Until now I was using rancher via http (rancher-server container accessed via http://rancher.fqdn:8080). I have two nodes with rancher-agents deployed which are connected to the rancher-server. On both I have the rancher-nfs stack running.
As long as the rancher-server is reachable via http everything works fine. As soon as I switch the connection to the rancher-server to https I am unable to start containers which use the rancher-nfs plugin:
Restarting (Expected state running but got stopped: Error response from daemon: get concourse-keys-worker: VolumeDriver.Get: Bad response statusCode [400]. Status [400 Bad Request]. Body: [<html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx/1.9.9</center> </body> </html> ] from [http://rancher.fqdn:8080/v2-beta/volumes?name=concourse-keys-worker&removed_null=true&storageDriverId=1sd1])
It looks like the rancher-nfs stack still tried to send data via http instead of https. Any ideas how to circumvent this?
I followed this guide to setup an nginx reverse proxy in front of the rancher-server with a valid letsencrypt ssl certificate:
https://docs.rancher.com/rancher/v1.2/zh/installing-rancher/installing-server/basic-ssl-config/
The migration process was as follows:
- Stop current rancher-server
- Add reverse proxy to the mix and and connected rancher and the reverse proxy - rancher is now reachable via https://rancher.fqdn:8080
- Removed the rancher-agent from both nodes
- Redeployed the rancher agent on both nodes.