Open aschrijver opened 6 years ago
Hello, Thanks for the pull request was merged this morning ! On this issue, I would recommend to first start rancher server, then connect to rancher server on port 8080, setup rancher server (user, host, etc), then start a rancher-active-proxy service from Rancher server, and all your different service. After RAP is setup and working you can even remove port 8080 from rancher/server containers, however I would not recommend that as first Added host are probably mapped to this port and second as a way to connect to Rancher in case of RAP problem !
Let me know if you have any issue !
Thanks @adi90x
So you advice to run Rancher at example.com:8080 and expose that port publicly on the EC2 instance? In that case the rancher server would not run under SSL, would it?
And can I add the redirect to gh-pages
in the way described (i.e. add the example.com_server
file and copy it to /etc/nginx/vhost.d
? There is no container related to the redirect.
Yes I would advise to keep an external port for slave host not to connect via RAP as there could be problem, if host running RAP is not up and running when a slave host from cluster try to connect
Le 5 mars 2018 11:23, "Arnold Schrijver" notifications@github.com a écrit :
Thanks @adi90x https://github.com/adi90x So you advice to run Rancher at example.com:8080 and expose that port publicly on the EC2 instance?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/adi90x/rancher-active-proxy/issues/49#issuecomment-370374451, or mute the thread https://github.com/notifications/unsubscribe-auth/AKpqdAtIb3rgg2XhiH-U4iGLftPsmPDcks5tbRIGgaJpZM4Sb1sL .
Hi @adi90x, thanks for your project!
I already have a Rancher-server started via docker-compose.yml
and installed RAP via custom Catalog, but I want to make RAP reverse proxy for open port of Rancher-server, so to visit in browser control.example.com
(nginx proxy points to -> 127.0.0.1:8080
) instead of 127.0.0.1:8080
(127 just for example), and make it works via using docker-compose
file, not the Docker cli via docker run ...
.
My question sounds like duplicate of #21
The problem with docker-compose
is that it creates a new default network for Rancher-server but RAP deployed via Catalog sits on Managed type network (changing not helps), so it can't detect any containers metadata changes, because it simply cannot see created container from docker-compose
(with appropriate RAP labels declared of course) because of Docker networks security policy.
How can we achieve that, without using Docker cli directly?
Maybe not only via docker-compose
, but start Rancher-server just from itself Rancher-server UI with attaching Rancher-server container to the same network as RAP uses?
Thanks!
Example of
docker-compose.yml
:version: "2.3" services: rancher: image: rancher/server:stable container_name: "control.example.com" restart: always ports: - "8080:8080" - "9345:9345" #- "3306:3306" # About NO_PROXY: https://goo.gl/1jFQ3h & https://goo.gl/t5rvYs no_proxy: "localhost:8080,127.0.0.1:8080" NO_PROXY: "localhost:8080,127.0.0.1:8080" labels: - "rap.port=8080" - "rap.host=control.example.com" - "rap.le_host=control.example.com" - "rap.le_email=admin@example.com" - "rap.https_method=noredirect" - "io.rancher.container.pull_image=always" - "io.rancher.container.system=true" # Not sure if next line even needed - "io.rancher.container.network=true" command: --advertise-address ipify --advertise-http-port 8080
Thank you @adi90x everything worked fine! I'll leave this issue open because of the question by @TemaSM :)
Hi @adi90x Thanks a lot for this repo!! It looks like this is exactly what I need to setup a rancher CI/CD environment! But I have a question regarding setup, some things unclear in README..
I have an AWS EC2 instance running RancherOS and want to setup the following:
nginx
reverse proxy in front of all containersgh-pages
) with SSL termination, accessible athttps://example.com
https://admin.example.com
https://develop.example.com
Previously I manually setup
nginx
config andLetsencrypt
certificates and accidentally bricked my docker installation, forcing me to recreate the instance entirely.Going from the README I deduce I have to take following steps:
$ docker run -d -p 80:80 adi90x/rancher-active-proxy
nginx
config for the redirect togh-pages
on Github namedexample.com_server
and copy it to/etc/nginx/vhost.d
on the instance --> but this server block is just a redirect, without a container!docker run -d --restart=unless-stopped -p 8080:8080 --name=rancher-server -l rap.host=admin.example.com -l rap.port=8080 -l rap.le_host=admin.example.com -l rap.le_email=foo@example.com -l rap.proto=https -l io.rancher.container.pull_image=always rancher/server
Presumably now I can use the Rancher UI to configure the
gitlab
stack and services, provided I add the proper labels using same UI.Could you please verify if these steps are correct? I would be very thankful :)
PS. While I was at it I took the liberty to improve the readme a bit: https://github.com/adi90x/rancher-active-proxy/pull/50