Main changes in this file:

* valkey socket and pid files were moved to /var/run/valkey
* Suggest using the system-wide root certificates /etc/ssl/certs.pem
* valkey will daemonize and use syslog

Index: valkey.conf
--- valkey.conf.orig
+++ valkey.conf
@@ -163,9 +163,9 @@ tcp-backlog 511
 # incoming connections. There is no default, so the server will not listen
 # on a unix socket when not specified.
 #
-# unixsocket /run/valkey.sock
+# unixsocket /var/run/valkey/valkey.sock
 # unixsocketgroup wheel
-# unixsocketperm 700
+# unixsocketperm 770
 
 # Close the connection after a client is idle for N seconds (0 to disable)
 timeout 0
@@ -243,6 +243,7 @@ tcp-keepalive 300
 # of these, and will not implicitly use the system wide configuration.
 #
 # tls-ca-cert-file ca.crt
+# tls-ca-cert-file /etc/ssl/cert.pem
 # tls-ca-cert-dir /etc/ssl/certs
 
 # By default, clients (including replica servers) on a TLS port are required
@@ -290,14 +291,14 @@ tcp-keepalive 300
 #
 # tls-protocols "TLSv1.2 TLSv1.3"
 
-# Configure allowed ciphers.  See the ciphers(1ssl) manpage for more information
+# Configure allowed ciphers.  See SSL_set_cipher_list(3) for more information
 # about the syntax of this string.
 #
 # Note: this configuration applies only to <= TLSv1.2.
 #
 # tls-ciphers DEFAULT:!MEDIUM
 
-# Configure allowed TLSv1.3 ciphersuites.  See the ciphers(1ssl) manpage for more
+# Configure allowed TLSv1.3 ciphersuites.  See SSL_set_cipher_list(3) for more
 # information about the syntax of this string, and specifically for TLSv1.3
 # ciphersuites.
 #
@@ -375,9 +376,9 @@ tcp-keepalive 300
 ################################# GENERAL #####################################
 
 # By default the server does not run as a daemon. Use 'yes' if you need it.
-# Note that the server will write a pid file in /var/run/valkey.pid when daemonized.
+# Note that the server will write a pid file in /var/run/valkey/valkey.pid when daemonized.
 # When the server is supervised by upstart or systemd, this parameter has no impact.
-daemonize no
+daemonize yes
 
 # If you run the server from upstart or systemd, the server can interact with your
 # supervision tree. Options:
@@ -402,14 +403,14 @@ daemonize no
 #
 # When the server runs non daemonized, no pid file is created if none is
 # specified in the configuration. When the server is daemonized, the pid file
-# is used even if not specified, defaulting to "/var/run/valkey.pid".
+# is used even if not specified, defaulting to "/var/run/valkey/valkey.pid".
 #
 # Creating a pid file is best effort: if the server is not able to create it
 # nothing bad happens, the server will start and run normally.
 #
 # Note that on modern Linux systems "/run/valkey.pid" is more conforming
 # and should be used instead.
-pidfile /var/run/valkey_6379.pid
+pidfile /var/run/valkey/valkey_6379.pid
 
 # Specify the server verbosity level.
 # This can be one of:
@@ -440,17 +441,17 @@ loglevel notice
 # Specify the log file name. Also the empty string can be used to force
 # the server to log on the standard output. Note that if you use standard
 # output for logging but daemonize, logs will be sent to /dev/null
-logfile ""
+# logfile ""
 
 # To enable logging to the system logger, just set 'syslog-enabled' to yes,
 # and optionally update the other syslog parameters to suit your needs.
-# syslog-enabled no
+syslog-enabled yes
 
 # Specify the syslog identity.
-# syslog-ident valkey
+syslog-ident valkey
 
 # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
-# syslog-facility local0
+syslog-facility daemon
 
 # To disable the built in crash log, which will possibly produce cleaner core
 # dumps when they are needed, uncomment the following:
@@ -631,7 +632,7 @@ rdb-del-sync-files no
 # Note that modifying 'dir' during runtime may have unexpected behavior,
 # for example when a child process is running, related file operations may
 # have unexpected effects.
-dir ./
+dir ${DBDIR}
 
 ################################# REPLICATION #################################
 
@@ -1255,7 +1256,7 @@ acllog-max-len 128
 # connections, one incoming and another outgoing. It is important to size the
 # limit accordingly in case of very large clusters.
 #
-# maxclients 10000
+maxclients 96
 
 ############################## MEMORY MANAGEMENT ################################
 
