This more of a how does it work question than an issue.
1. The problem I’m having:
I have an Azure load balancer running nicely in front of Caddy and Caddy is doing Auto TLS for my domain. No termination by the LB, Caddy takes care of TLS.
I want to run two Caddy nodes for redundancy and with that they are completely identical.
I am curious how much of the two servers’ config that should be shared, I have found an old thread (see below) where more than I expected is shared.
Is this fair enough?
/etc/caddy/Caddyfile
/data/caddy
What about the /config dir, do I really need to share that?
What happens when the cert is to be renewed? Isn’t there a risk that both nodes start the renewal process simultaneously? If the LB is round robin or by mistake do sticky session against the second node when the challenge is fetched, will they still complete the renewal?
Not really. All that /config is used for is to persist an autosave.json file, which is only useful if you use Caddy in API mode (and push config updates via the API instead of a config file).
Sharing /data is what solves that. If both servers can write to data storage, then the first Caddy instance will write a lock file saying “hey I’m working on it” so the other will avoid starting renewal. But both can still solve the challenge, so one instance can start renewal and the other can complete it.