Rancher HA loadbalancer nginx port 443

Hi all,

I have set up a rancher HA cluster with 3 nodes.
Cent-OS 7
Docker 1.10.3
I am using the self-signed certificate generated by rancher.

I would like to use Nginx which will load-balance my cluster. That load-balancer is on another VM.

I have 2 issues

  • Is my nginx conf is correct ?
  • I think there is something missing regarding the encryption.key or something to do before using it in the nginx conf.

upstream rancher-cluster{
server 10.0.3.25;
server 10.0.3.26;
server 10.0.3.27;

}

server {

listen 443 ssl;
server_name _;
ssl_certificate      /etc/nginx/conf.d/ssl/ca.crt;
ssl_certificate_key  /etc/nginx/conf.d/ssl/encryption.key;

location / {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://rancher-cluster;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
    proxy_read_timeout 900s;
}

}

server {
listen 80;
server_name _;
return 301 https://$server_name$request_uri;
}

I found the certificates at /var/lib/rancher/etc/ssl/*
/server/*

Thank you very much for your help,
regards,
Marc