Inner workings of storage module?

Hi, I was thinking of using the new cloudflare_kv but before using it (or any remote storage module), I have some questions about how they works :

  • How cert are loaded in caddy ? Are loaded at startup or are they retrieved at each request ?
  • If the remote storage go offline, is there some kind of cache or does caddy just crash or stop serving domain with remote storage.
  • If two caddy instances are connected to the same remote storage and use same certificate, how renew works ? Is there some kind of “fight” or race condition if multiple caddy try to renew the same cert ?
    There are my interogation about remote cert storage, I hope I can find answer about these.
1 Like

Welcome (back)!

They are loaded at config-load-time, unless on-demand TLS is enabled, which loads them at a TLS handshake. However, once loaded, certificates remain in memory cache.

See above; certs remain in memory, so some storage faults are acceptable.

The storage backend must support some sort of atomic operation / synchronization. For example, local file systems support O_EXCL, meaning a file is only created if it does not already exist. Databases have transactions. In these cases, CertMagic can operate in a cluster just fine.

S3, for example, is not a suitable storage backend, because it does not provide proper atomicity.

Hopefully that helps :slight_smile:

2 Likes

Thanks for your response, It’s very helpful and I hope it also helps others using storage plugins.
I haved checked and Cloudflare KV doesn’t seems to support Atomic operations, I will try and if it doesn’t work, I will try another storage plugin.

1 Like