Setting up Rancher with SSL.

Here is a process of setting up Rancher with SSL from “Let’s Encrypt” via Nginx.

Software versions:

What we will get:

- Let’s Encrypt SSL certificate (for rancher.example.com in this guide)
- Nginx listening ports 80 and 443 and redirecting all HTTP requests (to port 80) to HTTPS (port 443)
- Rancher server running on port 8080 (which you can forbid access to from anywhere but localhost after finishing the installation).

The guide.

  1. Prepare a server — install docker and the rest is up to you. My minimum is:
apt-get update && apt-get -y dist-upgrade && apt-get -y install vim wget docker.io

2. Setup DNS records for your domain, ex.:

A rancher.example.com 1.2.3.4

2. Setup Let’s Encrypt app:

wget https://dl.eff.org/certbot-auto
chmod
a+x certbot-auto
./certbot-auto

you’ll get an error “Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin” which is absolutely fine — we don’t have any webserver for Let’s encrypt and we will use it’s built-in temporary one.
3. Obtain SSL certificates for the domain rancher.example.com:

./certbot-auto certonly

when asked for the way to authenticate with ACME CA, select “2: spin up a temporary webserver (standalone)”, following questions are up to you.
4. Create config for Nginx to redirect HTTP to HTTPS and to use our fresh SSL certificates:
vim /etc/nginx.conf

<DOMAIN> is the domain your SSL certificate was created for, in our case — rancher.example.com

<SERVER_NAME> can be any arbitrary name, but the same name should be used for both the http and https servers, for example: “server_name rancher.example.com”
5. Start Rancher server:

docker run -d --name=rancher-server --restart=unless-stopped -p 8080:8080 rancher/server

Open logs with “docker logs -f rancher-server”, after a minute or so you should see something like this:

time=”2017–04–20T13:08:08Z” level=info msg=”Updating machine jsons for [packet packet amazonec2 azure digitalocean]”
time=”2017–04–20T13:08:09Z” level=info msg=”Creating schema machine, roles [service]” id=1ds29
time=”2017–04–20T13:08:09Z” level=info msg=”Creating schema host, roles [service]” id=1ds30
time=”2017–04–20T13:08:09Z” level=info msg=”Creating schema machine, roles [project member owner]” id=1ds31
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema host, roles [project member owner]” id=1ds32
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema machine, roles [admin user readAdmin]” id=1ds33
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema host, roles [admin user readAdmin]” id=1ds34
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema machine, roles [readonly]” id=1ds35
time=”2017–04–20T13:08:10Z” level=info msg=”Creating schema host, roles [readonly]” id=1ds36

Now “ctr-c” and go to the next step.
6. Run Nginx linked with rancher-server container:

docker run -d --name=nginx --restart=unless-stopped -p 80:80 -p 443:443 -v /etc/letsencrypt:/etc/letsencrypt -v /etc/nginx.conf:/etc/nginx/conf.d/default.conf --link=rancher-server nginx:1.11

7. Setup Rancher access: ADMIN -> Access Control

Enjoy your Rancher server running at https://rancher.example.com