search

auto-ssl / lua-resty-auto-ssl

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
MIT License
1.94k stars 182 forks source link

Move Out Renewal Jobs to Another Server #287

Closed littlesheng19 closed 1 year ago

littlesheng19 commented 1 year ago

I have 1 million certificates and there is always a CPU spike everyday due to the renewal jobs. So I tried to comment out this line on init_worker.lua:

renewal_job.spawn(auto_ssl_instance)

and create a new openresty instance just for certificate renewal, which is not accessible from the Internet. There are two openresty instances now:

Proxy receives real traffic and returns certificates from redis, it also handles ACME challenges, but renewal job is executed by renewal instance everyday.

I am not sure if it's safe to do so. Does anyone work with any similar scanerio?

littlesheng19 commented 1 year ago

Disabled renew job and working well.