Websocket: bad handshake

When I try to register a rancher-agent v2.2.3 against a rancher-server v2.2.3 the rancher-agent can’t register and gives the following error:

time=“2019-05-20T15:19:00Z” level=info msg=“Connecting to proxy” url=“wss://rancher../v3/connect/register”
time=“2019-05-20T15:19:00Z” level=error msg=“Failed to connect to proxy” error=“websocket: bad handshake”
time=“2019-05-20T15:19:00Z” level=error msg=“Failed to connect to proxy” error=“websocket: bad handshake”

Have tried that with rancher-server behind traefik as reverse proxy and rancher-server with exposed ports from docker. Certificate is a valid lets encrypt wildcard certificate.
Any idea how I can debug that?

My docker-compose file:

version: '3.3'

services:

rancher-server:
  hostname: rancher
  domainname: example.tld
  container_name: rancher-server
  restart: always
  ports:
    - "192.168.1.42:80:80"
    - "192.168.1.42:443:443"
  image: rancher/rancher:latest
  command:
    - --no-cacerts
    - --log-format=simple
  volumes:
    - /vol_raidz1/docker/persistend/rancher:/var/lib/rancher:rw
    - /vol_raidz1/docker/persistend/traefik/certs/example.tld.key:/etc/rancher/ssl/key.pem:ro
    - /vol_raidz1/docker/persistend/traefik/certs/example.tld.crt:/etc/rancher/ssl/cert.pem:ro
  labels:
    - "traefik.enable=true"
    - "traefik.backend=rancher"
    - "traefik.port=443"
    - "traefik.frontend.rule=Host:rancher.example.tld"
    - "traefik.passHostHeader=true"
    - "traefik.protocol=https"
    - "com.centurylinklabs.watchtower.enable=true"
  networks:
    traefik_proxy:
      aliases:
        - rancher
      ipv4_address: 172.19.0.34

networks:
  traefik_proxy:
    external: true

With this method I can point the FQDN rancher.example.tld either to 192.168.1.42 or the traefik ip address. It’s for testing purposes. I would prefer to only expose traefik

Did you have any luck with this configuration? I’m having a similar issue. I have Rancher behind a traefik instance, configured per the docs, but logs are filled with Error dialing \"<rancher_url>\": websocket: bad handshake with resp: 200 200 OK". I can access the GUI just fine through the same traefik instance, including viewing logs.

The problem “magically” disappeared at some point. Running rancher(-agent) 2.2.6 at the moment. But got another problem:


I do not have a working environment since…forever because of these problems.
And nobody is responding with some help… :frowning: