Internal LB for HA rancher server

I am setting up a 2 node HA rancher server following the documents at http://rancher.com/docs/rancher/v1.6/en/installing-rancher/installing-server/#multi-nodes.The doc mentions using an external LB however i want to set up an internal LB in the datacenter, How can this be accomplished? Will HAproxy work for this?

Thanks.

External here more likely refers to the fact that you should not use a proxy managed within the rancher environment, like the internal HA proxy service that you can configure for your applications (see Adding a Load Balancer). If your load balancer was offline it would be difficult getting it online again, if you can’t get to rancher, because the load balancer is offline.

Any decent load balancer managed outside of your rancher environment should be fine.

Thanks, @michael-x. I tried creating a LB using haproxy. However i am unable to access the rancher server using the LB ip. attached is the haconfig file and the rancher server setup command.
Haproxy file : global maxconn 4096 ssl-server-verify nonedefaults mode tcp bala - Pastebin.com
docker command to set up haproxy :

docker run -d --name haproxy_new -v /root/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro -v /root/rancher.pem:/etc/haproxy/certificate.pem:ro haproxy:1.7

docker command to set up Rancher server:

docker run -d --restart=unless-stopped -p 443:8080 -p 9345:9345 rancher/server:latest --db-host db_name --db-port 3306 --db-user cattle --db-pass password --db-name cattle --advertise-address 10.5.52.189 --advertise-http-port 443

The servers are created successfully in the cluster and also able to access using individual ip, however unable to access it using LB ip.
2017-09-11 13:29:08,944 INFO [pool-3-thread-1] [ConsoleStatus] Cluster membership changed [rancherserver1:9345, rancherserver2:9345]

The backends shouldn’t have ssl. You’re telling HAProxy to open a SSL connection to the plain http 8080 port (and remapping that to 443, which is OK but confusing).

@vincent I removed the ssl from backend servers and made it to listen to port 80 exposing it to 8080 in the backend. Still no go.

haproxy : global maxconn 4096 ssl-server-verify nonedefaults mode tcp bala - Pastebin.com

docker command :

docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 rancher/server:latest --db-host 10.5.52.172 --db-port 3306 --db-user cattle --db-pass password --db-name cattle --advertise-address 10.5.52.189

HaProxy logs:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
777804f7eb42 haproxy:1.7 “/docker-entrypoint.s” 3 seconds ago Up 2 seconds 0.0.0.0:8080->80/tcp haproxy_new
root@haproxy:~# docker logs -f 777804f7eb42
<7>haproxy-systemd-wrapper: executing /usr/local/sbin/haproxy -p /run/haproxy.pid -f /usr/local/etc/haproxy/haproxy.cfg -Ds
[WARNING] 254/044500 (6) : config : ‘option forwardfor’ ignored for frontend ‘http-in’ as it requires HTTP mode.
[WARNING] 254/044500 (6) : config : ‘option forwardfor’ ignored for backend ‘rancher_servers’ as it requires HTTP mode.

I was able to get it working with above mentioned configuration. Thanks.