Open in app

Sign in

Write

Sign in

Using Rancher + Cloudflare + Let’s Encrypt + gogs and Create a Valid SSL Git Server

Ken Fukuyama
6 min readAug 20, 2017

--

Recently I’ve earned 3 hosts to use in the cloud for experimental purposes (and for an year) and was wondering what I could do about them. Their specs are quite low:

  • 1 core
  • 1GB RAM
  • 50GB of storage

I’ve been using Rancher quite a lot these days so first of all, I’ve decided to create an SSL environment using a domain I have (kenev.net) with Rancher, Cloudflare, and Let’s Encrypt. This is going to be an experimental environment so for persistence storage, I’m going to spin up a NFS Server on an ubuntu host and use Rancher NFS to integrate it with Rancher. I want at least 2 agent hosts and I don’t want the agent and Rancher Server sitting together in the same host, so I’ve decided to use try.rancher.com for the Rancher Server (don’t use it for production!). So the overall architecture is going to be like this:

Prerequisites

I’m assuming you know how to add agents to the rancher server via RancherOS so I’m not going to talk about that and few other things listed below.

  • 2 hosts added to the rancher server
  • NFS server configured on Ubuntu
  • you have a domain (in my case, in Cloudflare)

Rancher NFS

Rancher NFS catalog

In rancher you can easily integrate a NFS Server to use as persistence storage via the catalog. The docker volumes will be created on the NFS Server hence different hosts can share same data and even though the containers stop, data would be persisted. Just click on the catalog and fill in the informations required. What you need to fill in is pretty obvious except that you should care on the On Remove option. purge will delete the volume when the volume gets removed from Rancher. retain will keep it even though it gets removed from Rancher.

rancher nfs catalog

After you create the stack via the catalog, there will be a nfs stack inside your environment. It should look like the following capture.

nfs stack

Then, from Infrastructure > Storage you can now add volumes and integrate with the NFS Server.

Add Volume

You’re probably going to need to keep the Let’s Encrypt certificate, so I’ve prepared a volume for it (you can name it whatever you want).

Adding a Web Service

gogs catalog

OK, I haven’t mentioned of any web service we’re going to point the domain to, but let’s create a git server. There already is a gogs catalog so we could easily deploy one. The info required to insert is fine by default but remember to change to volume driver to rancher-nfs so that data would be persisted inside our NFS Server.

gogs catalog form

Deploy it and you should see a gogs stack being created.

gogs stack

Add Subdomain to Cloudflare

This didn’t have to be in this order but let’s add our subdomain and point it to the agent hosts. I’m going to access the git server with git.kenev.net so will add 2git A records to Cloudflare pointing to our hosts.

A Records

By the way, you could also integrate Cloudflare via the rancher catalog. This catalog automatically inserts DNS records to Cloudflare and you’ll be able to access all your services automatically with subdomains (which are named with certain rules). For now, this isn’t needed and I wanted to access only by git.kenev.net so I’m not going to use it this time.

Add Let’s Encrypt

Now for the SSL certificate we’ll be using Let’s Encrypt. Yup, there is a catalog for this and you can easily create an automated SSL environment with this catalog. You need to fill in some values in the form, but they aren’t too difficult. It’s going to look something like the following image.

let’s encrypt form

The Certificate Name can be anything. It’s going to be named that way in the rancher server side. The Volume Name should be the name we created above and the Volume Storage Driver should be rancher-nfs . I’d like to retain the information so will set Storage Driver Option to onRemove:retain . We’re using Cloudflare so set the Domain Validation Method to CloudFlare as well. And don’t forget to fill in the CloudFlare Email Address and CloudFlare API Key .

Cloudflare specific form for Let’s Encrypt

That’s pretty much all we need to do so let’s create the stack. If you wait patiently for a while, the letsencrypt stack should come up.

Let’s Encrypt stack

And if you look at Infrastructure > Certificates you should see the certificate registered (in my case, kenev-certs ). This letcencrypt stack is going to take care of the SSL certificate renewal automatically so we don’t have to care about updating the certificate. Pretty cool isn’t it?

Add a Load Balancer

Finally, let’s add a load balancer so our traffic could be routed to specific services with domain names. I like to create a load balancer stack so let’s add a lb stack and Add Load Balancer inside it.

load balancer form

I would want all the hosts to have this load balancer so am setting Always run one instance of this container on every host . And I’ll route git.kenev.net to the gogs service which is listening on port 3000.

Don’t forget to set the certificate in the bottom, too.

Mission Complete

Now that we’ve prepared and set everything, let’s access https://git.kenev.net .

Well, if it’s your first time, you should actually see the gogs install page . I’ve already installed it so this is the top page of gogs .

Awesome! We’ve just created a self hosted and SSL integrated git server! And I hardly touched the CLI. This is one of the major features I like about Rancher.

Ssl
Rancher
Cloudflare
Lets Encrypt
Docker

--

--

Ken Fukuyama

Written by Ken Fukuyama

208 Followers

Front-end Engineer@CYDAS, Inc. OpenFaaS Contributor. Loves Technologies. IaC, DevOps, Containers, Frontend, Backend, BigData.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams