1. Caddy version (caddy version
):
v2.4.6
2. How I run Caddy:
a. System environment:
Kubernetes, with image caddy:2.4.6-alpine
b. Service/unit/compose file:
FROM caddy:2.4.6-builder AS builder
RUN xcaddy build \
--with github.com/silinternational/certmagic-storage-dynamodb
FROM caddy:2.4.6-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
c. My complete Caddyfile or JSON config:
{
on_demand_tls {
ask https://check-domain.internal.endpoint/cname
interval 1m
burst 200
}
storage_clean_interval 90d
storage dynamodb caddy-certificates {
aws_region us-east-1
}
}
https://
tls {
on_demand
issuer zerossl <key> {
email <email>
timeout 3m
}
issuer acme {
email <email>
timeout 3m
}
}
reverse_proxy hostingapp
3. The problem I’m having:
Caddy is working great so far, it’s serving 25k+ certificates without issues and using low resources.
The problem happens when the background certificate maintenance
task is initiated. It’s running for 9h now (since the last server start).
When it’s not running the normal value for reads on DynamoDB are around 700 per minute, but once the background maintenance task starts it goes up to 40k.
I know the problem most certainly is not in Caddy but in the plugin I’m using, but maybe there’s a workaround for this issue?
I was looking for a way to disable the background certificate maintenance task and handle it outside Caddy, with a script running on a Lambda for example.
I’m thinking about disabling the background maintenance task, because reading the logs, it looks like the task is initiated on each server, which could increase the reads I’m seeing. But still, I’m not sure about that.
4. Error messages and/or full log output:
{"level":"info","ts":1636457588.0270805,"logger":"tls.cache.maintenance","msg":"started backgroun certificate maintenance","cache":"0xc000830fc0"}
{"level":"info","ts":1636457595.3115501,"logger":"tls.cache.maintenance","msg":"started backgroun certificate maintenance","cache":"0xc000426310"}
{"level":"info","ts":1636457579.519036,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000b14620"}
5. What I already tried:
- I’ve read the docs and increased the value of
storage_clean_interval
- I’ve read Cost of this module · Issue #18 · silinternational/certmagic-storage-dynamodb · GitHub
- Searched for similar issues on both: GitHub and here on the Forum