# Secure Redis Configuration
# This configuration hardens Redis for production use

# Network Security
bind 127.0.0.1
protected-mode yes
port 6379

# Authentication - Password will be loaded from Docker secret
# requirepass will be set dynamically via init script

# Data Persistence
dir /data
save 900 1
save 300 10  
save 60 10000
appendonly yes
appendfilename "appendonly.aof"
appendfsync everysec

# Security Settings
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command EVAL ""
rename-command DEBUG ""
rename-command CONFIG "CONFIG_b835fb49a134d7c5"
rename-command SHUTDOWN "SHUTDOWN_91084e14c1c7f98a"

# Resource Limits
maxmemory 200mb
maxmemory-policy allkeys-lru
timeout 300
tcp-keepalive 300

# Logging
loglevel notice
logfile ""
syslog-enabled yes
syslog-ident redis

# Disable dangerous commands
disable-thp yes

# Client Connection Limits
maxclients 100

# Performance Settings  
tcp-backlog 128
databases 1

# Lua Scripting Security
lua-time-limit 5000

# Slow Log
slowlog-log-slower-than 10000
slowlog-max-len 128