up-to-date as much as you can.
While we release passenger-docker images with the latest OS updates from time to time, you do not have to rely on us. You can update the OS inside passenger-docker images yourself, and it is recommend that you do this instead of waiting for us. This is also especially important to upgrade any installed Python or Node packages to the latest minor version.
diff --git a/image/Dockerfile b/image/Dockerfile
index 1d213730..d6c04069 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -7,6 +7,7 @@ MAINTAINER Phusion
ADD . /pd_build
ARG ARCH
+ARG http_proxy
RUN --mount=type=cache,target=/build_cache \
/usr/bin/nice /pd_build/install_image.sh
diff --git a/image/Dockerfile.base b/image/Dockerfile.base
index 2fecd5ad..e9dff1d5 100644
--- a/image/Dockerfile.base
+++ b/image/Dockerfile.base
@@ -1,10 +1,11 @@
# syntax=docker/dockerfile:1.2
-FROM phusion/baseimage:jammy-1.0.4
+FROM phusion/baseimage:noble-1.0.0
MAINTAINER Phusion
ADD . /pd_build
ARG ARCH
+ARG http_proxy
RUN --mount=type=cache,target=/build_cache \
rm -rf "/build_cache/${ARCH}" && \
/usr/bin/nice /pd_build/install_base.sh && \
diff --git a/image/config/nginx.conf b/image/config/nginx.conf
index 99ba59c1..706a78d4 100644
--- a/image/config/nginx.conf
+++ b/image/config/nginx.conf
@@ -3,6 +3,12 @@ worker_processes auto;
pid /run/nginx.pid;
daemon off;
+##
+# Error logs
+##
+
+error_log /var/log/nginx/error.log;
+
include /etc/nginx/main.d/*.conf;
include /etc/nginx/modules-enabled/*.conf;
@@ -38,11 +44,10 @@ http {
ssl_prefer_server_ciphers on;
##
- # Logging Settings
+ # Access logs
##
access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
##
# Gzip Settings
diff --git a/image/config/redis.conf b/image/config/redis.conf
index 86505db2..83fb31aa 100644
--- a/image/config/redis.conf
+++ b/image/config/redis.conf
@@ -32,8 +32,17 @@
# If instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
+# Included paths may contain wildcards. All files matching the wildcards will
+# be included in alphabetical order.
+# Note that if an include path contains a wildcards but no files match it when
+# the server is started, the include statement will be ignored and no error will
+# be emitted. It is safe, therefore, to include wildcard files from empty
+# directories.
+#
# include /path/to/local.conf
# include /path/to/other.conf
+# include /path/to/fragments/*.conf
+#
################################## MODULES #####################################
@@ -49,43 +58,81 @@
# for connections from all available network interfaces on the host machine.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
+# Each address can be prefixed by "-", which means that redis will not fail to
+# start if the address is not available. Being not available only refers to
+# addresses that does not correspond to any network interface. Addresses that
+# are already in use will always fail, and unsupported protocols will always BE
+# silently skipped.
#
# Examples:
#
-# bind 192.168.1.100 10.0.0.1
-# bind 127.0.0.1 ::1
+# bind 192.168.1.100 10.0.0.1 # listens on two specific IPv4 addresses
+# bind 127.0.0.1 ::1 # listens on loopback IPv4 and IPv6
+# bind * -::* # like the default, all available interfaces
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only on the
-# IPv4 loopback interface address (this means Redis will only be able to
-# accept client connections from the same host that it is running on).
+# IPv4 and IPv6 (if available) loopback interface addresses (this means Redis
+# will only be able to accept client connections from the same host that it is
+# running on).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
-# JUST COMMENT OUT THE FOLLOWING LINE.
+# COMMENT OUT THE FOLLOWING LINE.
+#
+# You will also need to set a password unless you explicitly disable protected
+# mode.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-bind 127.0.0.1 ::1
+bind 127.0.0.1 -::1
-# Protected mode is a layer of security protection, in order to avoid that
-# Redis instances left open on the internet are accessed and exploited.
+# By default, outgoing connections (from replica to master, from Sentinel to
+# instances, cluster bus, etc.) are not bound to a specific local address. In
+# most cases, this means the operating system will handle that based on routing
+# and the interface through which the connection goes out.
#
-# When protected mode is on and if:
+# Using bind-source-addr it is possible to configure a specific address to bind
+# to, which may also affect how the connection gets routed.
#
-# 1) The server is not binding explicitly to a set of addresses using the
-# "bind" directive.
-# 2) No password is configured.
+# Example:
#
-# The server only accepts connections from clients connecting from the
-# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
-# sockets.
+# bind-source-addr 10.0.0.1
+
+# Protected mode is a layer of security protection, in order to avoid that
+# Redis instances left open on the internet are accessed and exploited.
+#
+# When protected mode is on and the default user has no password, the server
+# only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address
+# (::1) or Unix domain sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
-# even if no authentication is configured, nor a specific set of interfaces
-# are explicitly listed using the "bind" directive.
+# even if no authentication is configured.
protected-mode yes
+# Redis uses default hardened security configuration directives to reduce the
+# attack surface on innocent users. Therefore, several sensitive configuration
+# directives are immutable, and some potentially-dangerous commands are blocked.
+#
+# Configuration directives that control files that Redis writes to (e.g., 'dir'
+# and 'dbfilename') and that aren't usually modified during runtime
+# are protected by making them immutable.
+#
+# Commands that can increase the attack surface of Redis and that aren't usually
+# called by users are blocked by default.
+#
+# These can be exposed to either all connections or just local ones by setting
+# each of the configs listed below to either of these values:
+#
+# no - Block for any connection (remain immutable)
+# yes - Allow for any connection (no protection)
+# local - Allow only for local connections. Ones originating from the
+# IPv4 address (127.0.0.1), IPv6 address (::1) or Unix domain sockets.
+#
+# enable-protected-configs no
+# enable-debug-command no
+# enable-module-command no
+
# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379
@@ -105,7 +152,7 @@ tcp-backlog 511
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
-# unixsocket /var/run/redis/redis-server.sock
+# unixsocket /run/redis/redis-server.sock
# unixsocketperm 700
# Close the connection after a client is idle for N seconds (0 to disable)
@@ -128,6 +175,16 @@ timeout 0
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
+# Apply OS-specific mechanism to mark the listening socket with the specified
+# ID, to support advanced routing and filtering capabilities.
+#
+# On Linux, the ID represents a connection mark.
+# On FreeBSD, the ID represents a socket cookie ID.
+# On OpenBSD, the ID represents a route table ID.
+#
+# The default value is 0, which implies no marking is required.
+# socket-mark-id 0
+
################################# TLS/SSL #####################################
# By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
@@ -143,8 +200,32 @@ tcp-keepalive 300
#
# tls-cert-file redis.crt
# tls-key-file redis.key
+#
+# If the key file is encrypted using a passphrase, it can be included here
+# as well.
+#
+# tls-key-file-pass secret
-# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange:
+# Normally Redis uses the same certificate for both server functions (accepting
+# connections) and client functions (replicating from a master, establishing
+# cluster bus connections, etc.).
+#
+# Sometimes certificates are issued with attributes that designate them as
+# client-only or server-only certificates. In that case it may be desired to use
+# different certificates for incoming (server) and outgoing (client)
+# connections. To do that, use the following directives:
+#
+# tls-client-cert-file client.crt
+# tls-client-key-file client.key
+#
+# If the key file is encrypted using a passphrase, it can be included here
+# as well.
+#
+# tls-client-key-file-pass secret
+
+# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange,
+# required by older versions of OpenSSL (<3.0). Newer versions do not require
+# this configuration and recommend against it.
#
# tls-dh-params-file redis.dh
@@ -177,9 +258,12 @@ tcp-keepalive 300
#
# tls-cluster yes
-# Explicitly specify TLS versions to support. Allowed values are case insensitive
-# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or
-# any combination. To enable only TLSv1.2 and TLSv1.3, use:
+# By default, only TLSv1.2 and TLSv1.3 are enabled and it is highly recommended
+# that older formally deprecated versions are kept disabled to reduce the attack surface.
+# You can explicitly specify TLS versions to support.
+# Allowed values are case insensitive and include "TLSv1", "TLSv1.1", "TLSv1.2",
+# "TLSv1.3" (OpenSSL >= 1.1.1) or any combination.
+# To enable only TLSv1.2 and TLSv1.3, use:
#
# tls-protocols "TLSv1.2 TLSv1.3"
@@ -221,6 +305,7 @@ tcp-keepalive 300
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
+# When Redis is supervised by upstart or systemd, this parameter has no impact.
daemonize no
# If you run Redis from upstart or systemd, Redis can interact with your
@@ -229,11 +314,17 @@ daemonize no
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# requires "expect stop" in your upstart job config
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
+# on startup, and updating Redis status on a regular
+# basis.
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
# They do not enable continuous pings back to your supervisor.
-supervised no
+#
+# The default is "no". To run under upstart/systemd, you can simply uncomment
+# the line below:
+#
+# supervised auto
# If a pid file is specified, Redis writes it where specified at startup
# and removes it at exit.
@@ -244,7 +335,10 @@ supervised no
#
# Creating a pid file is best effort: if Redis is not able to create it
# nothing bad happens, the server will start and run normally.
-pidfile /var/run/redis/redis-server.pid
+#
+# Note that on modern Linux systems "/run/redis.pid" is more conforming
+# and should be used instead.
+pidfile /run/redis/redis-server.pid
# Specify the server verbosity level.
# This can be one of:
@@ -269,44 +363,74 @@ logfile /var/log/redis/redis-server.log
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
# syslog-facility local0
+# To disable the built in crash log, which will possibly produce cleaner core
+# dumps when they are needed, uncomment the following:
+#
+# crash-log-enabled no
+
+# To disable the fast memory check that's run as part of the crash log, which
+# will possibly let redis terminate sooner, uncomment the following:
+#
+# crash-memcheck-enabled no
+
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT where
# dbid is a number between 0 and 'databases'-1
databases 16
# By default Redis shows an ASCII art logo only when started to log to the
-# standard output and if the standard output is a TTY. Basically this means
-# that normally a logo is displayed only in interactive sessions.
+# standard output and if the standard output is a TTY and syslog logging is
+# disabled. Basically this means that normally a logo is displayed only in
+# interactive sessions.
#
# However it is possible to force the pre-4.0 behavior and always show a
# ASCII art logo in startup logs by setting the following option to yes.
-always-show-logo yes
+always-show-logo no
+
+# By default, Redis modifies the process title (as seen in 'top' and 'ps') to
+# provide some runtime information. It is possible to disable this and leave
+# the process name as executed by setting the following to no.
+set-proc-title yes
+
+# When changing the process title, Redis uses the following template to construct
+# the modified title.
+#
+# Template variables are specified in curly brackets. The following variables are
+# supported:
+#
+# {title} Name of process as executed if parent, or type of child process.
+# {listen-addr} Bind address or '*' followed by TCP or TLS port listening on, or
+# Unix socket if only that's available.
+# {server-mode} Special mode, i.e. "[sentinel]" or "[cluster]".
+# {port} TCP port listening on, or 0.
+# {tls-port} TLS port listening on, or 0.
+# {unixsocket} Unix domain socket listening on, or "".
+# {config-file} Name of configuration file used.
+#
+proc-title-template "{title} {listen-addr} {server-mode}"
################################ SNAPSHOTTING ################################
+
+# Save the DB to disk.
#
-# Save the DB on disk:
+# save [ ...]
#
-# save
+# Redis will save the DB if the given number of seconds elapsed and it
+# surpassed the given number of write operations against the DB.
#
-# Will save the DB if both the given number of seconds and the given
-# number of write operations against the DB occurred.
+# Snapshotting can be completely disabled with a single empty string argument
+# as in following example:
#
-# In the example below the behavior will be to save:
-# after 900 sec (15 min) if at least 1 key changed
-# after 300 sec (5 min) if at least 10 keys changed
-# after 60 sec if at least 10000 keys changed
+# save ""
#
-# Note: you can disable saving completely by commenting out all "save" lines.
+# Unless specified otherwise, by default Redis will save the DB:
+# * After 3600 seconds (an hour) if at least 1 change was performed
+# * After 300 seconds (5 minutes) if at least 100 changes were performed
+# * After 60 seconds if at least 10000 changes were performed
#
-# It is also possible to remove all the previously configured save
-# points by adding a save directive with a single empty string argument
-# like in the following example:
+# You can set these explicitly by uncommenting the following line.
#
-# save ""
-
-save 900 1
-save 300 10
-save 60 10000
+# save 3600 1 300 100 60 10000
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
@@ -338,6 +462,21 @@ rdbcompression yes
# tell the loading code to skip the check.
rdbchecksum yes
+# Enables or disables full sanitization checks for ziplist and listpack etc when
+# loading an RDB or RESTORE payload. This reduces the chances of a assertion or
+# crash later on while processing commands.
+# Options:
+# no - Never perform full sanitization
+# yes - Always perform full sanitization
+# clients - Perform full sanitization only for user connections.
+# Excludes: RDB files, RESTORE commands received from the master
+# connection, and client connections which have the
+# skip-sanitize-payload ACL flag.
+# The default should be 'clients' but since it currently affects cluster
+# resharding via MIGRATE, it is temporarily set to 'no' by default.
+#
+# sanitize-dump-payload no
+
# The filename where to dump the DB
dbfilename dump.rdb
@@ -412,9 +551,10 @@ dir /var/lib/redis
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
#
-# 2) If replica-serve-stale-data is set to 'no' the replica will reply with
-# an error "SYNC with master in progress" to all commands except:
-# INFO, REPLICAOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
+# 2) If replica-serve-stale-data is set to 'no' the replica will reply with error
+# "MASTERDOWN Link with MASTER is down and replica-serve-stale-data is set to 'no'"
+# to all data access commands, excluding commands such as:
+# INFO, REPLICAOF, AUTH, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
# UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
# HOST and LATENCY.
#
@@ -463,7 +603,7 @@ replica-read-only yes
#
# With slow disks and fast (large bandwidth) networks, diskless replication
# works better.
-repl-diskless-sync no
+repl-diskless-sync yes
# When diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the RDB via socket
@@ -477,12 +617,18 @@ repl-diskless-sync no
# it entirely just set it to 0 seconds and the transfer will start ASAP.
repl-diskless-sync-delay 5
+# When diskless replication is enabled with a delay, it is possible to let
+# the replication start before the maximum delay is reached if the maximum
+# number of replicas expected have connected. Default of 0 means that the
+# maximum is not defined and Redis will wait the full delay.
+repl-diskless-sync-max-replicas 0
+
# -----------------------------------------------------------------------------
# WARNING: RDB diskless load is experimental. Since in this setup the replica
# does not immediately store an RDB on disk, it may cause data loss during
# failovers. RDB diskless load + Redis modules not handling I/O reads may also
# cause Redis to abort in case of I/O errors during the initial synchronization
-# stage with the master. Use only if your do what you are doing.
+# stage with the master. Use only if you know what you are doing.
# -----------------------------------------------------------------------------
#
# Replica can load the RDB it reads from the replication link directly from the
@@ -491,19 +637,23 @@ repl-diskless-sync-delay 5
#
# In many cases the disk is slower than the network, and storing and loading
# the RDB file may increase replication time (and even increase the master's
-# Copy on Write memory and salve buffers).
+# Copy on Write memory and replica buffers).
# However, parsing the RDB file directly from the socket may mean that we have
# to flush the contents of the current database before the full rdb was
# received. For this reason we have the following options:
#
# "disabled" - Don't use diskless load (store the rdb file to the disk first)
# "on-empty-db" - Use diskless load only when it is completely safe.
-# "swapdb" - Keep a copy of the current db contents in RAM while parsing
-# the data directly from the socket. note that this requires
-# sufficient memory, if you don't have it, you risk an OOM kill.
+# "swapdb" - Keep current db contents in RAM while parsing the data directly
+# from the socket. Replicas in this mode can keep serving current
+# data set while replication is in progress, except for cases where
+# they can't recognize master as having a data set from same
+# replication history.
+# Note that this requires sufficient memory, if you don't have it,
+# you risk an OOM kill.
repl-diskless-load disabled
-# Replicas send PINGs to server in a predefined interval. It's possible to
+# Master send PINGs to its replicas in a predefined interval. It's possible to
# change this interval with the repl_ping_replica_period option. The default
# value is 10 seconds.
#
@@ -578,6 +728,43 @@ repl-disable-tcp-nodelay no
# By default the priority is 100.
replica-priority 100
+# The propagation error behavior controls how Redis will behave when it is
+# unable to handle a command being processed in the replication stream from a master
+# or processed while reading from an AOF file. Errors that occur during propagation
+# are unexpected, and can cause data inconsistency. However, there are edge cases
+# in earlier versions of Redis where it was possible for the server to replicate or persist
+# commands that would fail on future versions. For this reason the default behavior
+# is to ignore such errors and continue processing commands.
+#
+# If an application wants to ensure there is no data divergence, this configuration
+# should be set to 'panic' instead. The value can also be set to 'panic-on-replicas'
+# to only panic when a replica encounters an error on the replication stream. One of
+# these two panic values will become the default value in the future once there are
+# sufficient safety mechanisms in place to prevent false positive crashes.
+#
+# propagation-error-behavior ignore
+
+# Replica ignore disk write errors controls the behavior of a replica when it is
+# unable to persist a write command received from its master to disk. By default,
+# this configuration is set to 'no' and will crash the replica in this condition.
+# It is not recommended to change this default, however in order to be compatible
+# with older versions of Redis this config can be toggled to 'yes' which will just
+# log a warning and execute the write command it got from the master.
+#
+# replica-ignore-disk-write-errors no
+
+# -----------------------------------------------------------------------------
+# By default, Redis Sentinel includes all replicas in its reports. A replica
+# can be excluded from Redis Sentinel's announcements. An unannounced replica
+# will be ignored by the 'sentinel replicas ' command and won't be
+# exposed to Redis Sentinel's clients.
+#
+# This option does not change the behavior of replica-priority. Even with
+# replica-announced set to 'no', the replica can be promoted to master. To
+# prevent this behavior, set replica-priority to 0.
+#
+# replica-announced yes
+
# It is possible for a master to stop accepting writes if there are less than
# N replicas connected, having a lag less or equal than M seconds.
#
@@ -633,7 +820,7 @@ replica-priority 100
# Redis implements server assisted support for client side caching of values.
# This is implemented using an invalidation table that remembers, using
-# 16 millions of slots, what clients may have certain subsets of keys. In turn
+# a radix key indexed by key name, what clients have which keys. In turn
# this is used in order to send invalidation messages to clients. Please
# check this page to understand more about the feature:
#
@@ -697,8 +884,12 @@ replica-priority 100
# off Disable the user: it's no longer possible to authenticate
# with this user, however the already authenticated connections
# will still work.
-# + Allow the execution of that command
-# - Disallow the execution of that command
+# skip-sanitize-payload RESTORE dump-payload sanitization is skipped.
+# sanitize-payload RESTORE dump-payload is sanitized (default).
+# + Allow the execution of that command.
+# May be used with `|` for allowing subcommands (e.g "+config|get")
+# - Disallow the execution of that command.
+# May be used with `|` for blocking subcommands (e.g "-config|set")
# +@ Allow the execution of all the commands in such category
# with valid categories are like @admin, @set, @sortedset, ...
# and so forth, see the full list in the server.c file where
@@ -706,10 +897,11 @@ replica-priority 100
# The special category @all means all the commands, but currently
# present in the server, and that will be loaded in the future
# via modules.
-# +|subcommand Allow a specific subcommand of an otherwise
-# disabled command. Note that this form is not
-# allowed as negative like -DEBUG|SEGFAULT, but
-# only additive starting with "+".
+# +|first-arg Allow a specific first argument of an otherwise
+# disabled command. It is only supported on commands with
+# no sub-commands, and is not allowed as negative form
+# like -SELECT|1, only additive starting with "+". This
+# feature is deprecated and may be removed in the future.
# allcommands Alias for +@all. Note that it implies the ability to execute
# all the future commands loaded via the modules system.
# nocommands Alias for -@all.
@@ -717,8 +909,17 @@ replica-priority 100
# commands. For instance ~* allows all the keys. The pattern
# is a glob-style pattern like the one of KEYS.
# It is possible to specify multiple patterns.
+# %R~ Add key read pattern that specifies which keys can be read
+# from.
+# %W~ Add key write pattern that specifies which keys can be
+# written to.
# allkeys Alias for ~*
# resetkeys Flush the list of allowed keys patterns.
+# & Add a glob-style pattern of Pub/Sub channels that can be
+# accessed by the user. It is possible to specify multiple channel
+# patterns.
+# allchannels Alias for &*
+# resetchannels Flush the list of allowed channel patterns.
# > Add this password to the list of valid password for the user.
# For example >mypass will add "mypass" to the list.
# This directive clears the "nopass" flag (see later).
@@ -737,6 +938,14 @@ replica-priority 100
# reset Performs the following actions: resetpass, resetkeys, off,
# -@all. The user returns to the same state it has immediately
# after its creation.
+# () Create a new selector with the options specified within the
+# parentheses and attach it to the user. Each option should be
+# space separated. The first character must be ( and the last
+# character must be ).
+# clearselectors Remove all of the currently attached selectors.
+# Note this does not change the "root" user permissions,
+# which are the permissions directly applied onto the
+# user (outside the parentheses).
#
# ACL rules can be specified in any order: for instance you can start with
# passwords, then flags, or key patterns. However note that the additive
@@ -758,6 +967,40 @@ replica-priority 100
#
# Basically ACL rules are processed left-to-right.
#
+# The following is a list of command categories and their meanings:
+# * keyspace - Writing or reading from keys, databases, or their metadata
+# in a type agnostic way. Includes DEL, RESTORE, DUMP, RENAME, EXISTS, DBSIZE,
+# KEYS, EXPIRE, TTL, FLUSHALL, etc. Commands that may modify the keyspace,
+# key or metadata will also have `write` category. Commands that only read
+# the keyspace, key or metadata will have the `read` category.
+# * read - Reading from keys (values or metadata). Note that commands that don't
+# interact with keys, will not have either `read` or `write`.
+# * write - Writing to keys (values or metadata)
+# * admin - Administrative commands. Normal applications will never need to use
+# these. Includes REPLICAOF, CONFIG, DEBUG, SAVE, MONITOR, ACL, SHUTDOWN, etc.
+# * dangerous - Potentially dangerous (each should be considered with care for
+# various reasons). This includes FLUSHALL, MIGRATE, RESTORE, SORT, KEYS,
+# CLIENT, DEBUG, INFO, CONFIG, SAVE, REPLICAOF, etc.
+# * connection - Commands affecting the connection or other connections.
+# This includes AUTH, SELECT, COMMAND, CLIENT, ECHO, PING, etc.
+# * blocking - Potentially blocking the connection until released by another
+# command.
+# * fast - Fast O(1) commands. May loop on the number of arguments, but not the
+# number of elements in the key.
+# * slow - All commands that are not Fast.
+# * pubsub - PUBLISH / SUBSCRIBE related
+# * transaction - WATCH / MULTI / EXEC related commands.
+# * scripting - Scripting related.
+# * set - Data type: sets related.
+# * sortedset - Data type: zsets related.
+# * list - Data type: lists related.
+# * hash - Data type: hashes related.
+# * string - Data type: strings related.
+# * bitmap - Data type: bitmaps related.
+# * hyperloglog - Data type: hyperloglog related.
+# * geo - Data type: geo related.
+# * stream - Data type: streams related.
+#
# For more information about ACL configuration please refer to
# the Redis web site at https://redis.io/topics/acl
@@ -787,8 +1030,24 @@ acllog-max-len 128
# AUTH as usually, or more explicitly with AUTH default
# if they follow the new protocol: both will work.
#
+# The requirepass is not compatible with aclfile option and the ACL LOAD
+# command, these will cause requirepass to be ignored.
+#
# requirepass foobared
+# New users are initialized with restrictive permissions by default, via the
+# equivalent of this ACL rule 'off resetkeys -@all'. Starting with Redis 6.2, it
+# is possible to manage access to Pub/Sub channels with ACL rules as well. The
+# default Pub/Sub channels permission if new users is controlled by the
+# acl-pubsub-default configuration directive, which accepts one of these values:
+#
+# allchannels: grants access to all Pub/Sub channels
+# resetchannels: revokes access to all Pub/Sub channels
+#
+# From Redis 7.0, acl-pubsub-default defaults to 'resetchannels' permission.
+#
+# acl-pubsub-default resetchannels
+
# Command renaming (DEPRECATED).
#
# ------------------------------------------------------------------------
@@ -877,14 +1136,12 @@ acllog-max-len 128
# Both LRU, LFU and volatile-ttl are implemented using approximated
# randomized algorithms.
#
-# Note: with any of the above policies, Redis will return an error on write
-# operations, when there are no suitable keys for eviction.
-#
-# At the date of writing these commands are: set setnx setex append
-# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
-# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
-# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
-# getset mset msetnx exec sort
+# Note: with any of the above policies, when there are no suitable keys for
+# eviction, Redis will return an error on write operations that require
+# more memory. These are usually commands that create new keys, add data or
+# modify existing keys. A few examples are: SET, INCR, HSET, LPUSH, SUNIONSTORE,
+# SORT (due to the STORE argument), and EXEC (if the transaction includes any
+# command that requires memory).
#
# The default is:
#
@@ -901,6 +1158,14 @@ acllog-max-len 128
#
# maxmemory-samples 5
+# Eviction processing is designed to function well with the default setting.
+# If there is an unusually large amount of write traffic, this value may need to
+# be increased. Decreasing this value may reduce latency at the risk of
+# eviction processing effectiveness
+# 0 = minimum latency, 10 = default, 100 = process without regard to latency
+#
+# maxmemory-eviction-tenacity 10
+
# Starting from Redis 5, by default a replica will ignore its maxmemory setting
# (unless it is promoted to master after a failover or manually). It means
# that the eviction of keys will be just handled by the master, sending the
@@ -994,6 +1259,13 @@ replica-lazy-flush no
lazyfree-lazy-user-del no
+# FLUSHDB, FLUSHALL, SCRIPT FLUSH and FUNCTION FLUSH support both asynchronous and synchronous
+# deletion, which can be controlled by passing the [SYNC|ASYNC] flags into the
+# commands. When neither flag is passed, this directive will be used to determine
+# if the data should be deleted asynchronously.
+
+lazyfree-lazy-user-flush no
+
################################ THREADED I/O #################################
# Redis is mostly single threaded, however there are certain threaded
@@ -1032,7 +1304,7 @@ lazyfree-lazy-user-del no
# Usually threading reads doesn't help much.
#
# NOTE 1: This configuration directive cannot be changed at runtime via
-# CONFIG SET. Aso this feature currently does not work when SSL is
+# CONFIG SET. Also, this feature currently does not work when SSL is
# enabled.
#
# NOTE 2: If you want to test the Redis speedup using redis-benchmark, make
@@ -1050,7 +1322,7 @@ lazyfree-lazy-user-del no
# attempt to have background child processes killed before all others, and
# replicas killed before masters.
#
-# Redis supports three options:
+# Redis supports these options:
#
# no: Don't make changes to oom-score-adj (default).
# yes: Alias to "relative" see below.
@@ -1071,6 +1343,19 @@ oom-score-adj no
# oom-score-adj-values to positive values will always succeed.
oom-score-adj-values 0 200 800
+
+#################### KERNEL transparent hugepage CONTROL ######################
+
+# Usually the kernel Transparent Huge Pages control is set to "madvise" or
+# or "never" by default (/sys/kernel/mm/transparent_hugepage/enabled), in which
+# case this config has no effect. On systems in which it is set to "always",
+# redis will attempt to disable it specifically for the redis process in order
+# to avoid latency problems specifically with fork(2) and CoW.
+# If for some reason you prefer to keep it enabled, you can set this config to
+# "no" and the kernel global to "always".
+
+disable-thp yes
+
############################## APPEND ONLY MODE ###############################
# By default Redis asynchronously dumps the dataset on disk. This mode is
@@ -1089,14 +1374,43 @@ oom-score-adj-values 0 200 800
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
-# Please check http://redis.io/topics/persistence for more information.
+# Please check https://redis.io/topics/persistence for more information.
appendonly no
-# The name of the append only file (default: "appendonly.aof")
+# The base name of the append only file.
+#
+# Redis 7 and newer use a set of append-only files to persist the dataset
+# and changes applied to it. There are two basic types of files in use:
+#
+# - Base files, which are a snapshot representing the complete state of the
+# dataset at the time the file was created. Base files can be either in
+# the form of RDB (binary serialized) or AOF (textual commands).
+# - Incremental files, which contain additional commands that were applied
+# to the dataset following the previous file.
+#
+# In addition, manifest files are used to track the files and the order in
+# which they were created and should be applied.
+#
+# Append-only file names are created by Redis following a specific pattern.
+# The file name's prefix is based on the 'appendfilename' configuration
+# parameter, followed by additional information about the sequence and type.
+#
+# For example, if appendfilename is set to appendonly.aof, the following file
+# names could be derived:
+#
+# - appendonly.aof.1.base.rdb as a base file.
+# - appendonly.aof.1.incr.aof, appendonly.aof.2.incr.aof as incremental files.
+# - appendonly.aof.manifest as a manifest file.
appendfilename "appendonly.aof"
+# For convenience, Redis stores all persistent append-only files in a dedicated
+# directory. The name of the directory is determined by the appenddirname
+# configuration parameter.
+
+appenddirname "appendonlydir"
+
# The fsync() call tells the Operating System to actually write data on disk
# instead of waiting for more data in the output buffer. Some OS will really flush
# data on disk, some other OS will just try to do it ASAP.
@@ -1136,7 +1450,7 @@ appendfsync everysec
# BGSAVE or BGREWRITEAOF is in progress.
#
# This means that while another child is saving, the durability of Redis is
-# the same as "appendfsync none". In practical terms, this means that it is
+# the same as "appendfsync no". In practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default Linux settings).
#
@@ -1189,34 +1503,69 @@ auto-aof-rewrite-min-size 64mb
# will be found.
aof-load-truncated yes
-# When rewriting the AOF file, Redis is able to use an RDB preamble in the
-# AOF file for faster rewrites and recoveries. When this option is turned
-# on the rewritten AOF file is composed of two different stanzas:
+# Redis can create append-only base files in either RDB or AOF formats. Using
+# the RDB format is always faster and more efficient, and disabling it is only
+# supported for backward compatibility purposes.
+aof-use-rdb-preamble yes
+
+# Redis supports recording timestamp annotations in the AOF to support restoring
+# the data from a specific point-in-time. However, using this capability changes
+# the AOF format in a way that may not be compatible with existing AOF parsers.
+aof-timestamp-enabled no
+
+################################ SHUTDOWN #####################################
+
+# Maximum time to wait for replicas when shutting down, in seconds.
#
-# [RDB file][AOF tail]
+# During shut down, a grace period allows any lagging replicas to catch up with
+# the latest replication offset before the master exists. This period can
+# prevent data loss, especially for deployments without configured disk backups.
#
-# When loading, Redis recognizes that the AOF file starts with the "REDIS"
-# string and loads the prefixed RDB file, then continues loading the AOF
-# tail.
-aof-use-rdb-preamble yes
+# The 'shutdown-timeout' value is the grace period's duration in seconds. It is
+# only applicable when the instance has replicas. To disable the feature, set
+# the value to 0.
+#
+# shutdown-timeout 10
+
+# When Redis receives a SIGINT or SIGTERM, shutdown is initiated and by default
+# an RDB snapshot is written to disk in a blocking operation if save points are configured.
+# The options used on signaled shutdown can include the following values:
+# default: Saves RDB snapshot only if save points are configured.
+# Waits for lagging replicas to catch up.
+# save: Forces a DB saving operation even if no save points are configured.
+# nosave: Prevents DB saving operation even if one or more save points are configured.
+# now: Skips waiting for lagging replicas.
+# force: Ignores any errors that would normally prevent the server from exiting.
+#
+# Any combination of values is allowed as long as "save" and "nosave" are not set simultaneously.
+# Example: "nosave force now"
+#
+# shutdown-on-sigint default
+# shutdown-on-sigterm default
-################################ LUA SCRIPTING ###############################
+################ NON-DETERMINISTIC LONG BLOCKING COMMANDS #####################
-# Max execution time of a Lua script in milliseconds.
+# Maximum time in milliseconds for EVAL scripts, functions and in some cases
+# modules' commands before Redis can start processing or rejecting other clients.
#
-# If the maximum execution time is reached Redis will log that a script is
-# still in execution after the maximum allowed time and will start to
-# reply to queries with an error.
+# If the maximum execution time is reached Redis will start to reply to most
+# commands with a BUSY error.
#
-# When a long running script exceeds the maximum execution time only the
-# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
-# used to stop a script that did not yet call any write commands. The second
-# is the only way to shut down the server in the case a write command was
-# already issued by the script but the user doesn't want to wait for the natural
-# termination of the script.
+# In this state Redis will only allow a handful of commands to be executed.
+# For instance, SCRIPT KILL, FUNCTION KILL, SHUTDOWN NOSAVE and possibly some
+# module specific 'allow-busy' commands.
#
-# Set it to 0 or a negative value for unlimited execution without warnings.
-lua-time-limit 5000
+# SCRIPT KILL and FUNCTION KILL will only be able to stop a script that did not
+# yet call any write commands, so SHUTDOWN NOSAVE may be the only way to stop
+# the server in the case a write command was already issued by the script when
+# the user doesn't want to wait for the natural termination of the script.
+#
+# The default is 5 seconds. It is possible to set it to 0 or a negative value
+# to disable this mechanism (uninterrupted execution). Note that in the past
+# this config had a different name, which is now an alias, so both of these do
+# the same:
+# lua-time-limit 5000
+# busy-reply-threshold 5000
################################ REDIS CLUSTER ###############################
@@ -1240,6 +1589,11 @@ lua-time-limit 5000
#
# cluster-node-timeout 15000
+# The cluster port is the port that the cluster bus will listen for inbound connections on. When set
+# to the default value, 0, it will be bound to the command port + 10000. Setting this value requires
+# you to specify the cluster bus port when executing cluster meet.
+# cluster-port 0
+
# A replica of a failing master will avoid to start a failover if its data
# looks too old.
#
@@ -1298,12 +1652,21 @@ lua-time-limit 5000
# master in your cluster.
#
# Default is 1 (replicas migrate only if their masters remain with at least
-# one replica). To disable migration just set it to a very large value.
+# one replica). To disable migration just set it to a very large value or
+# set cluster-allow-replica-migration to 'no'.
# A value of 0 can be set but is useful only for debugging and dangerous
# in production.
#
# cluster-migration-barrier 1
+# Turning off this option allows to use less automatic cluster configuration.
+# It both disables migration to orphaned masters and migration from masters
+# that became empty.
+#
+# Default is 'yes' (allow automatic migrations).
+#
+# cluster-allow-replica-migration yes
+
# By default Redis Cluster nodes stop accepting queries if they detect there
# is at least a hash slot uncovered (no available node is serving it).
# This way if the cluster is partially down (for example a range of hash slots
@@ -1318,7 +1681,7 @@ lua-time-limit 5000
# cluster-require-full-coverage yes
# This option, when set to yes, prevents replicas from trying to failover its
-# master during master failures. However the master can still perform a
+# master during master failures. However the replica can still perform a
# manual failover, if forced to do so.
#
# This is useful in different scenarios, especially in the case of multiple
@@ -1328,7 +1691,7 @@ lua-time-limit 5000
# cluster-replica-no-failover no
# This option, when set to yes, allows nodes to serve read traffic while the
-# the cluster is in a down state, as long as it believes it owns the slots.
+# cluster is in a down state, as long as it believes it owns the slots.
#
# This is useful for two cases. The first case is for when an application
# doesn't require consistency of data during node failures or network partitions.
@@ -1343,8 +1706,54 @@ lua-time-limit 5000
#
# cluster-allow-reads-when-down no
+# This option, when set to yes, allows nodes to serve pubsub shard traffic while
+# the cluster is in a down state, as long as it believes it owns the slots.
+#
+# This is useful if the application would like to use the pubsub feature even when
+# the cluster global stable state is not OK. If the application wants to make sure only
+# one shard is serving a given channel, this feature should be kept as yes.
+#
+# cluster-allow-pubsubshard-when-down yes
+
+# Cluster link send buffer limit is the limit on the memory usage of an individual
+# cluster bus link's send buffer in bytes. Cluster links would be freed if they exceed
+# this limit. This is to primarily prevent send buffers from growing unbounded on links
+# toward slow peers (E.g. PubSub messages being piled up).
+# This limit is disabled by default. Enable this limit when 'mem_cluster_links' INFO field
+# and/or 'send-buffer-allocated' entries in the 'CLUSTER LINKS` command output continuously increase.
+# Minimum limit of 1gb is recommended so that cluster link buffer can fit in at least a single
+# PubSub message by default. (client-query-buffer-limit default value is 1gb)
+#
+# cluster-link-sendbuf-limit 0
+
+# Clusters can configure their announced hostname using this config. This is a common use case for
+# applications that need to use TLS Server Name Indication (SNI) or dealing with DNS based
+# routing. By default this value is only shown as additional metadata in the CLUSTER SLOTS
+# command, but can be changed using 'cluster-preferred-endpoint-type' config. This value is
+# communicated along the clusterbus to all nodes, setting it to an empty string will remove
+# the hostname and also propagate the removal.
+#
+# cluster-announce-hostname ""
+
+# Clusters can advertise how clients should connect to them using either their IP address,
+# a user defined hostname, or by declaring they have no endpoint. Which endpoint is
+# shown as the preferred endpoint is set by using the cluster-preferred-endpoint-type
+# config with values 'ip', 'hostname', or 'unknown-endpoint'. This value controls how
+# the endpoint returned for MOVED/ASKING requests as well as the first field of CLUSTER SLOTS.
+# If the preferred endpoint type is set to hostname, but no announced hostname is set, a '?'
+# will be returned instead.
+#
+# When a cluster advertises itself as having an unknown endpoint, it's indicating that
+# the server doesn't know how clients can reach the cluster. This can happen in certain
+# networking situations where there are multiple possible routes to the node, and the
+# server doesn't know which one the client took. In this case, the server is expecting
+# the client to reach out on the same endpoint it used for making the last request, but use
+# the port provided in the response.
+#
+# cluster-preferred-endpoint-type ip
+
# In order to setup your cluster make sure to read the documentation
-# available at http://redis.io web site.
+# available at https://redis.io web site.
########################## CLUSTER DOCKER/NAT support ########################
@@ -1354,16 +1763,21 @@ lua-time-limit 5000
#
# In order to make Redis Cluster working in such environments, a static
# configuration where each node knows its public address is needed. The
-# following two options are used for this scope, and are:
+# following four options are used for this scope, and are:
#
# * cluster-announce-ip
# * cluster-announce-port
+# * cluster-announce-tls-port
# * cluster-announce-bus-port
#
-# Each instructs the node about its address, client port, and cluster message
-# bus port. The information is then published in the header of the bus packets
-# so that other nodes will be able to correctly map the address of the node
-# publishing the information.
+# Each instructs the node about its address, client ports (for connections
+# without and with TLS) and cluster message bus port. The information is then
+# published in the header of the bus packets so that other nodes will be able to
+# correctly map the address of the node publishing the information.
+#
+# If cluster-tls is set to yes and cluster-announce-tls-port is omitted or set
+# to zero, then cluster-announce-port refers to the TLS port. Note also that
+# cluster-announce-tls-port has no effect if cluster-tls is set to no.
#
# If the above options are not used, the normal Redis Cluster auto-detection
# will be used instead.
@@ -1376,7 +1790,8 @@ lua-time-limit 5000
# Example:
#
# cluster-announce-ip 10.1.1.5
-# cluster-announce-port 6379
+# cluster-announce-tls-port 6379
+# cluster-announce-port 0
# cluster-announce-bus-port 6380
################################## SLOW LOG ###################################
@@ -1424,10 +1839,24 @@ slowlog-max-len 128
# "CONFIG SET latency-monitor-threshold " if needed.
latency-monitor-threshold 0
+################################ LATENCY TRACKING ##############################
+
+# The Redis extended latency monitoring tracks the per command latencies and enables
+# exporting the percentile distribution via the INFO latencystats command,
+# and cumulative latency distributions (histograms) via the LATENCY command.
+#
+# By default, the extended latency monitoring is enabled since the overhead
+# of keeping track of the command latency is very small.
+# latency-tracking yes
+
+# By default the exported latency percentiles via the INFO latencystats command
+# are the p50, p99, and p999.
+# latency-tracking-info-percentiles 50 99 99.9
+
############################# EVENT NOTIFICATION ##############################
# Redis can notify Pub/Sub clients about events happening in the key space.
-# This feature is documented at http://redis.io/topics/notifications
+# This feature is documented at https://redis.io/topics/notifications
#
# For instance if keyspace events notification is enabled, and a client
# performs a DEL operation on key "foo" stored in the Database 0, two
@@ -1449,9 +1878,11 @@ latency-monitor-threshold 0
# z Sorted set commands
# x Expired events (events generated every time a key expires)
# e Evicted events (events generated when a key is evicted for maxmemory)
+# n New key events (Note: not included in the 'A' class)
# t Stream commands
+# d Module key type events
# m Key-miss events (Note: It is not included in the 'A' class)
-# A Alias for g$lshzxet, so that the "AKE" string means all the events
+# A Alias for g$lshzxetd, so that the "AKE" string means all the events
# (Except key-miss events which are excluded from 'A' due to their
# unique nature).
#
@@ -1474,71 +1905,13 @@ latency-monitor-threshold 0
# specify at least one of K or E, no events will be delivered.
notify-keyspace-events ""
-############################### GOPHER SERVER #################################
-
-# Redis contains an implementation of the Gopher protocol, as specified in
-# the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt).
-#
-# The Gopher protocol was very popular in the late '90s. It is an alternative
-# to the web, and the implementation both server and client side is so simple
-# that the Redis server has just 100 lines of code in order to implement this
-# support.
-#
-# What do you do with Gopher nowadays? Well Gopher never *really* died, and
-# lately there is a movement in order for the Gopher more hierarchical content
-# composed of just plain text documents to be resurrected. Some want a simpler
-# internet, others believe that the mainstream internet became too much
-# controlled, and it's cool to create an alternative space for people that
-# want a bit of fresh air.
-#
-# Anyway for the 10nth birthday of the Redis, we gave it the Gopher protocol
-# as a gift.
-#
-# --- HOW IT WORKS? ---
-#
-# The Redis Gopher support uses the inline protocol of Redis, and specifically
-# two kind of inline requests that were anyway illegal: an empty request
-# or any request that starts with "/" (there are no Redis commands starting
-# with such a slash). Normal RESP2/RESP3 requests are completely out of the
-# path of the Gopher protocol implementation and are served as usual as well.
-#
-# If you open a connection to Redis when Gopher is enabled and send it
-# a string like "/foo", if there is a key named "/foo" it is served via the
-# Gopher protocol.
-#
-# In order to create a real Gopher "hole" (the name of a Gopher site in Gopher
-# talking), you likely need a script like the following:
-#
-# https://github.com/antirez/gopher2redis
-#
-# --- SECURITY WARNING ---
-#
-# If you plan to put Redis on the internet in a publicly accessible address
-# to server Gopher pages MAKE SURE TO SET A PASSWORD to the instance.
-# Once a password is set:
-#
-# 1. The Gopher server (when enabled, not by default) will still serve
-# content via Gopher.
-# 2. However other commands cannot be called before the client will
-# authenticate.
-#
-# So use the 'requirepass' option to protect your instance.
-#
-# Note that Gopher is not currently supported when 'io-threads-do-reads'
-# is enabled.
-#
-# To enable Gopher support, uncomment the following line and set the option
-# from no (the default) to yes.
-#
-# gopher-enabled no
-
############################### ADVANCED CONFIG ###############################
# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
-hash-max-ziplist-entries 512
-hash-max-ziplist-value 64
+hash-max-listpack-entries 512
+hash-max-listpack-value 64
# Lists are also encoded in a special way to save a lot of space.
# The number of entries allowed per internal list node can be specified
@@ -1553,7 +1926,7 @@ hash-max-ziplist-value 64
# per list node.
# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
# but if your use case is unique, adjust the settings as necessary.
-list-max-ziplist-size -2
+list-max-listpack-size -2
# Lists may also be compressed.
# Compress depth is the number of quicklist ziplist nodes from *each* side of
@@ -1581,8 +1954,8 @@ set-max-intset-entries 512
# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
-zset-max-ziplist-entries 128
-zset-max-ziplist-value 64
+zset-max-listpack-entries 128
+zset-max-listpack-value 64
# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLog using the sparse representation crosses
@@ -1604,7 +1977,7 @@ hll-sparse-max-bytes 3000
# maximum number of items it may contain before switching to a new node when
# appending new stream entries. If any of the following settings are set to
# zero, the limit is ignored, so for instance it is possible to set just a
-# max entires limit by setting max-bytes to 0 and max-entries to the desired
+# max entries limit by setting max-bytes to 0 and max-entries to the desired
# value.
stream-node-max-bytes 4096
stream-node-max-entries 100
@@ -1637,7 +2010,7 @@ activerehashing yes
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including MONITOR clients
-# replica -> replica clients
+# replica -> replica clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
@@ -1661,6 +2034,13 @@ activerehashing yes
# Instead there is a default limit for pubsub and replica clients, since
# subscribers and replicas receive data in a push fashion.
#
+# Note that it doesn't make sense to set the replica clients output buffer
+# limit lower than the repl-backlog-size config (partial sync will succeed
+# and then replica will get disconnected).
+# Such a configuration is ignored (the size of repl-backlog-size will be used).
+# This doesn't have memory consumption implications since the replica client
+# will share the backlog buffers memory.
+#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
@@ -1674,6 +2054,25 @@ client-output-buffer-limit pubsub 32mb 8mb 60
#
# client-query-buffer-limit 1gb
+# In some scenarios client connections can hog up memory leading to OOM
+# errors or data eviction. To avoid this we can cap the accumulated memory
+# used by all client connections (all pubsub and normal clients). Once we
+# reach that limit connections will be dropped by the server freeing up
+# memory. The server will attempt to drop the connections using the most
+# memory first. We call this mechanism "client eviction".
+#
+# Client eviction is configured using the maxmemory-clients setting as follows:
+# 0 - client eviction is disabled (default)
+#
+# A memory value can be used for the client eviction threshold,
+# for example:
+# maxmemory-clients 1g
+#
+# A percentage value (between 1% and 100%) means the client eviction threshold
+# is based on a percentage of the maxmemory setting. For example to set client
+# eviction at 5% of maxmemory:
+# maxmemory-clients 5%
+
# In the Redis protocol, bulk requests, that are, elements representing single
# strings, are normally limited to 512 mb. However you can change this limit
# here, but must be 1mb or greater
@@ -1714,13 +2113,13 @@ hz 10
dynamic-hz yes
# When a child rewrites the AOF file, if the following option is enabled
-# the file will be fsync-ed every 32 MB of data generated. This is useful
+# the file will be fsync-ed every 4 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
# When redis saves RDB file, if the following option is enabled
-# the file will be fsync-ed every 32 MB of data generated. This is useful
+# the file will be fsync-ed every 4 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
rdb-save-incremental-fsync yes
@@ -1817,10 +2216,7 @@ rdb-save-incremental-fsync yes
# defragmentation process. If you are not sure about what they mean it is
# a good idea to leave the defaults untouched.
-# Enabled active defragmentation
-# NOTE: This feature is not available in the stock Debian packages as they use
-# the distribution-wide jemalloc allocator that does not have support for active
-# defragmentation. See #967970 for more information.
+# Active defragmentation is disabled by default
# activedefrag no
# Minimum amount of fragmentation waste to start active defrag
diff --git a/image/nginx-passenger.sh b/image/nginx-passenger.sh
index 48dda223..a0953b93 100755
--- a/image/nginx-passenger.sh
+++ b/image/nginx-passenger.sh
@@ -52,7 +52,7 @@ run cp /pd_build/runit/nginx-log-forwarder /etc/service/nginx-log-forwarder/run
run mkdir -p /etc/service/nginx/control/
run cp /pd_build/runit/nginx-term /etc/service/nginx/control/t
-run mkdir /var/run/passenger-instreg
+run mkdir -p /var/run/passenger-instreg
run sed -i 's|invoke-rc.d nginx rotate|sv 1 nginx|' /etc/logrotate.d/nginx
run sed -i -e '/sv 1 nginx.*/a\' -e ' passenger-config reopen-logs >/dev/null 2>&1' /etc/logrotate.d/nginx
diff --git a/image/prepare.sh b/image/prepare.sh
index 74275de8..79f3fca7 100755
--- a/image/prepare.sh
+++ b/image/prepare.sh
@@ -20,4 +20,4 @@ run chown app:app /home/app/.ssh
run chmod 755 /home/app
## Create a /usr/bin/python for safety
-ln -s /usr/bin/python3.10 /usr/bin/python
+ln -s /usr/bin/python3.12 /usr/bin/python
diff --git a/image/python.sh b/image/python.sh
index d845f27a..c66ac59a 100755
--- a/image/python.sh
+++ b/image/python.sh
@@ -2,17 +2,14 @@
set -e
source /pd_build/buildconfig
-VERSION=${1:-3.10}
+VERSION=${1:-3.12}
header "Installing Python ${VERSION}...."
## Install Python.
rm -f /usr/bin/python
-if [[ ${VERSION} == "2.7" ]]; then
- # Jammy still builds 2.7, so install from normal repo
- minimal_apt_get_install python2.7 python2.7-dev
-elif [[ ${VERSION} == "3.10" ]]; then
- # baseimage already has 3.10, so just install dev support
+if [[ ${VERSION} == "3.12" ]]; then
+ # baseimage already has 3.12, so just install dev support
minimal_apt_get_install python3-venv python3-dev
else
# otherwise install the deadsnakes PPA and install from there
diff --git a/image/ruby-3.1.6.sh b/image/ruby-3.1.6.sh
index bf06244e..9ee186b6 100755
--- a/image/ruby-3.1.6.sh
+++ b/image/ruby-3.1.6.sh
@@ -4,6 +4,9 @@ source /pd_build/buildconfig
RVM_ID=$(basename "$0" | sed 's/.sh$//')
+## For readline (rvm doesn't always get current package names)
+run minimal_apt_get_install libncurses6 libncursesw6 ncurses-base libncurses-dev
+
header "Installing $RVM_ID"
run mkdir -p "/build_cache/${ARCH}"
@@ -20,6 +23,7 @@ else
fi
run /usr/local/rvm/bin/rvm-exec $RVM_ID@global gem install $DEFAULT_RUBY_GEMS --no-document
+
# Make passenger_system_ruby work.
run create_rvm_wrapper_script ruby3.1 $RVM_ID ruby
run /pd_build/ruby_support/install_ruby_utils.sh
diff --git a/image/ruby-3.2.5.sh b/image/ruby-3.2.5.sh
index 9d7eb611..8ea25a89 100755
--- a/image/ruby-3.2.5.sh
+++ b/image/ruby-3.2.5.sh
@@ -4,6 +4,9 @@ source /pd_build/buildconfig
RVM_ID=$(basename "$0" | sed 's/.sh$//')
+## For readline (rvm doesn't always get current package names)
+run minimal_apt_get_install libncurses6 libncursesw6 ncurses-base libncurses-dev
+
header "Installing $RVM_ID"
run mkdir -p "/build_cache/${ARCH}"