How to sync letsencrypt ssl certs between docker swarm nodes

If you have files (like letsencrypt ssl certificates) that you need to exist on all of the nodes in your docker swarm cluster you can sync them via an rsync daemon. In this scenario, I am always generating and updating my ssl certificates on "node-1" of the docker swarm cluster and I need those ssl certificates to be mirrored to "node-2" and "node-3" of the swarm cluster so that they are available to my nginx service running on each of those nodes. In this configuration I have a load balancer that routes http 80/443 traffic to all 3 nodes in the swarm cluster and thus the ssl certs have to be on all nodes at all times.

Here is how I've currently set this up.

Configure rsync daemon on node-1

To start with you’ll need to create the configuration file /etc/rsyncd.conf with the following settings

pid file = /var/run/
lock file = /var/run/rsync.lock
log file = /var/log/rsync.log
port = 12000
uid = root
guid = root

path = /etc/letsencrypt/
read only = true
timeout = 300

Running rsync as a daemon

Next you want to run rsyn as a daemon so it's always available for clients (node-2 and node-3) to connect to.

sudo rsync --daemon

If rsync was already running you can kill it (and then restart it) by running:

sudo kill `cat /var/run/`

Synching files on Node-2 and Node-3

With the rsync daemon setup on Node-1 you can now sync the LetsEncrypt SSL certs on Node-2 and Node-3 by running the following command on each of those nodes:

sudo rsync -rdtl rsync://node-1:12000/ssl-certs /etc/letsencrypt/

This will copy everything from Node-1 /etc/letsencrypt/ to the same location on Node-2 and Node-3

Automating the file sync

Everytime Node-1 renews the LetsEncrypt SSL certs they need to be copied over to Node-2 and Node-3. In order to automate that you can setup a cron job to run however often you'd like. Start on Node-2 by editing /etc/crontab and add an entry to run every 10 minutes to sync the files from Node-1 as shown here:

*/10 * * * * root rsync -rdtl rsync://node-1:12000/ssl-certs /etc/letsencrypt/