We cannot get the rancher GUI to work when going through an external netscalerload balancer. We have followed the instructions listed here: https://rancher.com/docs/rancher/v2.x/en/installation/ha-server-install-external-lb/ The netscaler shows that the back ends are up and everything is green (good) in the load balancer. We can “telnet 443” and it answers. But when you go to it in a web browser (doesnt matter which browser) it just spins forever. It never gets an error or stops trying to load. Here is what our netscaler config for this load balancer vip looks like:
add serviceGroup tid-rancher1-svcg SSL -maxClient 0 -maxReq 0 -cip ENABLED X-Forwarded-for -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -httpProfileName nshttp_default_profile2
add ssl certKey tid-rancher1 -cert tid-rancher1.masked.com-22011.cer -key tid-rancher1.masked.com.key
add lb vserver tid-rancher1 SSL 443 -persistenceType NONE -cltTimeout 180 -httpProfileName nshttp_default_profile2
bind lb vserver tid-rancher1 tid-rancher1-svcg
bind lb vserver tid-rancher1 -policyName x_forwarded_proto_https -priority 100 -gotoPriorityExpression NEXT -type REQUEST
add lb monitor http-rancher HTTP -respCode 200 -httpRequest “HEAD /healthz” -LRTM DISABLED -destPort 80
bind serviceGroup tid-rancher1-svcg ip1 443
bind serviceGroup tid-rancher1-svcg ip2 443
bind serviceGroup tid-rancher1-svcg ip3 443
bind serviceGroup tid-rancher1-svcg -monitorName http-rancher
bind ssl serviceGroup tid-rancher1-svcg -eccCurveName P_256
bind ssl serviceGroup tid-rancher1-svcg -eccCurveName P_384
bind ssl serviceGroup tid-rancher1-svcg -eccCurveName P_224
bind ssl serviceGroup tid-rancher1-svcg -eccCurveName P_521
bind ssl vserver tid-rancher1 -eccCurveName P_256
bind ssl vserver tid-rancher1 -eccCurveName P_384
bind ssl vserver tid-rancher1 -eccCurveName P_224
bind ssl vserver tid-rancher1 -eccCurveName P_521
Any ideas from anyone?