Hi, I was thinking of using the new cloudflare_kv but before using it (or any remote storage module), I have some questions about how they works :
How cert are loaded in caddy ? Are loaded at startup or are they retrieved at each request ?
If the remote storage go offline, is there some kind of cache or does caddy just crash or stop serving domain with remote storage.
If two caddy instances are connected to the same remote storage and use same certificate, how renew works ? Is there some kind of “fight” or race condition if multiple caddy try to renew the same cert ?
There are my interogation about remote cert storage, I hope I can find answer about these.
They are loaded at config-load-time, unless on-demand TLS is enabled, which loads them at a TLS handshake. However, once loaded, certificates remain in memory cache.
See above; certs remain in memory, so some storage faults are acceptable.
The storage backend must support some sort of atomic operation / synchronization. For example, local file systems support O_EXCL, meaning a file is only created if it does not already exist. Databases have transactions. In these cases, CertMagic can operate in a cluster just fine.
S3, for example, is not a suitable storage backend, because it does not provide proper atomicity.
Thanks for your response, It’s very helpful and I hope it also helps others using storage plugins.
I haved checked and Cloudflare KV doesn’t seems to support Atomic operations, I will try and if it doesn’t work, I will try another storage plugin.