Force HTTPS when accessing rancher

Hi,

I just moved my rancher install to be behind https and i’ve updated the url to be https://xx.yy.io but when I try and login Rancher is trying to load scripts from http://xx.yy.io which is causing me to be logged out.

Did I miss a config setting someplace? My setup is a Route53 domain with an ELB in front of my ec2 instance that handles the ssl termination and these as the listeners

The server container needs enough information to construct the original origin (proto+host+port, i.e. https://xx.yy.io) and include them in responses. Right now it doesn’t know the original request was HTTPS so it generates http links, which the UI then follows. ELB HTTP mode adds headers to tell the backend the original info, but you can’t use it because it doesn’t support WebSockets. So for 1.1 you need to enable PROXY protocol on ELB and send the traffic to the ports on the server that expect it (81/444).

For 1.2 (which I thought you upgraded to?) you want to use the newer ALB instead of ELB. It supports WebSockets in HTTP/S mode and is much simpler.

I have not had a chance to upgrade to 1.2 yet as I’m still working on getting all the underlying docker hosts upgraded from 1.9.1 to 1.12.3.

and to use the new ALB i need to move the VPC’s that rancher is running on, hence the domain name change. If 1.2 supports hosts running on 1.9.1 i’ll do the upgrade this weekend.

Docker 1.9 wasn’t even “supported” in Rancher 1.0.0, though it apparently worked. I expect with new network and volume plugins and using newer clients with newer API revisions and such it will not work well, if at all, with Rancher 1.2.

So if you want SSL to work for 1.1 for now, enable PROXY protocol and direct the requests to 81 and 444, see http://docs.rancher.com/rancher/v1.1/en/installing-rancher/installing-server/basic-ssl-config/#running-rancher-server-behind-an-elb-in-aws-with-ssl .

@vincent, thanks for the info, i’ve got two hosts lefts to update and then i’ll be able to upgrade… I’ve moved rancher it’s self into our newer vpc and the ALB works awesome over the ELB

I should be able to update rancher tonight to 1.2