Two load balanced servers with the same config

svenakela · November 18, 2023, 10:41pm

This more of a how does it work question than an issue.

1. The problem I’m having:

I have an Azure load balancer running nicely in front of Caddy and Caddy is doing Auto TLS for my domain. No termination by the LB, Caddy takes care of TLS.

I want to run two Caddy nodes for redundancy and with that they are completely identical.

I am curious how much of the two servers’ config that should be shared, I have found an old thread (see below) where more than I expected is shared.

Is this fair enough?
/etc/caddy/Caddyfile
/data/caddy

What about the /config dir, do I really need to share that?

What happens when the cert is to be renewed? Isn’t there a risk that both nodes start the renewal process simultaneously? If the LB is round robin or by mistake do sticky session against the second node when the challenge is fetched, will they still complete the renewal?

2. Error messages and/or full log output:

N/A

3. Caddy version:

2.7.5

4. How I installed and ran Caddy:

Containerized in Azure Container Groups

a. System environment:

Docker Alpine

b. Commands

c. Service/unit/compose file:

d. My complete Caddy config:

Not interesting for my topic

5. Links to relevant resources

francislavoie · November 19, 2023, 3:58am

Not really. All that /config is used for is to persist an autosave.json file, which is only useful if you use Caddy in API mode (and push config updates via the API instead of a config file).

Sharing /data is what solves that. If both servers can write to data storage, then the first Caddy instance will write a lock file saying “hey I’m working on it” so the other will avoid starting renewal. But both can still solve the challenge, so one instance can start renewal and the other can complete it.

Automatic HTTPS — Caddy Documentation explains

svenakela · November 19, 2023, 9:53am

Sweet, thanks!