Production Deployment Guide

This guide walks through deploying Redistill in production environments, covering configuration, authentication, TLS, Docker/systemd/Kubernetes setups, monitoring, scaling, and maintenance practices.

    On this page

    Pre-deployment checklist

    • Configure an authentication password and, if needed, TLS.
    • Set memory limits and eviction policy.
    • Define connection limits and timeouts.
    • Enable HTTP health checks for load balancers.
    • Run load tests with production-like traffic.
    • Set up monitoring and alerts.
    • Define a rollback and cache-warming strategy.

    Essential configuration

    Authentication

    [security]
password = "your-secure-password"

    Or via environment variable:

    export REDIS_PASSWORD="your-secure-password"
./redistill

    Memory limits

    [memory]
max_memory = 2147483648  # 2GB
eviction_policy = "allkeys-lru"

    Connection management

    [server]
max_connections = 10000
connection_rate_limit = 1000
connection_timeout = 300

    Health checks

    [server]
health_check_port = 8080

    Health endpoint: http://<host>:8080/health

    TLS/SSL

    [security]
tls_enabled = true
tls_cert_path = "/etc/letsencrypt/live/your-domain.com/fullchain.pem"
tls_key_path = "/etc/letsencrypt/live/your-domain.com/privkey.pem"

    Deployment options

    Docker

    docker run -d --name redistill \
  -p 6379:6379 -p 8080:8080 \
  -e REDIS_PASSWORD=$REDIS_PASSWORD \
  -v ./redistill.toml:/etc/redistill/redistill.toml:ro \
  shahidontech/redistill:latest

    systemd

    Example service file:

    [Unit]
Description=Redistill Cache Server
After=network-online.target

[Service]
Type=simple
User=redistill
WorkingDirectory=/opt/redistill
EnvironmentFile=/etc/redistill/environment
ExecStart=/opt/redistill/redistill
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

    Kubernetes

    Run Redistill as a Deployment with a ClusterIP Service and HTTP health probes:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: redistill
spec:
  replicas: 3
  selector:
    matchLabels:
      app: redistill
  template:
    metadata:
      labels:
        app: redistill
    spec:
      containers:
      - name: redistill
        image: your-registry/redistill:latest
        ports:
        - containerPort: 6379
        - containerPort: 8080
        env:
        - name: REDIS_PASSWORD
          valueFrom:
            secretKeyRef:
              name: redistill-secret
              key: password
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
        readinessProbe:
          httpGet:
            path: /health
            port: 8080

    Monitoring & alerting

    Key metrics to track:

    • Memory: used_memory vs max_memory
    • Evictions: evicted_keys rate
    • Connections: active_connections, rejected_connections
    • Throughput: total_commands over time

    All of these are exposed via INFO and the health endpoint.

    Scaling strategies

    Vertical scaling

    • Add more CPU cores and RAM.
    • Increase num_shards to match CPU count.

    Horizontal scaling

    • Client-side sharding with consistent hashing.
    • Proxy-based sharding using Twemproxy, Envoy or HAProxy.
    • DNS round-robin for simple read-heavy workloads.

    Persistence & cache warming

    By default, persistence is disabled for maximum performance and Redistill behaves like a pure cache. When enabling snapshots, be aware that data between snapshots can be lost on crash.

    • Use cache warming to pre-load the most important keys on startup.
    • Ensure your application has a well-defined fallback to the primary data store on cache miss.

    Security hardening

    • Run Redistill under a dedicated system user with restricted filesystem permissions.
    • Bind to private networks and use firewalls/security groups to limit access.
    • Enable TLS for external traffic and rotate credentials regularly.
    • Monitor authentication failures and connection rejections as part of your security posture.