[Solved] Rancher Load Balancers and SSL

Hey everyone! I’m having some problems setting up a domain using https in Cattle. My environment looks like this: 5 hosts, each running an instance of the same load balancer. On these hosts I’m running a couple of different services, each being proxied to by the same global load balancer.

What I’m trying to achieve is to have an https connection to one of these services. I can add a new load balancer that listens on port 443 and add the certificate to it, however, this doesn’t scale very well, as I may run out of 443 ports in the future (limited number of hosts). So I would like to find a way to use some kind of an SSL enabled load balancer to proxy all my current and future projects that may need https.

I thought I could solve this by adding an internal load balancer in each stack, which should resolve the SSL certificate, and basically the global load balancer won’t link to the service directly anymore, but to the service’s internal load balancer instead. I don’t know if this is supposed to work, or if I’m doing something wrong, but I can’t get it to work (I can share the config files if needed).

Is this a good way to solve this? I can’t think of another solution that enables me to scale the number of stacks that use SSL indefinitely on a limited number of hosts (I prefer having a smaller number of powerful hosts than lots of small hosts - it’s easier to manage and maintain).

Not sure I understand the problem, but you don’t need a load balancer per stack. You can have a load balancer that handles all your services. You can use the advanced routing to do host based routing to services or even URL based routing. You can link multiple certificates in the load balancer service and it will use the appropriate one for the host.

Thank you @etlweather. That was exactly what I was trying to achieve, and I managed to to it by combining your ideas with a small http to https service. Now I only have one global load balancer that handles both 80 and 443 traffic, depending on the application. Sweet!

Great! Glad that helped.