Rancher UI api calls not https on https page.

[stephen-dahl]

Rancher versions: rancher/server:stable rancher/agent: NA

Infrastructure Stack versions: healthcheck: NA ipsec: NA network-services: NA scheduler: NA kubernetes (if applicable): no

Docker version: (docker version,docker info preferred)

Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 2
Server Version: 17.03.2-ce
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 26
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 4ab9917febca54791c5f071a9d1f404867857fcc
runc version: 54296cf40ad8143b62dbcaa1d90e520a2136ddfe
init version: 949e6fa
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.4.0-1047-aws
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.625 GiB
Name: ip-172-32-9-121
ID: QT64:DPM3:QPNQ:OWSW:75PD:J3SR:ZBFA:IEPW:DYXF:Q52S:PVZF:VQGM
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Operating system and kernel: (cat /etc/os-release, uname -r preferred)

NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

4.4.0-1047-aws

Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO) AWS

Setup details: (single node rancher vs. HA rancher, internal DB vs. external DB) single node

Environment Template: (Cattle/Kubernetes/Swarm/Mesos) cattle

Steps to Reproduce:

version: '3'
services:
  rancher-server:
    image: rancher/server:stable
    restart: unless-stopped
    command: --db-host rancher-controller.xxxxxxxxxxxxxxxxxx.us-west-2.rds.amazonaws.com --db-port 3306 --db-name cattle --db-user xxxxxxxxxxxxx --db-pass xxxxxxxxxxx --advertise-address awslocal
    environment:
      CATTLE_DB_LIQUIBASE_MYSQL_URL: "jdbc:mysql://rancher-controller.xxxxxxxxxx.us-west-2.rds.amazonaws.com:3306/cattle?useUnicode=true&characterEncoding=UTF-8&characterSetResults=UTF-8&prepStmtCacheSize=517&cachePrepStmts=true&prepStmtCacheSqlLimit=4096&socketTimeout=60000&connectTimeout=60000&sslServerCert=/var/lib/rancher/etc/ssl/ca.crt&useSSL=true"
      CATTLE_DB_CATTLE_MYSQL_URL: "jdbc:mysql://rancher-controller.xxxxxxxxxxxxx.us-west-2.rds.amazonaws.com:3306/cattle?useUnicode=true&characterEncoding=UTF-8&characterSetResults=UTF-8&prepStmtCacheSize=517&cachePrepStmts=true&prepStmtCacheSqlLimit=4096&socketTimeout=60000&connectTimeout=60000&sslServerCert=/var/lib/rancher/etc/ssl/ca.crt&useSSL=true"
      CATTLE_DB_CATTLE_GO_PARAMS: "tls=skip-verify"
    volumes:
      - /var/rancher/ca.crt:/var/lib/rancher/etc/ssl/ca.crt
    ports:
      - "8080:8080"
      - "9345:9345"

docker-compose up -d this server sits behind an aws elb performing ssl termination

Results: ui load but some api calls are not using https and being blocked by the browser.

[vincent99]

You don't have the ELB setup properly. It needs to be TLS->TCP and have proxy protocol enavles. The API returns absolute URLs, which the UI follows, and the server needs to get enough information to reconstruct the original request URL to generate them.

http://rancher.com/docs/rancher/v1.6/en/installing-rancher/installing-server/basic-ssl-config/#elb

[stephen-dahl]

I had those set up before, my problem is I had it running on port 80 before and changed to 8080 now, that means my proxy policy is no longer applying since it was set to 80. Closing

[stephen-dahl]

o and thanks :)