I’m having trouble Getting logs from loadbalancer . I do not see the options in included in those screenshots.
In the end I’m targeting the following and would appreciate advise on that as well
Hi, we have a requirement that the workers are in a private subnet and don’t directly receive traffic. There is a desire to use ELB to terminate SSL.
Assuming that I have an internal load balancer can I have the ELBs hit those and will the name be preserved to do hostname mapping?
For example
labels:
# TODO add that label to all hosts
# Put load balancer containers on hosts with label lb=true
# io.rancher.scheduler.affinity:host_label: lb=true
# Requests to http://app.example.com/foo:80 should be routed to web1 over port 8000
io.rancher.loadbalancer.target.registry: registry.services.example.com:80=5000
io.rancher.loadbalancer.target.jenkins: jenkins.services.example.com:80=8080
I did find the logs, but so far they aren’t terribly useful. Seem to get nothing after it’s started up ha proxy.
8/1/2016 4:41:17 PMINFO: ROOT -> ./etc/haproxy/certs/default.pem
8/1/2016 4:41:17 PMINFO: ROOT -> ./etc/haproxy/haproxy.cfg
8/1/2016 4:41:17 PMINFO: ROOT -> ./etc/monit/
8/1/2016 4:41:17 PMINFO: ROOT -> ./etc/monit/conf.d/
8/1/2016 4:41:17 PMINFO: ROOT -> ./etc/monit/conf.d/haproxy
8/1/2016 4:41:17 PMINFO: Sending haproxy applied 22-d2f842d7d67d6531622dd524b6403ee66414b3b1264684299f4d5574ecaeb32a
8/1/2016 4:41:17 PMINFO: HOME -> ./
8/1/2016 4:41:17 PMINFO: HOME -> ./etc/
8/1/2016 4:41:17 PMINFO: HOME -> ./etc/cattle/
8/1/2016 4:41:17 PMINFO: HOME -> ./etc/cattle/startup-env
8/1/2016 4:41:17 PMINFO: ROOT -> ./
8/1/2016 4:41:17 PMINFO: ROOT -> ./etc/
8/1/2016 4:41:17 PMINFO: ROOT -> ./etc/init.d/
8/1/2016 4:41:17 PMINFO: ROOT -> ./etc/init.d/agent-instance-startup
8/1/2016 4:41:17 PMINFO: Sending agent-instance-startup applied 7-622eb926693a2e497de57283d1e573f04ab0487fee015d921d8fbd419bd41fa9
8/1/2016 4:41:17 PMStarting monit daemon with http interface at [localhost:2812]
Yes, an amazon ELB sets X_FORWARDED_FOR as a header and the Rancher LB will use that to do L7 routing based on host name.
I currently run with this set up.
I set a wildcard DNS entry (*.mydomain.com) to point to an ELB.
the ELB has 2 listeners: 443/HTTPS->80/HTTP and 80/HTTP->81/HTTP
Then I deploy 2 Rancher Load Balancers, both global. 1 uses source port 81 and forwards all traffic to a redirector service that is simply nginx that sends a 301 to HTTPS when the request is HTTP.
The other LB uses source port 80, thus receiving the decrypted HTTPS traffic from the ELB, and does host based routing.
Thanks for the confirmation. I really struggled with getting the Rancher LB to update properly however, and couldn’t easily find logs. I did confirm though that “frequently” I wasn’t seeing the haproxy config get updated, but I didn’t dig in enough to really understand what was going on. On a related note, here’s a comment I just put in IRC:
Has anyone from the team looked at incorporating https://traefik.io/ into the load balancer. After struggling for hours to allow multiple host names to different end points (logging was not terribly useful and it appeared that the haproxy wasn’t being updated always even with the stack for LB had been updated), I plugged in traeffik and was very happy.
Their detailed docs leave something to be desired
But ideally I’d love to have that be a native integration point and appear as a LB type service.
I gave up using the rancher lb’s until they’re finished with the lb refactor
In the mean time i just created my own image which does this amongst other handy things:
https://hub.docker.com/r/nodeintegration/rancher-haproxy/