-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.example
More file actions
225 lines (181 loc) · 7.67 KB
/
env.example
File metadata and controls
225 lines (181 loc) · 7.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
# ================================================================================
# RedisForge - Environment Configuration
# Production-ready configuration for Redis 8.4 OSS cluster with Envoy proxy
# ================================================================================
#
# COMPATIBILITY:
# - Amazon Linux 2023
# - Ubuntu 24.04 LTS (Noble Numbat)
# - Docker Engine 20.10+ or Docker CE 24.0+
#
# ================================================================================
# ------------------------------------------------------------------------------
# GENERAL CONFIGURATION
# ------------------------------------------------------------------------------
ENVIRONMENT=production
PROJECT_NAME=redisforge
# ------------------------------------------------------------------------------
# REDIS CONFIGURATION
# ------------------------------------------------------------------------------
REDIS_VERSION=8.4
REDIS_PORT=6379
REDIS_CLUSTER_BUS_PORT=16379
# Cluster announcement (set to the private IP of each EC2 instance or container hostname)
REDIS_CLUSTER_ANNOUNCE_IP=redis-master-1
REDIS_CLUSTER_ANNOUNCE_PORT=6379
REDIS_CLUSTER_ANNOUNCE_BUS_PORT=16379
# Redis master node addresses (for Envoy configuration)
REDIS_MASTER_1_HOST=redis-master-1
REDIS_MASTER_2_HOST=redis-master-2
REDIS_MASTER_3_HOST=redis-master-3
# Persistence settings
REDIS_AOF_ENABLED=yes
REDIS_APPEND_FSYNC=everysec
# Memory settings (adjust based on EC2 instance RAM)
# Recommended: 75% of available RAM for Redis workload
REDIS_MAXMEMORY=8gb
REDIS_MAXMEMORY_POLICY=allkeys-lru
# Logging
REDIS_LOGLEVEL=notice
# Replication
REPLICAS_PER_MASTER=1
# ------------------------------------------------------------------------------
# REDIS AUTHENTICATION & SECURITY
# ------------------------------------------------------------------------------
# CRITICAL: Change these passwords immediately!
# Generate strong passwords: openssl rand -base64 32
# Master password (required for all operations)
REDIS_REQUIREPASS=CHANGE_ME_STRONG_PASSWORD_HERE
# Application user (read/write access)
REDIS_ACL_USER=app_user
REDIS_ACL_PASS=CHANGE_ME_APP_PASSWORD_HERE
# Read-only user (for analytics/reporting)
REDIS_READONLY_USER=readonly_user
REDIS_READONLY_PASS=CHANGE_ME_READONLY_PASSWORD_HERE
# Monitoring user (for Prometheus exporters)
REDIS_MONITOR_USER=monitor_user
REDIS_MONITOR_PASS=CHANGE_ME_MONITOR_PASSWORD_HERE
# Replication user (for replica sync)
REDIS_REPLICATION_USER=replication_user
REDIS_REPLICATION_PASS=CHANGE_ME_REPLICATION_PASSWORD_HERE
# ------------------------------------------------------------------------------
# ENVOY PROXY CONFIGURATION
# ------------------------------------------------------------------------------
ENVOY_VERSION=v1.36.2
# Ports
ENVOY_ADMIN_PORT=9901
ENVOY_LISTENER_PORT=6379
# TLS configuration (Envoy terminates TLS for clients)
ENVOY_TLS_ENABLED=true
ENVOY_TLS_CERT_PATH=/etc/envoy/certs/server.crt
ENVOY_TLS_KEY_PATH=/etc/envoy/certs/server.key
# Cluster topology refresh interval (seconds)
# Lower = faster failover detection, higher = less overhead
ENVOY_CLUSTER_REFRESH_SECONDS=10
# Connection pool settings
# Tune based on expected concurrent connections and workload
ENVOY_MAX_CONNECTIONS=10000
ENVOY_MAX_PENDING_REQUESTS=10000
# Retry configuration
ENVOY_RETRY_ATTEMPTS=3
ENVOY_RETRY_TIMEOUT_MS=200
# ------------------------------------------------------------------------------
# MONITORING CONFIGURATION
# ------------------------------------------------------------------------------
# RedisForge now relies on native Prometheus SCRAPE (pull) monitoring.
# Configure your Prometheus server to scrape the exporters running on each node.
# Redis Exporter
REDIS_EXPORTER_PORT=9121
REDIS_EXPORTER_IMAGE=oliver006/redis_exporter:v1.80.1
# Node Exporter
NODE_EXPORTER_PORT=9100
NODE_EXPORTER_IMAGE=prom/node-exporter:v1.10.2
# Metrics retention on exporters
# Exporters expose the current state only. Prometheus retains history once scraped.
# Grafana Dashboard (import manually into your Grafana)
# Dashboard JSON: monitoring/grafana/dashboards/redisforge-dashboard.json
# ------------------------------------------------------------------------------
# BACKUP CONFIGURATION
# ------------------------------------------------------------------------------
# S3 bucket for AOF backups
# Format: s3://bucket-name/path/to/backups
BACKUP_S3_BUCKET=s3://my-redis-backups/redisforge
# Backup schedule (cron format)
# Default: Every hour at minute 0
BACKUP_INTERVAL_CRON="0 * * * *"
# Backup retention (days)
BACKUP_RETENTION_DAYS=30
# AWS region for S3
AWS_REGION=us-east-1
# ------------------------------------------------------------------------------
# LOGGING CONFIGURATION
# ------------------------------------------------------------------------------
# Log rotation settings
LOG_MAX_SIZE_MB=1024
LOG_MAX_FILES=7
LOG_DIR=/var/log/redis
# ------------------------------------------------------------------------------
# PERFORMANCE TUNING
# ------------------------------------------------------------------------------
# I/O threads for Redis (match CPU cores, typically 4-8)
REDIS_IO_THREADS=4
# TCP backlog (ensure kernel net.core.somaxconn >= this value)
REDIS_TCP_BACKLOG=65535
# Max clients
REDIS_MAX_CLIENTS=100000
# ------------------------------------------------------------------------------
# AWS EC2 CONFIGURATION (for reference)
# ------------------------------------------------------------------------------
# Recommended instance types:
# - Redis masters: r6i.2xlarge (8 vCPU, 64 GB RAM) or larger
# - Envoy proxy: c6i.2xlarge (8 vCPU, 16 GB RAM) or larger
# - Monitoring: t3.large (2 vCPU, 8 GB RAM) or larger
# AWS Availability Zones (for multi-AZ deployment)
AWS_AZ_1=us-east-1a
AWS_AZ_2=us-east-1b
AWS_AZ_3=us-east-1c
# Security Group IDs (replace with actual values)
# REDIS_SG_ID=sg-xxxxxxxxx
# ENVOY_SG_ID=sg-yyyyyyyyy
# MONITORING_SG_ID=sg-zzzzzzzzz
# ------------------------------------------------------------------------------
# DOCKER CONFIGURATION
# ------------------------------------------------------------------------------
DOCKER_NETWORK_SUBNET=172.20.0.0/16
# Resource limits (adjust based on instance size)
REDIS_CPU_LIMIT=4
REDIS_MEMORY_LIMIT=32G
ENVOY_CPU_LIMIT=4
ENVOY_MEMORY_LIMIT=8G
# ------------------------------------------------------------------------------
# FEATURE FLAGS
# ------------------------------------------------------------------------------
DEPLOY_EXPORTERS=true
# ------------------------------------------------------------------------------
# ALERTING CONFIGURATION
# ------------------------------------------------------------------------------
# Slack webhook for alerts (optional)
# SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
# PagerDuty integration key (optional)
# PAGERDUTY_INTEGRATION_KEY=your_pagerduty_key
# Email for critical alerts (optional)
# ALERT_EMAIL=ops@example.com
# ------------------------------------------------------------------------------
# NOTES FOR PRODUCTION DEPLOYMENT
# ------------------------------------------------------------------------------
# 1. NEVER commit this file with real secrets to version control
# 2. Use AWS Secrets Manager or Parameter Store for production secrets
# 3. Change ALL default passwords immediately
# 4. Use strong, randomly generated passwords (min 32 characters)
# 5. Rotate passwords every 90 days
# 6. Enable CloudWatch Logs for centralized logging
# 7. Use AWS KMS for encryption at rest
# 8. Configure VPC endpoints for S3 to avoid internet egress charges
# 9. Enable VPC Flow Logs for network monitoring
# 10. Use IAM roles for EC2 instances instead of access keys
#
# Password generation command:
# openssl rand -base64 32
#
#
# ================================================================================