sshipway
commented
6 years ago The nginx provides SSL offloading, so that it can run under SSL. This could be done via the load balancer, of course; however I was trying to make a self-contained solution that could, if necessary, generate its own self-signed certificate to use - which is not possible using a load balancer. Also, at the time of creation, it was not possible to have a "select a certificate" configuration item in a template.
So, you don't need to nginx proxy; you can use the haproxy load balancer to perform the certificate offload and handle it separately.
Pls bear with me @sshipway I am just starting on rancher. My setup uses 1 single rancher lb (scaled 1per host) to proxy traffic to internal services. This avoids mapping container ports directly to the host, which seems to cause port conflict even when over different domains.
I want to know if the nginx proxy is required at all. Ideally, I can use haproxy to handle external traffic on port 5000 and 443 with certs, and proxy unencrypted traffic down to portus and registry directly. Neither portus nor registry should need access to the certs if possible.
Would you care to give me some pointers as to the feasibility and problems with my setup? Tks!