Load Balancer for HTTP and HTTPS
This page details how to setup a load balancer to distribute HTTPS requests made against several instances of DokuWiki hosted on a running instance of Rancher server.
More information can be found here and here.
-
In order for the load balancer previously added via Load Balancer for HTTP Only to server HTTPS requests, a certificate must be added to Rancher server
- Generate a certificate
- Follow the steps described here: https://www.akadia.com/services/ssh_test_certificate.html or
- Use the one provided by Docker Machine
- On Windows, this certificate is found here: %USER%.docker\machine\certs\ca.pem, while its private key is found here: %USER%.docker\machine\certs\ca-key.pem
For production grade Rancher server, use VALID certificates!
For the purpose of this workshop, any certificate will do. -
Go to Rancher UI
-
Go to menu → Infrastructure → Certificates
-
Click "Add Certificate" button
-
Fill in the field appropriately
- Name: tgd
- Description: Certificate to be used by the tgd load balancer.
- Private Key: paste here the contents of the private key file
- Certificate: paste here the contents of the certificate file
-
Click the "Save" button
-
Edit the Load Balancer for HTTP Only and add 2 new Service Rules, both using HTTPS protocol
- Service Rule 1
- Access: Public
- Protocol: HTTPS
- Request Host: leave empty
- Port: 443 (the default port used for serving content over HTTPS)
- Path: /
- Target: dokuwiki-server from stack dokuwiki1
- Port: 80
- Do the same for Service Rule 2, just change Target to dokuwiki-server from stack dokuwiki2
- Service Rule 1
-
Click the "Edit" button
-
Go to the load balancer service and click the new "443/tcp" link from Ports field
-
In case the certificate leads to the browser displaying a warning, just ignore it (for production, the load balancer should be reachable via a domain name which must be included inside the certificate)
-
You should now see both DokuWiki instances over HTTPS
