Single Caddy node works perfectly.
I already use redis as storage.
Now i’d like to setup cluster of Caddys.
Use 2 Caddy servers, add 2 A record to DNS to each of the servers.
Why? To keep sites alive, even if one node goes down.
Looks like for this configuration i need to setup redis im master-master mode, to sync certs that added to redis in both direction.
I’m not familiar with redis.
I find out that i have at least these option:
This might be a question better directed at a redis-specific community, but maybe someone from the forums here can chime in.
I can tell you though that redis isn’t your only choice here if setting up replication turns out to be too complicated; S3 seems like a pretty good solution too, as does a simple network file share over the protocol of your choice.
Or you could just have one Redis instance separate from those two, don’t need to run Redis on the same nodes as Caddy is on.
If you only use Redis for cert storage and nothing else, then it’s not super mission critical, because Caddy only needs it at startup and when doing issuance/renewal operations, which is quite infrequent in the grand scheme of things. You can do maintenance on your Redis instance while the Caddy instances are still running and Caddy won’t even notice (or at worst just delay a renewal attempt to the next interval step).
Sure, but if i use just one redis, if it fail, both caddys are fail to issue new certs, and serve sites that already has certs in redis, but dont have certs in Caddy memory.
We have 80k domains at parking, lot of domains with low traffic.
If i lost certs, reissue 80k serts takes huge time.
Lets Encrypt has limit 300 certs per one account per 3 hours, and 10 account per IP max.
In addition to working on Redis to secure those certs, I wonder if it might be worth having a look into requesting a higher rate limit from LetsEncrypt - just as a precaution?
If you are a large hosting provider or organization working on a Let’s Encrypt integration, we have a rate limiting form that can be used to request a higher rate limit. It takes a few weeks to process requests, so this form is not suitable if you just need to reset a rate limit faster than it resets on its own.
