Setting up Rancher with SSL.

Roman Chvanikov
Apr 21, 2017 · 2 min read

Here is a process of setting up Rancher with SSL from “Let’s Encrypt” via Nginx.

Software versions:

What we will get:

- Let’s Encrypt SSL certificate (for rancher.example.com in this guide)
- Nginx listening ports 80 and 443 and redirecting all HTTP requests (to port 80) to HTTPS (port 443)
- Rancher server running on port 8080 (which you can forbid access to from anywhere but localhost after finishing the installation).

The guide.

  1. Prepare a server — install docker and the rest is up to you. My minimum is:

2. Setup DNS records for your domain, ex.:

2. Setup Let’s Encrypt app:

you’ll get an error “Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin” which is absolutely fine — we don’t have any webserver for Let’s encrypt and we will use it’s built-in temporary one.
3. Obtain SSL certificates for the domain rancher.example.com:

when asked for the way to authenticate with ACME CA, select “2: spin up a temporary webserver (standalone)”, following questions are up to you.
4. Create config for Nginx to redirect HTTP to HTTPS and to use our fresh SSL certificates:
vim /etc/nginx.conf

<DOMAIN> is the domain your SSL certificate was created for, in our case — rancher.example.com

<SERVER_NAME> can be any arbitrary name, but the same name should be used for both the http and https servers, for example: “server_name rancher.example.com”
5. Start Rancher server:

Open logs with “docker logs -f rancher-server”, after a minute or so you should see something like this:

time=”2017–04–20T13:08:08Z” level=info msg=”Updating machine jsons for [packet packet amazonec2 azure digitalocean]”
time=”2017–04–20T13:08:09Z” level=info msg=”Creating schema machine, roles [service]” id=1ds29
time=”2017–04–20T13:08:09Z” level=info msg=”Creating schema host, roles [service]” id=1ds30
time=”2017–04–20T13:08:09Z” level=info msg=”Creating schema machine, roles [project member owner]” id=1ds31
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema host, roles [project member owner]” id=1ds32
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema machine, roles [admin user readAdmin]” id=1ds33
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema host, roles [admin user readAdmin]” id=1ds34
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema machine, roles [readonly]” id=1ds35
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema host, roles [readonly]” id=1ds36

Now “ctr-c” and go to the next step.
6. Run Nginx linked with rancher-server container:

7. Setup Rancher access: ADMIN -> Access Control

Enjoy your Rancher server running at https://rancher.example.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store