If you have files (like letsencrypt ssl certificates) that you need to exist on all of the nodes in your docker swarm cluster you can sync them via an rsync daemon. In this scenario, I am always generating and updating my ssl certificates on "node-1" of the docker swarm cluster and I need those ssl certificates to be mirrored to "node-2" and "node-3" of the swarm cluster so that they are available to my nginx service running on each of those nodes. In this configuration I have a load balancer that routes http 80/443 traffic to all 3 nodes in the swarm cluster and thus the ssl certs have to be on all nodes at all times.
Here is how I've currently set this up.
Configure rsync daemon on node-1
To start with you’ll need to create the configuration file
/etc/rsyncd.conf with the following settings
pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock log file = /var/log/rsync.log port = 12000 uid = root guid = root [ssl-certs] path = /etc/letsencrypt/ comment = LE SSL CERTIFICATES read only = true timeout = 300
Running rsync as a daemon
Next you want to run rsyn as a daemon so it's always available for clients (node-2 and node-3) to connect to.
sudo rsync --daemon
If rsync was already running you can kill it (and then restart it) by running:
sudo kill `cat /var/run/rsyncd.pid`
Synching files on Node-2 and Node-3
With the rsync daemon setup on Node-1 you can now sync the LetsEncrypt SSL certs on Node-2 and Node-3 by running the following command on each of those nodes:
sudo rsync -rdtl rsync://node-1:12000/ssl-certs /etc/letsencrypt/
This will copy everything from Node-1
/etc/letsencrypt/ to the same location on Node-2 and Node-3
Automating the file sync
Everytime Node-1 renews the LetsEncrypt SSL certs they need to be copied over to Node-2 and Node-3. In order to automate that you can setup a cron job to run however often you'd like. Start on Node-2 by editing
/etc/crontab and add an entry to run every 10 minutes to sync the files from Node-1 as shown here:
*/10 * * * * root rsync -rdtl rsync://node-1:12000/ssl-certs /etc/letsencrypt/