rancher v2.2.4使用nginx反向代理(通过域名)无法访问

1、rancher v2.2.4由docker支持;

2、docker 版本:

[root@rancher sh]# docker info
Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 18.09.6
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 9.374GiB
Name: rancher
ID: JHBK:MQHJ:A4CB:5L2W:ZJB4:GYLR:4XFN:YAUF:WG23:M3QS:RN3J:4JCG
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

[root@rancher sh]#

3、rancher容器创建脚本:

[root@rancher sh]# cat rancher-v2.sh 
#!/usr/bin/env bash
#by fuqiang
#2019-06-25

docker run -d \
           --name rancher-v2 \
           -p 80:80 \
           -p 443:443 \
           -v /data/rancher:/var/lib/rancher \
           --restart=unless-stopped \
           rancher/rancher:latest

4、通过访问IP地址,可以访问rancher的web界面;

5、通过nginx反向代理,就无法使用访问rancher的web界面,为什么?(初步分析是ssl证书问题,但是无法找到rancher默认的ssl-nginx证书)

6、nginx配置端:

[root@cj-wiki conf.d]#cat rancher.conf 
    upstream rancher{
       server 10.0.0.234:80;
    }
    server {
      listen 80;
      server_name rancher.cjkj.co;

      access_log  /var/log/nginx/rancher/access.log;
      error_log   /var/log/nginx/rancher/error.log;

      location / {
           proxy_pass http://rancher;
          proxy_redirect off;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header Host $http_host;
      }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

7、内网已经自建dns,一些解析正常;

8、请问,如上问题,如何解决?

已邀请:

kevin_caiji - devops-engineer

docker run -d --restart=unless-stopped \
           -p 80:80 -p 443:443 \
           -v $PWD/rancher:/var/lib/rancher \
           -v $PWD/certs/cert.pem:/etc/rancher/ssl/cert.pem \
           -v $PWD/certs/key.pem:/etc/rancher/ssl/key.pem \
           -v $PWD/certs/ca.pem:/etc/rancher/ssl/cacerts.pem \
           rancher/rancher:latest

如果是在阿里云上,可能是因为阿里云封杀了没有备案的域名,使用https也会被封杀

请问能说下详细过程吗,是用了自签名证书吗?nginx还要ssl证书吗》?


要回复问题请先登录注册