Hi all,
I have set up a rancher HA cluster with 3 nodes.
Cent-OS 7
Docker 1.10.3
I am using the self-signed certificate generated by rancher.
I would like to use Nginx which will load-balance my cluster. That load-balancer is on another VM.
I have 2 issues
- Is my nginx conf is correct ?
- I think there is something missing regarding the encryption.key or something to do before using it in the nginx conf.
upstream rancher-cluster{
server 10.0.3.25;
server 10.0.3.26;
server 10.0.3.27;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/conf.d/ssl/ca.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/encryption.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rancher-cluster;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
proxy_read_timeout 900s;
}
}
server {
listen 80;
server_name _;
return 301 https://$server_name$request_uri;
}
I found the certificates at /var/lib/rancher/etc/ssl/*
/server/*
Thank you very much for your help,
regards,
Marc