Having an odd problem on Rancher 0.35.0-rc1. Currently have a single VM in my install controlled from the VM’s host, which is where the Rancher control server runs. I use Cloudflare to provide SSL termination and other services for most of my websites, and all of these work fine. I also have 2 separate Rancher environments, each with a single VM host, and these can communicate. However, if I’m on one of the VMs, and I run curl against the load balancer on the same VM, the connection is refused.
My use case is a Docker registry running at docker.my.domain. This registry is hosted in a Rancher stack containing the registry itself and, eventually, a front-end Nginx for authentication. The registry is fronted by an SSL-terminated, Rancher-managed load balancer. Because Cloudflare’s free/pro plans limit the body size of uploads, I’ve had to disable Cloudflare on docker.my.domain.
I can push images to docker.my.domain off-site, and HTTP connections to it work fine. I can access docker.my.domain from other VMs. I cannot access docker.my.domain from the VM where it is hosted. The connection is simply refused. As such, any images needing to pull from my own hosted Docker registry fail because the subdomain resolves to the VM’s own IP.
This issue isn’t specific to Docker registries, that’s just the use case that caused me to hit this. I can’t access the load balancer IP at all from the VM because the connection is refused, regardless of what happens to be at the other end.
I’m using UFW as my firewall, but disabling that didn’t change this behavior. What am I missing?