#!/bin/bash

# Rocky Linux 8 Redis 5.x 基础配置脚本
# 功能：配置Redis允许外部访问，设置密码，基础优化

# 检查是否为root用户
if [ "$(id -u)" -ne 0 ]; then
	    echo "请使用root用户运行此脚本!"
	        exit 1
	fi

	# 定义配置参数
	REDIS_PASSWORD="hsc1825713423"
	REDIS_CONFIG="/etc/redis.conf"
	REDIS_PORT=6379
	REDIS_BIND_IP="0.0.0.0"  # 允许所有IP访问

	# 备份原始配置文件
	echo "备份原始配置文件到 /etc/redis.conf.bak..."
	cp "$REDIS_CONFIG" "${REDIS_CONFIG}.bak"

	# 基础安全配置
	echo "配置Redis基础安全设置..."
	sed -i "s/^# requirepass .*/requirepass $REDIS_PASSWORD/" "$REDIS_CONFIG"
	sed -i "s/^bind 127.0.0.1/bind $REDIS_BIND_IP/" "$REDIS_CONFIG"
	sed -i "s/^protected-mode yes/protected-mode no/" "$REDIS_CONFIG"  # 关闭保护模式以允许远程访问

	# 性能优化配置
	echo "配置性能优化参数..."
	sed -i "s/^# tcp-keepalive 300/tcp-keepalive 60/" "$REDIS_CONFIG"
	sed -i "s/^# maxmemory-policy noeviction/maxmemory-policy allkeys-lru/" "$REDIS_CONFIG"
	sed -i "s/^timeout 0/timeout 30/" "$REDIS_CONFIG"  # 30秒无操作超时

	# 持久化配置
	echo "配置持久化选项..."
	sed -i "s/^save 900 1/# save 900 1/" "$REDIS_CONFIG"
	sed -i "s/^save 300 10/# save 300 10/" "$REDIS_CONFIG"
	sed -i "s/^save 60 10000/# save 60 10000/" "$REDIS_CONFIG"
	echo "appendonly yes" >> "$REDIS_CONFIG"
	echo "appendfsync everysec" >> "$REDIS_CONFIG"

	# 限制配置
	echo "配置连接限制..."
	echo "maxclients 10000" >> "$REDIS_CONFIG"
	echo "tcp-backlog 511" >> "$REDIS_CONFIG"

	# 防火墙配置
	echo "配置防火墙允许Redis端口 $REDIS_PORT..."
	if command -v firewall-cmd &> /dev/null; then
		    firewall-cmd --permanent --add-port=$REDIS_PORT/tcp
		        firewall-cmd --reload
		else
			    echo "未找到firewalld，请确保端口 $REDIS_PORT 已开放"
		    fi

		    # 重启Redis服务
		    echo "重启Redis服务应用配置..."
		    systemctl restart redis

		    # 验证配置
		    echo "验证Redis配置..."
		    echo "当前绑定IP:"
		    grep "^bind" "$REDIS_CONFIG"
		    echo "保护模式状态:"
		    grep "^protected-mode" "$REDIS_CONFIG"
		    echo "密码设置:"
		    grep "^requirepass" "$REDIS_CONFIG"

		    # 测试远程连接
		    echo "测试Redis连接..."
		    echo "本地连接测试:"
		    redis-cli -a "$REDIS_PASSWORD" ping
		    echo "如需远程测试，请在其他服务器执行:"
		    echo "redis-cli -h <你的服务器IP> -p $REDIS_PORT -a $REDIS_PASSWORD ping"

		    # 完成信息
		    echo "Redis基础配置完成!"
		    echo "重要信息:"
		    echo "- Redis密码: $REDIS_PASSWORD"
		    echo "- 监听端口: $REDIS_PORT"
		    echo "- 绑定IP: $REDIS_BIND_IP (允许所有IP访问)"
		    echo "- 配置文件: $REDIS_CONFIG"
		    echo "- 管理命令: systemctl [start|stop|restart|status] redis"
		    echo "注意: 请确保服务器安全组/防火墙已开放 $REDIS_PORT 端口"