Hello team ,
I am new to rancher ,
I have started rancher using port 9925 , but when I see rancher process inside docker container it is showing running on default port
[root@xxxxx _data]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
58489d65dbd4 rancher/server:preview “rancher --http-list…” 17 hours ago Up 17 hours 0.0.0.0:9925->9925/tcp vigorous_raman
[root@ixxxxx_data]# docker exec 58489d65dbd4 bash -c “ps aux”
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 10.8 5.3 11549380 425328 ? Ssl Apr23 108:36 rancher --http-listen-port=80 --https-listen-port=443
root 94 0.0 0.0 38968 1584 ? Rs 05:54 0:00 ps aux
I am unable to access the rancher server ,getting below error.
[root@xxxxx _data]# telnet localhost 9925
Trying ::1…
Connected to localhost.
Escape character is ‘^]’.
Connection closed by foreign host.
FYI
I am able to run rancher server on 80 port without any issue .
When you change the port you update just the left half. The right half is the port inside the container, and the container is only listening on 80/443.
Also TLS is required, you can’t just use port 80 unless you are doing your own TLS termination.
I have updated right half as wel as below
docker run -d --restart=unless-stopped -p 9925:9925 -p 9926:9926 rancher/server:preview
but still result is same
root@3a810e5401ff:/var/lib/rancher# ps auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 17.1 4.4 11485004 354792 ? Ssl 07:12 0:39 rancher --http-listen-port=80 --https-listen-port=443
Thanks Vincent . Got your point (“ontainer is only listening on 80/443”)
I have separate front end hosts I dont think I need to set TLS as I will right only rewrite rule like below to redirect
:apache::vhost { ‘default443’:{
rewrite_rule => [’^/rancher/(.) http://hostname :9925/$1 [P,L,NC]’]
},
:apache::vhost { ‘default80’:
:{
rewrite_rule => [’^/rancher/(.) http://hostname :9925/$1 [P,L,NC]’]
},
Can you please suggest and still not able to access container .
You have to not change the right half. Inside the container is a process that is listening on 443 (and 80). You can change what port on your host you want to map (the left side of the colon) but the right side is what port in the container to send the connection to. If you just make up a number, there is nothing listening on that port to handle the request.
So -p xxxx:443
(and -p yyyy:80
if you want, but the HTTP port is not generally very useful if not using 80/443).
And again, TLS is required, either directly (going to https://hostname:port
) or indirectly (another webserver terminating the TLS connection and passing a plaintext). You cannot use 2.0 as straight HTTP.
Thanks so much for your kind help .
Issue is resolved