Hi,
I’ve noticed than inside the Rancher HA with Nginx documentation its mentioned to use the stream module of nginx. this module force to have a dedicated ip:port pair …
I’ve done some test using the web sockets feature of nginx… And everything seems to work well… since the only port bind with the rancher container are 80 and 443… it look like rancher only use websocket(wss) and standard http/https… (wrong?) …
The advantage of using web sockets feature make configuration simpler and no need of special module…
Did someone see issue of the kind of config? Is there a reason why stream module is the only option in the documentation?
here the config i’m currently testing:
upstream ranchernodes {
least_conn;
server rcs01.example.com:443 max_fails=3 fail_timeout=5s;
server rcs02.example.com:443 max_fails=3 fail_timeout=5s;
server rcs03.example.com:443 backup;
}
server {
listen 443 ssl http2;
server_name rancher.example.com;
client_max_body_size 20m;
ssl_certificate "/etc/pki/nginx/WildCard.pkcs1.crt";
ssl_certificate_key "/etc/pki/nginx/private/WildCard.pkcs1.key";
access_log /var/log/nginx/rancher.example.com.access.log main;
location / {
proxy_pass https://ranchernodes;
proxy_set_header Host "rancher.example.com";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 900;
}
}