To get two Caddy instances to share TLS certificate storage with a shared mounted volume of a Backblaze B2 bucket.
Caddy is a production grade project. But it needs a simple working solution for clustering that doesn’t require setting up a whole Redis cluster, Postgres database or other complicated infrastructure just for shared storage of TLS certs. Backblaze B2 is cheap, reliable, easy to mount to commodity VMs, and Caddy is happy reading and writing files from a B2 shared volume (most of the time).
There is a Caddy issue where, even when a domain is properly provisioned via the Caddy API, and there are valid certs downloaded that Caddy can read, Caddy will throw an SSL error instead of serving the site securely. Only a full service caddy restart
will fix this, which results in some downtime.
I suggest updating Caddy so that, if Caddy gets a request for a domain, it checks for valid certs, and if they exist, then serve the site properly over TLS instead of throwing an SSL error.
Here’s what I’ve done so far:
https://caddy-test.purple.uno
between the two servers (for HA, obviously)
500.greenbongo.com
thru 599.greenbongo.com
/usr/share/caddy/500/index.html
/usr/share/caddy/599/index.html
s3fs
caddy
777
/etc/systemd/system/caddy.service.d/override.conf
autosave.json
file here:
/var/lib/caddy/.config/caddy/autosave.json