-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rancher behind proxy #9420
Comments
Hey @joshuacox do the developer tools call out what api call fails? This might in turn cause a redirect to the login page. What auth are you using here? Does the rancher server container log any interesting errors? |
at this point I was using a local auth |
logs:
I have 2 gigs of ram in that VM, and it shows around 450MB free, moreover if I log in directly using the IP and no SSL etc, I get in just fine. The logs then look like this after successfully logging in using the IP directly:
the browser console in developer tools only has a bunch of
EDIT: I pasted the wrong line earlier, the 204 above is now the correct line I meant to paste |
@deniseschannon @LLParse I have an empty uninitialized instance up here that exhibits all the bad behavior without any auth whatsoever, click on links and tons of failures. i realize that I have become too reliant on letting traefik run all my cert management. Perhaps I should learn the official method of using lets encrypt and the rancher load balancers |
I just tested the scenario you described with our latest v1.6.8-rc2 and it seems to work as expected:
I pointed the DNS record configured in tiny-nginx to the traefik host and I was able to login/logout, add stacks and new hosts using the new DNS record with no problems. @joshuacox could you please try to reproduce this using v1.6.8-rc1 ? Just make sure I replicated your setup correctly. |
hip hip hooray! It works great! Closing, I'm going to do some more thorough testing, but for now I am very satisfied as this meets one of my edge cases, but a very important one. |
maybe not, I migrated the ranch to another KVM instance and I'm back to gettting booted after auth with what appears to be mixed content:
|
@joshuacox Can you please provide more details on the setup and versions used this time ? |
^ like that?
traefik: nginx config:
|
Ok. I managed to reproduce it this time. I will let you know as soon as I have an update. Thank you for the detailed information. |
@moelsayed I look forward to your results, please let me know if I can provide any other information or try out configs, or anything to help. |
Hi @joshuacox , nginx is overwriting x-forwarded headers . Requests that comes from traefik, x-forwarded headers are already added to the request. In that case, there is a change of protocol in the middle, and you shouldn't overwrite the headers specially Please, try adding a check if header is set to avoid overwrite....in your nginx location configuration..
Another note...Traefik ws is working fine just in v1.3.3 but it seems that doesn't work in v1.3.4 neiher v1.3.5.... May be related to this traefik/traefik#1905 |
I've updated my tiny proxy's |
Traefik ws is working fine again in v1.3.6.... Upgraded catalog traefik package... rancher/community-catalog#603 |
I can verify, I just upgraded and everything appears to be working great. |
Rancher versions:
rancher/server: 1.6.4
Docker version: (
docker version
,docker info
preferred)Operating system and kernel: (
cat /etc/os-release
,uname -r
preferred)Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO) KVM
Setup details: (single node rancher vs. HA rancher, internal DB vs. external DB) single node
Environment Template: (Cattle/Kubernetes/Swarm/Mesos) cattle
Steps to Reproduce: start a rancher go directly to http://RANCHER_IP:8080, set up auth, and add a few hosts, setup traefik, point traefik at the rancher's 8080 (in this case I am using a small nginx container with the traefic labels, and it proxies to the rancher 8080) with an associated dns hostname, now try and login from the hostname with ssl
Results: Failure, rancher reloads after successful login back to the login page, not logging me in.
nginx-tiny-proxy this is the container that I use to get rancher to proxy external services (usually not inside the rancher itself) using this template in this case it proxies to the RANCHER_IP itself on port 8080. This is the rancher in question in case you want to see that it does indeed proxy the login page just fine.
The text was updated successfully, but these errors were encountered: