public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-04-16 19:35:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add configuring HTTP proxy for HA

Browse Source
This commit is contained in:
Sebastiaan van Steenis
2018-07-26 23:03:49 +02:00
committed by Denise
parent d0020bc703
commit 673a54953c
1 changed files with 67 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
content/rancher/v2.x/en/installation/proxy-configuration/_index.md
View File

@@ -2,25 +2,80 @@
title: HTTP Proxy Configuration
weight: 360
---
If you operate Rancher behind a proxy and you need to reach the Internet to perform tasks (such as using Helm catalogs), you must provide Rancher information about your proxy. As Rancher is written in Go, it uses the common proxy environment variables as shown below.
If you operate Rancher behind a proxy and you want to access services through the proxy (such as retrieving catalogs), you must provide Rancher information about your proxy. As Rancher is written in Go, it uses the common proxy environment variables as shown below.
* Make sure `NO_PROXY` contains the network ranges that should be accessed without the proxy configuration. This should include `localhost`, `127.0.0.1`, `0.0.0.0`, all your local network ranges that are accessible without a proxy.
Make sure `NO_PROXY` contains the network addresses, network address ranges and domains that should be excluded from using the proxy.
Environment variable | Example value
---------------------|----------------
HTTP_PROXY | `http://10.0.0.1:3128`
HTTPS_PROXY | `http://10.0.0.1:3128`
NO_PROXY | `localhost,127.0.0.1,0.0.0.0,<your_network_range(s)>`
Environment variable | Purpose
--------------------------|---------
HTTP_PROXY | Proxy address to use when initiating HTTP connection(s)
HTTPS_PROXY | Proxy address to use when initiating HTTPS connection(s)
NO_PROXY | Network address(es), network address range(s) and domains to exclude from using the proxy when initiating connection(s)
## Start Rancher Container with Proxy Information
> **Note** NO_PROXY must be in uppercase to use network range (CIDR) notation.
Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. The example below is based on a local network range of `10.0.0.0/8`.
## Single Node Installation
Passing environment variables to the Rancher container can be done using `-e KEY=VALUE` or `--env KEY=VALUE`. Required values for `NO_PROXY` in a [Single Node Installation]({{< baseurl >}}/rancher/v2.x/en/installation/single-node-install/) are:
* `localhost`
* `127.0.0.1`
* `0.0.0.0`
The example below is based on a proxy server accessible at `http://192.168.0.1:3128`, and excluding usage the proxy when accessing network range `192.168.10.0/24` and every hostname under the domain `example.com`.
```
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-e HTTP_PROXY="http://10.0.0.1:3128" \
-e HTTPS_PROXY="http://10.0.0.1:3128" \
-e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8" \
-e HTTP_PROXY="http://192.168.10.1:3128" \
-e HTTPS_PROXY="http://192.168.10.1:3128" \
-e NO_PROXY="localhost,127.0.0.1,0.0.0.0,192.168.10.0/24,example.com" \
rancher/rancher:latest
```
## High Availability Installation
When using High Availability Installation, the environment variables need to be added to the RKE Config File template.
* [High Availability Installation with External Load Balancer (TCP/Layer 4) RKE Config File Template]({{< baseurl >}}/rancher/v2.x/en/installation/ha-server-install/#5-download-rke-config-file-template)
* [High Availability Installation with External Load Balancer (HTTPS/Layer 7) RKE Config File Template]({{< baseurl >}}/rancher/v2.x/en/installation/ha-server-install-external-lb/#5-download-rke-config-file-template)
The environment variables should be defined in the `Deployment` inside the RKE Config File Template. You only have to add the the part starting with `env:` to (but not including) `ports:`. Make sure the indentation is identical to the preceding `name:`. Required values for `NO_PROXY` are:
* `localhost`
* `127.0.0.1`
* `0.0.0.0`
* Configured `service_cluster_ip_range` (default: `10.43.0.0/16`)
The example below is based on a proxy server accessible at `http://192.168.0.1:3128`, and excluding usage of the proxy when accessing network range `192.168.10.0/24`, the configured `service_cluster_ip_range` (`10.43.0.0/16`) and every hostname under the domain `example.com`. If you have changed the `service_cluster_ip_range`, you have to update the value below accordingly.
```yaml
...
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
namespace: cattle-system
name: cattle
spec:
replicas: 1
template:
metadata:
labels:
app: cattle
spec:
serviceAccountName: cattle-admin
containers:
- image: rancher/rancher:latest
imagePullPolicy: Always
name: cattle-server
env:
- name: HTTP_PROXY
value: "http://192.168.10.1:3128"
- name: HTTPS_PROXY
value: "http://192.168.10.1:3128"
- name: NO_PROXY
value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,192.168.10.0/24,example.com"
ports:
...
```