I just want to make sure that all the traffic that flows between the rancher hosts is encrypted and goes via the IPsec tunnel as default or are there any exception cases?
Moreover, what are the ports that I need to open between the Rancher server and the hosts?
IPSec is for container-to-container traffic. agent-to-server is via the host registration URL. If you want it to be TLS you need to run a balancer or proxy that does TLS-termination and set the registration URL to
There also a very good explanation on this thread:
I am trying to setup Rancher in AWS as below.
Rancher Master Server Security Group Rules:
Inbound 8080 (0.0.0.0/0) - For Agent communication
Outbound - 80, 443
Rancher Hosts Security Group Rules:
Inbound - 22 ( ssh login from a particular host)
Outbound - 80, 443 and 8080
I am adding the hosts as ‘Custom Hosts’ i.e. installing the Rancher Agent on the host machine manually. The hosts has been installed with Docker already. The agent is getting installed successfully hosts and it also sho…