Multi-server architecture with independent LAPI & DB

Hello there, we have builded an architecture of 4 crowdsec agents running on 4 proxy nodes and connected to a separate postgres database. They’re all have configured to communicate with that Postgres running on a separate node. Each of the agents running an independent LAPI, but they’re all sharing the same DB, and when one of the nodes will ban/unban an IP address, the other nodes will immediately update their rules. Now we’re looking to build a button that will use crowdsec APIs and unban our customer who ended up in blacklist.

Now my question is: Is this a good way or approach of using crowdsec independently, rather than having one LAPI node? Because in this article “How to set up a CrowdSec multi-server installation”, it explains on how to set up multiple nodes to communicate with LAPI node. We don’t want to have an LAPI node to be a single point of failure, so that is the reason we want them to be independent. Unfortunately there is not much I could find regarding my question. So wanted to see if I can get some answers here.

Here’s the diagram:

Thank you.

1 Like

Interesting concept.

I am currently in the same process of trying different approaches and understanding the architecture.
There are probably a handful of different ways to build a multi-server approach depending on your own existing project architecture, the problem you want to solve, etc.

What are pros/cons on having one dedicated LAPI server (as outlined in the official blog post) to just use multiple agents with one database backend?