Regarding the documentation example here
worker_processes 4;
worker_rlimit_nofile 40000;
events {
worker_connections 8192;
}
stream {
upstream rancher_servers_http {
least_conn;
server <IP_NODE_1>:80 max_fails=3 fail_timeout=5s;
server <IP_NODE_2>:80 max_fails=3 fail_timeout=5s;
server <IP_NODE_3>:80 max_fails=3 fail_timeout=5s;
}
server {
listen 80;
proxy_pass rancher_servers_http;
}
}
http {
upstream rancher_servers_https {
least_conn;
server <IP_NODE_1>:443 max_fails=3 fail_timeout=5s;
server <IP_NODE_2>:443 max_fails=3 fail_timeout=5s;
server <IP_NODE_3>:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443 ssl;
ssl_certificate /path/to/tls.crt;
ssl_certificate_key /path/to/key.key;
location / {
proxy_pass https://rancher_servers_https;
proxy_set_header Host <rancher UI URL>;
proxy_ssl_server_name on;
proxy_ssl_name <rancher UI URL>
}
}
}
We have a test environment running with 2 nodes, k3s and all is up and working.
As the example had SSL termination on Nginx we did this to install rancher
helm install rancher rancher-latest/rancher
–namespace cattle-system
–version 2.8.0
–set hostname=lb1.example.uk
–set bootstrapPassword=admin
–set tls=external
But then we had an issue where we were trying to open a kubectl shell, but it would not.
1/ Check 1
Point DNS IP at Rancher directly < Works. Kubectl shell works, so issue is not with Rancher.
2/ Check 2
Point DNS IP at Loadbalancer < Rancher web appears to work, but on investigation with browser we can see stuff like this
Firefox can’t establish a connection to the server at wss://lb1.example.uk/k8s/clusters/local/v1/subscribe?sockId=33. index.8592d9dc.js:8:2439574
Now I think wss is across port 443, but the nginx is clearly set up to proxy https.
Is this a bug/doc error, or am I barking up the wrong tree?
Any suggestions to resolve?