The docs for HA configuration (http://docs.rancher.com/rancher/installing-rancher/installing-server/multi-nodes/) state that a websocket-proxy needs to be running. However it never mentions what port the proxy needs to listen on
docker run -d -p <port>:<port> -v $(pwd)/api.crt:/api.crt rancher/server websocket-proxy -jwt-public-key-file=/api.crt -listen-address=0.0.0.0:<port>
and as far as I can tell, there is no way for it to discover the host.
How is the websocket-proxy even being used/discovered? Does it need to run on a specific host?
Hello, you’ll need to set
CATTLE_HOST_API_PROXY_MODE: “ha”
CATTLE_HOST_API_PROXY_HOST: “” //This will need to be accessible from your browser AND to ALL compute nodes
On the rancher/server container at startup. The mode variable tells the server not to run the proxy internally(weird things happen). The host variable is something like ws-proxy.myrancherexample.com:443. The variable tells Rancher where to go to for websocket connections. You will need it to be the same scheme (HTTP(S)) as the Rancher server otherwise the browser will complain.
If you are using SSL you’ll have to proxy it through Nginx or something that does the termination since websocket-proxy can’t term ssl on its own.
Ah I get it now, I was just confused because I had to set that env-var BEFORE creating the websocket-proxy, so when I set it I set it to the url to my host (port 8080).
It might make more sense in the docs to start the websocket-proxy before starting the rancher server.
Thanks,
Nick
Ah, yeah… we need to clarify that more.
Its one of those chicken egg things, you need Rancher server up before you can start websocket-proxy because you need the api.crt.
Are you up and running with the proxy behind SSL now?
Yep, everything seems to be working fine now. Thanks!