Rancher behind Cloudfront

I was trying to put the Rancher master UI behind cloudfront but was not able too. Once rancher was behind cloudfront, it just acted as an API and would not show the UI.

What headers and things are needed in order to get the UI to work correctly behind cloudfront or any cdn?

(Note: only uses will access rancher through cloudfront. Rancher nodes/hosts will not)

The API generates absolute URLs so it needs to know enough to have enough info in the request it receives from CloudFlare to determine what the originally requested URL from the browser was.

Host, X-Forwarded-Port and X-Forwarded-Proto, or proxy protocol. The Host header should just be getting passed through, I’m not sure if CloudFlare supports -Port/-Proto or not.

If you’re actually getting back JSON for a request for the root, that would suggest that the User-Agent header is being dropped… The server only responds with the UI if the request looks like it’s from a browser.

A packet capture of the actual request making it to the rancher server would help. Something like tcpdump -A -s0 port 8080 will do.

Hey Vincent,

Thanks for the info. The “User-Agent” was the key. I had to whitelist that header to be passed through.
However, upon getting the UI to work, other things are having issues to due websockets and such. So I think cloudfront is just more pain than its worth, since I wouldn’t be caching anything anyways. But thanks for the help!


Ah yeah sorry, I forgot about WebSockets… It was supposed to be moved down but last time I checked still required their Enterprise ($$$$) plan.

…and now I see you said CloudFront, not Flare. You can do behind ELB with SSL fairly easily, I would agree there’s not much benefit to CloudFront.