Redis推荐初始化配置

bind 0.0.0.0
protected-mode yes
port 6379
tcp-backlog 511
timeout 300
tcp-keepalive 300
daemonize yes
pidfile /var/run/redis_6379.pid
loglevel notice
logfile "/opt/redis/log/redis.log"
syslog-enabled yes
databases 16
always-show-logo no
set-proc-title yes
proc-title-template "{title} {listen-addr} {server-mode}"
save ""
stop-writes-on-bgsave-error no
rdbcompression no
dbfilename dump.rdb
rdb-del-sync-files no
dir /opt/unicloud/redis/data/
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-diskless-load disabled
repl-disable-tcp-nodelay no
replica-priority 100
acllog-max-len 128
requirepass Unicloud.1
maxclients 10000
maxmemory-policy volatile-ttl
lazyfree-lazy-eviction yes
lazyfree-lazy-expire yes
lazyfree-lazy-server-del yes
replica-lazy-flush yes
lazyfree-lazy-user-del yes
lazyfree-lazy-user-flush yes
oom-score-adj no
oom-score-adj-values 0 200 800
disable-thp yes
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite yes
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
dynamic-hz yes
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
activedefrag yes
active-defrag-ignore-bytes 500mb
active-defrag-threshold-lower 10
active-defrag-threshold-upper 100
active-defrag-cycle-min 1
active-defrag-cycle-max 25
active-defrag-max-scan-fields 1000
jemalloc-bg-thread yes

推荐初始化配置-MYSQL

[client]
port = 3306
socket = /opt/mysql/run/mysql.sock
default-character-set=utf8mb4
 
[mysqld]
# GENERAL #
character-set-server=utf8mb4
server-id=1
port = 3306
user = mysql
socket = /opt/mysql/run/mysql.sock
basedir = /opt/mysql/
open_files_limit = 10240
lower_case_table_names=1
explicit_defaults_for_timestamp
sql_mode = NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
#最大并发线程数，一般设置为cpu核心的2倍，或线程的1倍
innodb_thread_concurrency=32
table_open_cache=2048
default_time_zone = '+8:00'
log_timestamps = system
 
# DATA STORAGE #
datadir = /opt/mysql/data
tmpdir = /tmp
 
#connect
max_connections=4000
max_user_connections=2000
wait_timeout=300
interactive_timeout=300
#瞬时能够接收的连接数，高并发时需要配置最大连接的20%~30%
back_log=1200
 
#Buffer
max_allowed_packet = 128M
max_heap_table_size = 512M
net_buffer_length = 16k
sort_buffer_size = 16M
join_buffer_size = 16M
read_buffer_size = 16M
read_rnd_buffer_size = 16M
#下面的参数如果数据库存在重复提交的行为，则建议开启，默认为0，不开启
query_cache_type=0
#缓存大小
query_cache_size=0 
 
#Log#
#下面参数如果写入非常高，建议为2，视具体系统调整
innodb_flush_log_at_trx_commit=1
sync_binlog=1
log-bin = /opt/mysql/binlog/mysql-bin
expire-logs-days = 14
binlog_cache_size = 64M
max_binlog_cache_size = 6000M
max_binlog_size = 128M
binlog_format = row
log_output = FILE
log-error = /opt/mysql/log/mysql-error.log
slow_query_log = 1
long_query_time = 2
slow_query_log_file = /opt/mysql/log/slow_query.log
#审计日志开启，开启后日志量非常大，需要定期清理备份
general_log = 1
general_log_file = /opt/mysql/log/general_query.log
 
#InnoDB
#innodb_data_file_path = ibdata1:10M:autoextend
innodb_log_file_size = 128M
innodb_log_files_in_group = 3
#配置内存的50%~80%
innodb_buffer_pool_size = 32G
 
#slave 需要配置主从的时候，放开下面参数，并修改server_id与主库不同即可
#relay_log =/opt/unicloud/mysql/relaylog/mysql-relay-bin
log_slave_updates = 1
#read_only=1
 
#password and connect 以下配置需安装完安全插件及密码插件才可以放开
#validate_password_check_user_name=ON
#validate_password_length=8
#validate_password_mixed_case_count=1
#validate_password_number_count=1
#validate_password_policy=MEDIUM
#validate_password_special_char_count=1
#connection_control_failed_connections_threshold=5
#connection_control_min_connection_delay=30000
 
#GTID 默认不开启，需要开启时取消注释，重启服务即可#
#gtid_mode=ON
#enforce_gtid_consistency=ON
 
[mysql]
no-auto-rehash
prompt = (\u@\h)[\d]>\_
default-character-set = utf8mb4

配置说明

添加了gtid的配置，没有开启，只有需要click hous链接时才需要开启

#gtid_mode=ON

#enforce_gtid_consistency=ON

调整了审计日志为默认开启

general_log = 1

添加了时区默认为东八区，日志默认时间为系统时间

default_time_zone = '+8:00'

log_timestamps = system

添加了初始安全参数的配置，需安装安全模块和密码模块

#password and connect 以下配置需安装完安全插件及密码插件才可以放开

#validate_password_check_user_name=ON

#validate_password_length=8

#validate_password_mixed_case_count=1

#validate_password_number_count=1

#validate_password_policy=MEDIUM

#validate_password_special_char_count=1

#connection_control_failed_connections_threshold=30000

安装方法：

install pluginvalidate_password SONAME 'validate_password.so';

install plugin CONNECTION_CONTROL soname 'connection_control.so';

install plugin CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS soname 'connection_control.so';

推荐初始化配置-NGINX

 
user  root;
worker_processes  16;
 
error_log  logs/error.log;
error_log  logs/error.log  notice;
error_log  logs/error.log  info;
 
pid        logs/nginx.pid;
 
 
events {
	use epoll; #支持大量连接和非活动连接
	worker_connections 65535;
	multi_accept on; #nginx在已经得到一个新连接的通知时，接收尽可能多的连接
	accept_mutex on; #防止惊群现象发生，默认为on
}
 
http {
    include       mime.types;
    default_type  application/octet-stream;
 
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
    access_log  logs/access.log  main;
 
    client_max_body_size 20M;                #设置客户端上传最大文件大小，如果继续报错继续加大
    client_body_buffer_size 256K;            #设置缓冲区大小提高nginx效率
    fastcgi_intercept_errors on;             #设置nginx处理错误信息
 
    sendfile        on;
    #tcp_nopush     on;
 
    #keepalive_timeout  0;
    keepalive_timeout  65;
 
    include /etc/nginx/conf.d/*.conf;
    
    gzip_static on;
    gzip on;
    gzip_buffers 32 4K;
    gzip_comp_level 6;
    gzip_min_length 100;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png application/javascript;
    gzip_disable "MSIE [1-6]\."; #配置禁用gzip条件，支持正则。此处表示ie6及以下不启用gzip（因为ie低版本不支持）
    gzip_vary on;
 
    server {
        listen       80;
        server_name  localhost;
 
        access_log  logs/host.access.log  main;
 
#        if ($http_Host !~* ^127.0.0.1$)      #该配置可防止host头攻击漏洞，ip根据实际情况修改
#        {
#            return 403;
#        }
 
        proxy_buffers 16 1024k;
        proxy_buffer_size 1024k;
 
        location / {
            root   html;
            index  index.html index.htm;
        }
 
        #error_page  404              /404.html;
 
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
 
    }
 
 
 
#server {
    #listen 443 ssl;
    #配置HTTPS的默认访问端口为443。
    #如果未在此处配置HTTPS的默认访问端口，可能会造成Nginx无法启动。
    #如果您使用Nginx 1.15.0及以上版本，请使用listen 443 ssl代替listen 443和ssl on。
    #server_name yourdomain.com; #需要将yourdomain.com替换成证书绑定的域名。
    #root html;
    #index index.html index.htm;
    #ssl_certificate cert/cert-file-name.pem;  #需要将cert-file-name.pem替换成已上传的证书文件的名称。
    #ssl_certificate_key cert/cert-file-name.key; #需要将cert-file-name.key替换成已上传的证书密钥文件的名称。
    #ssl_session_timeout 5m;
    #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    #表示使用的加密套件的类型。
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #表示使用的TLS协议的类型。
    #ssl_prefer_server_ciphers on;
    #location / {
    #    root html;  #站点目录。
    #    index index.html index.htm;
    #}
#}
 
}