Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about RANCHER_URL and certificate subject #3

Closed
ltutar opened this issue Jul 12, 2017 · 5 comments
Closed

Question about RANCHER_URL and certificate subject #3

ltutar opened this issue Jul 12, 2017 · 5 comments

Comments

@ltutar
Copy link

ltutar commented Jul 12, 2017

Rancher is listening on localhost and therefore I do not supply RANCHER_URL (default: localhost) when starting the codedevote/nginx-ssl-proxy-rancher.
Nginx is then running on https://192.168.120.10

But the Rancher agents on other hosts can not register themselves to Rancher server.
Since the subject of the certificate is localhost. See https://github.com/codedevote/docker-nginx-ssl-proxy-rancher/blob/master/entrypoint.sh#L35

root@d40f97011bf9:/# curl https://192.168.120.10/v1
curl: (51) SSL: certificate subject name (localhost) does not match target host name '192.168.120.10'
root@d40f97011bf9:/# [root@agent-1 lib]# Connection to 127.0.0.1 closed by remote host.
Connection to 127.0.0.1 closed.
Levents-MacBook-Pro-3:multi ltutar$

Shouldn't it be better if the certificate subject is related to NGINX_URL instead of RANCHER_URL?
@codedevote
Copy link
Owner

You are right. From looking at the configs I think the name RANCHER_URL could be actually confusing. It is effectively the url you want your https set up. Since nginx proxies to the rancher server on the docker network, you should pass the url of your nginx as RANCHER_URL.

Imagine the following example:
You have a vm running rancher server in container and nginx on the same machine. Nginx proxies to rancher server on docker network, and nginx listens on 80/443 on the machine. If you want your rancher to be reachable through https://rancher.mycompany.com you should pass this url as RANCHER_URL parameter. You will then need a DNS entry for this URL and machine (e.g. an A entry in this example) and configure your firewall accordingly.

From your example, I think you should pass https://192.168.120.10 as RANCHER_URL.

Does this help?

@ltutar
Copy link
Author

ltutar commented Jul 13, 2017

Yes. It does help. That is also what I am doing now. The name is just confusing as you stated.

@codedevote
Copy link
Owner

I am open for a better name :-) Do you have any suggestion? How about NGINX_URL or HTTPS_URL? What wouldn't have confused you?

@ltutar
Copy link
Author

ltutar commented Jul 13, 2017 via email

@codedevote codedevote mentioned this issue Jul 13, 2017
Open
@codedevote
Copy link
Owner

Ok, I'll fix that in the next days. You can track the issue here: #4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codedevote @ltutar