Efficiently scaling Walrus Aggregator with Caddy and Cloudflare
If you’re running a Walrus Aggregator to handle heavy blob download requests, latency and scalability are critical. In this guide, we’ll show you how to configure your setup using Docker, Caddy, and Cloudflare to reduce latency by up to 10x — at no additional cost.
This tutorial is aimed at users familiar with Linux, Docker, and web servers.
Why this setup?
The default configuration of the Aggregator works, but it’s not optimized for high-volume blob downloads. With just a few changes:
- We containerize the Aggregator to simplify updates and improve security.
- We use Caddy as a reverse proxy to handle SSL certificates.
- We leverage Cloudflare’s free caching layer to dramatically boost performance for repeated requests.
1. Running the Aggregator in Docker
To improve deployment speed, security, and maintainability, we recommend running the Walrus Aggregator in a Docker container.
Docker gives you:
- Isolation from the host system
- Protection from direct public exposure
- Easy version upgrades with minimal downtime
Below is a working example of docker-compose.yaml for the testnet network. Note that the Aggregator’s port is exposed only to localhost, meaning Caddy will be the sole access point.
services:
walrus-aggregator:
image: mysten/walrus-service:testnet-v1.22.1
container_name: walrus-aggregator
restart: always
environment:
- RUST_BACKTRACE=1
- RUST_LOG=info
ports:
- "127.0.0.1:9000:9000"
- "127.0.0.1:27182:27182"
volumes:
- ./config:/opt/walrus/config
docker-compose.yamlsystem_object: 0x6c2547cbbc38025cf3adac45f63cb0a8d12ecf777cdc75a4971612bf97fdf6af
staking_object: 0xbe46180321c30aab2f8b3501e24048377287fa708018a5b7c2792b35fe339ee3
config/client_config.yamlYou can always find the latest Docker image here.
2. Setting Up Caddy as a Reverse Proxy
Caddy is a modern, user-friendly web server with native HTTPS support. It’s a great alternative to Nginx if you’re looking for simplicity. Just like the Aggregator, we recommend running Caddy in Docker to keep things consistent.
Here’s how to run it with Docker and a basic Caddyfile configuration.
Docker Compose
caddy:
image: caddy:v2.10.0
restart: always
container_name: caddy
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/site:/srv
- ./caddy/caddy_data:/data
- ./caddy/caddy_config:/config
- ./caddy/cache:/data/cache
network_mode: host
docker-compose.yamlCaddyfile
walrus-testnet-aggregator.stakely.io { reverse_proxy 127.0.0.1:9000 header { Access-Control-Allow-Origin * Access-Control-Allow-Headers * } @cors_preflight method OPTIONS respond @cors_preflight 204 }caddy/Caddyfile
Caddy will automatically issue SSL certificates via Let’s Encrypt. Also, some CORS headers are added, useful for using the Walrus Aggregator in frontend aplications.
Please note that Caddy is running using the host network, so you would need to open the port 80 and 443 manually in your firewall:
sudo ufw allow 80
sudo ufw allow 443
3. Optimizing with Cloudflare
Once your Aggregator is behind Caddy and linked to a public domain, you can enable Cloudflare’s caching to serve blobs faster. Make sure the proxy (“orange cloud”) is enabled in your DNS settings.
Cache Rule Configuration
In your Cloudflare dashboard, go to: Caching > Cache Rules → New Rule
Define a rule following the configuration shown in this screenshot:
This feature is available for free to all Cloudflare users.
Optional: Enable Tiered Cache
You can also enable Tiered Cache from the Cloudflare dashboard to further improve global performance — at no additional cost.
Performance impact
Once configured:
- The first download of a blob in a region will still hit your server.
- Subsequent requests will be served from Cloudflare’s cache until expiration — with up to 10x lower latency.
With this combined architecture — a secure, containerized Aggregator, a lightweight auto-configuring reverse proxy with Caddy, and free global caching via Cloudflare — you can scale your blob downloads without increasing costs or compromising on latency.
Have questions or want to share your setup? Reach out to us on our Telegram channel.
