-
Notifications
You must be signed in to change notification settings - Fork 800
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] internal network and adding new cluster nodes. #868
Comments
If I understand correctly, your instance cannot be accessed from outside. Right? In that case, short answer is "CapRover doesn't work with cluster option without valid SSL". Here is why:
To create a cluster, you need to get a public IP for the server and port forward CapRover related ports to your server. |
Hey, @Mikuz, I guess it's been a while, and you guys have already figured out how to fix your problem, but just in case: Since you said you're on a corporate network, I'm going to assume that you (either directly, or through someone else) have some way of issuing internal-use certificates for internal server and employees (mutual TLS, cert-based login..., the advantages are really too many to list IMO). If you don't, FreeIPA has you covered. Either way, what you would have to do, is to issue an internal certificate for your registry (unless you want to expose it to the internet and get a global certificate for it), and then get the internal CA certificate, and add it to the Docker nodes certificate trust lists. The reason you want to add the CA certificate to the trust lists, and not the certificate for your registry is, so you can change out the registry certificate as needed, without having to manually update the trust lists of all the Docker nodes you might have add the time. |
Hello there,
I'm running CapRover at my company's internal network, and I'm lovin it.
I need now to add second node to cluster, and got into some problems:
If I understand this correctly, It fails to get certs because my deployment is on internal network and it cannot challenge my caprover instance.
So what should I do to add node to this cluster? Deploy for moment my instance into internet to get challenged by Let's Encrypt and get certs? Or maybe more manual solution like ##775 (comment) ##265 ?
Data:
Type: Leader (Main Node) IP: 127.0.0.1
State: ready Status: active
RAM: 3.82 GB OS: linux
CPU: 2 cores Architecture: x86_64
Hostname: XXX Docker Version: 19.03.8
The text was updated successfully, but these errors were encountered: