Port leaking #56
Comments
|
Hi, maybe you have your proxy on the same host as rancher and rancher expose 8080 ? Therefore domain resolve to IP of rancher and since you ask for 8080 (exposed by your rancher) it works ? |
|
Exactly, but imo, it shouldn't work. |
|
it works as expected. You query domain.com it tells you it has a super A record pointing to IP_OF_RANCHER_SRV. Then your browser ask this ip on the provided port. since you ask for 8080 and you explicitly mapped it onto the host it works. You are not hitting the proxy you bypass him. If you don't map 8080 on the rancher server it won't work. I'm using RAP since a while i never had this behavior. |
|
One more question, is it possible to have only one frontal RAP that redirects on other servers? |
|
Yep that's what it was maid for :) I currently have like 40 servers behind a rancher active proxy works fine |
|
How? I'm currently runnning a RAP instance on each server :c |
|
So i currently use just 1 RAP. You could use more by adding mutiple A record to point to multiples hosts. The only issue is if you use https. If you do you need to have the (same) certificate everywhere. This is not included in RAP so it can be a bit annoying to do. From what i have tested RAP can handle a lot of traffic even with just 1 container. you might want to update the nginx conf tho. |
|
Yes, I need https but only between the client and the front-nginx, the communication between front-nginx and the server is in an intra-network. |
Every ports are open on every domains.
I can access the container on port 8080 from any domain that rancher active proxy manages.
example.com redirects on the correct website but
example.com:8080 redirect on rancher panel.
The text was updated successfully, but these errors were encountered: