Merge pull request #974 from MBishop17/external-lb

External lb

content/rancher/v2.x/en/installation/ha/create-nodes-lb/_index.md

@@ -21,6 +21,7 @@ Configure a load balancer as a basic Layer 4 TCP forwarder. The exact configurat
 
 #### Examples
 
+* [NGINX]({{< baseurl >}}/rancher/v2.x/en/installation/ha/create-nodes-lb/nginx/)
 * [Amazon NLB]({{< baseurl >}}/rancher/v2.x/en/installation/ha/create-nodes-lb/nlb/)
 
 ### [Next: Install Kubernetes with RKE]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/)

content/rancher/v2.x/en/installation/ha/create-nodes-lb/nginx/_index.md

@@ -0,0 +1,75 @@
+---
+title: NGINX
+weight: 270
+---
+NGINX will be configured as Layer 4 load balancer (TCP) that forwards connections to one of your Rancher nodes.
+
+>**Note:**
+> In this configuration, the load balancer is positioned in front of your nodes. The load balancer can be any host capable of running NGINX.
+>
+> One caveat: do not use one of your Rancher nodes as the load balancer.
+
+## Install NGINX
+
+Start by installing NGINX on the node you want to use as a load balancer. NGINX has packages available for all known operating systems. The versions tested are `1.14` and `1.15`. For help installing NGINX, refer to their [install documentation](https://www.nginx.com/resources/wiki/start/topics/tutorials/install/).
+
+The `stream` module is required, which is present when using the official NGINX packages. Please refer to your OS documentation on how to install and enable the NGINX `stream` module on your operating system.
+
+## Create NGINX Configuration
+
+After installing NGINX, you need to update the NGINX configuration file, `nginx.conf`, with the IP addresses for your nodes.
+
+1. Copy and paste the code sample below into your favorite text editor. Save it as `nginx.conf`.
+
+2. From `nginx.conf`, replace `<IP_NODE_1>`, `<IP_NODE_2>`, and `<IP_NODE_3>` with the IPs of your [nodes]({{< baseurl >}}/rancher/v2.x/en/installation/ha/create-nodes-lb/).
+
+    >**Note:** See [NGINX Documentation: TCP and UDP Load Balancing](https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/) for all configuration options.
+
+    <figcaption>Example NGINX config</figcaption>
+    ```
+    worker_processes 4;
+    worker_rlimit_nofile 40000;
+
+    events {
+        worker_connections 8192;
+    }
+
+    http {
+        server {
+            listen         80;
+            return 301 https://$host$request_uri;
+        }
+    }
+
+    stream {
+        upstream rancher_servers {
+            least_conn;
+            server <IP_NODE_1>:443 max_fails=3 fail_timeout=5s;
+            server <IP_NODE_2>:443 max_fails=3 fail_timeout=5s;
+            server <IP_NODE_3>:443 max_fails=3 fail_timeout=5s;
+        }
+        server {
+            listen     443;
+            proxy_pass rancher_servers;
+        }
+    }
+    ```
+
+3. Save `nginx.conf` to your load balancer at the following path: `/etc/nginx/nginx.conf`.
+
+4. Load the updates to your NGINX configuration by running the following command:
+
+    ```
+    # nginx -s reload
+    ```
+
+## Option - Run NGINX as Docker container
+
+Instead of installing NGINX as a package on the operating system, you can rather run it as a Docker container. Save the edited **Example NGINX config** as `/etc/nginx.conf` and run the following command to launch the NGINX container:
+
+```
+docker run -d --restart=unless-stopped \
+  -p 80:80 -p 443:443 \
+  -v /etc/nginx.conf:/etc/nginx/nginx.conf \
+  nginx:1.14
+```

content/rancher/v2.x/en/installation/ha/helm-rancher/chart-options/_index.md

@@ -106,3 +106,50 @@ Your load balancer must support long lived websocket connections and will need t
 #### Health Checks
 
 Rancher will respond `200` to health checks on the `/healthz` endpoint.
+
+
+#### Example NGINX config
+
+* Replace `IP_NODE1`, `IP_NODE2` and `IP_NODE3` with the IP addresses of the nodes in your cluster.
+* Replace both occurences of `FQDN` to the DNS name for Rancher.
+* Replace `/certs/fullchain.pem` and `/certs/privkey.pem` to the location of the server certificate and the server certificate key respectively.
+
+```
+upstream rancher {
+    server IP_NODE_1:80;
+    server IP_NODE_2:80;
+    server IP_NODE_3:80;
+}
+
+map $http_upgrade $connection_upgrade {
+    default Upgrade;
+    ''      close;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name FQDN;
+    ssl_certificate /certs/fullchain.pem;
+    ssl_certificate_key /certs/privkey.pem;
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://rancher;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
+        proxy_read_timeout 900s;
+        proxy_buffering off;
+   }
+}
+
+server {
+    listen 80;
+    server_name FQDN;
+    return 301 https://$server_name$request_uri;
+}
+```

content/rancher/v2.x/en/installation/single-node/single-node-install-external-lb/_index.md

@@ -132,6 +132,7 @@ server {
         proxy_set_header Connection $connection_upgrade;
         # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
         proxy_read_timeout 900s;
+        proxy_buffering off;
     }
 }