Skip to main content

Keydb.cfg Now

These settings balance memory vs. CPU. Larger values = less memory but slower access. | Directive | Default | Description | |-----------|---------|-------------| | tls-port | 0 | TLS port (enable by setting >0). | | tls-cert-file | (none) | Server certificate. | | tls-key-file | (none) | Private key. | | tls-ca-cert-file | (none) | CA certificate for client auth. | | tls-auth-clients | yes | Require client certificates. | | tls-protocols | "TLSv1.2 TLSv1.3" | Allowed protocols. | | tls-ciphers | (default) | Cipher suite. | 16. Sample Production Configuration # Network bind 10.0.0.10 port 6379 tcp-keepalive 300 timeout 300 Threading (16-core machine) server-threads 8 server-thread-affinity 0-7 io-threads 4 Security requirepass your_strong_password rename-command FLUSHALL "" rename-command FLUSHDB "" Persistence save 900 1 save 300 10 appendonly yes appendfsync everysec auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 128mb Memory maxmemory 8gb maxmemory-policy allkeys-lru maxmemory-samples 10 Replication (replica) replicaof 10.0.0.11 6379 masterauth your_strong_password Misc daemonize yes loglevel notice logfile /var/log/keydb/keydb.log slowlog-log-slower-than 10000 17. Common Misconfigurations & Pitfalls | Issue | Symptom | Fix | |-------|---------|-----| | bind 127.0.0.1 in Docker | Containers can’t connect | Bind to 0.0.0.0 or use --network host . | | protected-mode yes + no password + public IP | Remote connections rejected | Set requirepass or bind to internal IP. | | server-threads > cores | Context switching overhead | Set ≤ physical cores. | | maxmemory not set | OOM killer may kill KeyDB | Always set maxmemory . | | appendfsync always | Poor write performance | Use everysec unless absolutely necessary. | | replicaof with active-replica | Data inconsistency | Understand conflict resolution first. | 18. Monitoring & Validation Commands After configuring keydb.cfg , use:

Do not use rename-command to obfuscate commands — use ACLs. Always set a requirepass in production. 8. Memory Management | Directive | Default | Description | |-----------|---------|-------------| | maxmemory | 0 | Max memory in bytes. 0 = unlimited. | | maxmemory-policy | noeviction | Eviction policy: volatile-lru , allkeys-lru , volatile-random , allkeys-random , volatile-ttl , noeviction . | | maxmemory-samples | 5 | Number of keys to sample for LRU/TTL. | | active-defrag | no | Enable online defragmentation. | | active-defrag-threshold-lower | 10 | Fragmentation % to start. | | active-defrag-threshold-upper | 100 | Fragmentation % to force. | | active-defrag-cycle-min | 5 | Minimum CPU % for defrag. | | active-defrag-cycle-max | 75 | Maximum CPU % for defrag. | keydb.cfg

Increasing server-threads improves throughput on multi-core systems but may increase complexity. Start with cores/2. 5. General Operational Directives | Directive | Default | Description | |-----------|---------|-------------| | daemonize | no | Run as background process. | | pidfile | /var/run/keydb.pid | PID file location. | | loglevel | notice | Levels: debug, verbose, notice, warning. | | logfile | "" | Log file path. Empty = stdout. | | syslog-enabled | no | Log to syslog. | | databases | 16 | Number of logical databases. | | always-show-logo | no | Show KeyDB logo on startup. | | supervised | no | Integration with systemd/upstart. | 6. Persistence Options KeyDB supports both RDB snapshots and AOF (Append-Only File), exactly like Redis. 6.1 RDB (Snapshotting) | Directive | Example | Meaning | |-----------|---------|---------| | save | save 900 1 | Save if ≥1 key changed in 900 sec. | | save | save 300 10 | Save if ≥10 keys changed in 300 sec. | | stop-writes-on-bgsave-error | yes | Stop writes if background save fails. | | rdbcompression | yes | Compress string objects using LZF. | | rdbchecksum | yes | CRC64 checksum at end of RDB. | | dbfilename | dump.rdb | RDB file name. | | dir | ./ | Directory for RDB/AOF files. | 6.2 AOF (Append-Only File) | Directive | Default | Description | |-----------|---------|-------------| | appendonly | no | Enable AOF persistence. | | appendfilename | appendonly.aof | AOF file name. | | appendfsync | everysec | always , everysec , no . | | no-appendfsync-on-rewrite | no | Avoid fsync during rewrite. | | auto-aof-rewrite-percentage | 100 | Trigger rewrite if file grows 100%. | | auto-aof-rewrite-min-size | 64mb | Minimum size for rewrite. | | aof-load-truncated | yes | Load truncated AOF (on crash recovery). | | aof-use-rdb-preamble | yes | Use RDB at start of AOF (hybrid format). | These settings balance memory vs

Without maxmemory , KeyDB will keep growing until system memory is exhausted. 9. Replication | Directive | Default | Description | |-----------|---------|-------------| | replicaof | (none) | replicaof <masterip> <masterport> | | masteruser | (none) | ACL user for replication (KeyDB 6+). | | replica-serve-stale-data | yes | Serve stale data when disconnected from master. | | replica-read-only | yes | Replica accepts only reads. | | repl-diskless-sync | no | Transfer RDB directly to replicas (no disk). | | repl-diskless-sync-delay | 5 | Wait for more replicas before sync. | | repl-backlog-size | 1mb | Backlog for partial resync. | | min-replicas-to-write | 0 | Minimum replicas online to accept writes. | | min-replicas-max-lag | 10 | Max lag (seconds) for above condition. | 10. KeyDB-Specific Replication Enhancements | Directive | Default | Description | |-----------|---------|-------------| | active-replica | no | Allow replica to accept writes (multi-master-like). | | active-replica-lag | 100 | Max acceptable lag for active replica writes. | | | tls-ca-cert-file | (none) | CA certificate

Use both RDB (for backups) and AOF (for durability). Set appendfsync everysec for balance. 7. Security Directives | Directive | Default | Description | |-----------|---------|-------------| | requirepass | (empty) | Password for AUTH command. | | masterauth | (empty) | Password for replica → master auth. | | rename-command | (none) | Disable or rename dangerous commands (e.g., FLUSHALL ). | | aclfile | (none) | External ACL configuration file (KeyDB 6+). |

port 6379 daemonize yes Many settings can be changed at runtime using CONFIG GET and CONFIG SET without restarting KeyDB. 3. Network Configuration | Directive | Default | Description | |-----------|---------|-------------| | bind | 127.0.0.1 | Network interfaces to listen on. Use 0.0.0.0 for all. | | port | 6379 | TCP port. Set to 0 to disable TCP. | | tcp-backlog | 511 | Connection backlog size. | | timeout | 0 | Idle connection timeout (seconds). 0 = never. | | tcp-keepalive | 300 | TCP keepalive interval. | | protected-mode | yes | Blocks external access if no bind/password set. | | unixsocket | (none) | Path for Unix socket. | | unixsocketperm | 700 | Permissions for Unix socket. |

Use active-replica cautiously — it enables optimistic write conflicts. | Directive | Default | Description | |-----------|---------|-------------| | maxclients | 10000 | Max simultaneous client connections. | | client-output-buffer-limit normal | 0 0 0 | Normal clients: hard, soft, seconds. | | client-output-buffer-limit replica | 256mb 64mb 60 | Replica clients. | | client-output-buffer-limit pubsub | 32mb 8mb 60 | Pub/sub clients. | 12. Lazy Freeing (Non-Blocking Deletion) KeyDB supports non-blocking deletes for large keys.