[New Project] Highly Available architecture for Vaultwarden, some insights

A while back I wanted to see if HA and DR could be achieved for Vaultwarden, I think I managed to accomplish a decent degree of availability and disaster recovery, so I wanted to show my latest project and provide some insight.

As many threads on this forum have shown, there are some roadblocks we must overcome, first we need a database, this wasn’t an issue since there are many options to choose from, I tried MariaDB’s module Galera and it worked wonders.

Another issue was the shared storage for the data directory, some opt to disable the option but I didn’t want to do that, since I think that it could be a dealbreaker for some to not have that, so I initially used CephFS to mount the directory to each node simultaneously, it worked fine, but having to manage a storage solution is a challenge on its own, more so if you just use it for Vaultwarden.
I researched some more and I fell down the rabbit hole that is the LinuxHA stack, Pacemaker, Corosync and DRBD, I liked it a lot, even though it’s not that popular.

So I decided to make a two node cluster, I installed MariaDB, Vaultwarden and Caddy on each node, I managed the replication of the database and Vaultwarden’s data directory with DRBD and documented it all on a Youtube video. video

I’m know that some mistakes I’m not even aware about will produce an eyesore to some of you, but I still want to show it. I think that it can help someone out there and offer a different approach.

Thank you for your attention! :slightly_smiling_face:

4 Likes

It is very interesting what you did! I’m wondering if it could be possible to configure dqlite (high-availability sqlite) for the persistence.