Hey everyone! I’m having some problems setting up a domain using https in Cattle. My environment looks like this: 5 hosts, each running an instance of the same load balancer. On these hosts I’m running a couple of different services, each being proxied to by the same global load balancer.
What I’m trying to achieve is to have an https connection to one of these services. I can add a new load balancer that listens on port 443 and add the certificate to it, however, this doesn’t scale very well, as I may run out of 443 ports in the future (limited number of hosts). So I would like to find a way to use some kind of an SSL enabled load balancer to proxy all my current and future projects that may need https.
I thought I could solve this by adding an internal load balancer in each stack, which should resolve the SSL certificate, and basically the global load balancer won’t link to the service directly anymore, but to the service’s internal load balancer instead. I don’t know if this is supposed to work, or if I’m doing something wrong, but I can’t get it to work (I can share the config files if needed).
Is this a good way to solve this? I can’t think of another solution that enables me to scale the number of stacks that use SSL indefinitely on a limited number of hosts (I prefer having a smaller number of powerful hosts than lots of small hosts - it’s easier to manage and maintain).