Install Rancher 2.0 using Docker-Compose

Another short and sweet one here - installing Rancher 2.0 using a docker-compose.yml file. Why? Why not! I prefer to have a docker-compose file every time I setup a docker container, even if its just one container. Its an easy way to document how you want to configure your setup, no matter how simple or complex!

But, this also allows me to show different setups that may vary from the norm. For example, I am using external SSL termination on a completely different host. These are the methods I will go over:

  • Rancher 2.0 with self-signed cert
  • Rancher 2.0 with your own cert
  • Rancher 2.0 using Let's Encrypt
  • Rancher 2.0 using External SSL Termination
  • Rancher 2.0 with SSL termination using nginx-proxy and Let's Encrypt

Bonus: All of these already include the necessary docker volume for persistent storage!

This does not include the steps for installing docker, or docker-compose. I recommend using the documentation provided on https://docs.docker.com, and in addition, take a look at the Docker version requirements on Ranchers website here.

Rancher 2.0 with self-signed cert

version: '3'

services:
  rancher:
    image: rancher/rancher:latest
    restart: unless-stopped
    ports:
      - '443:443'
      - '80:80'
    volumes:
      - rancher-vol:/var/lib/rancher

volumes:
  rancher-vol:

Rancher 2.0 with your own cert

Make sure if you use this, you update the certificate volumes to the location of your pem files!

version: '3'

services:
  rancher:
    image: rancher/rancher:latest
    restart: unless-stopped
    ports:
      - '443:443'
      - '80:80'
    volumes:
      - rancher-vol:/var/lib/rancher
      - ./full_chain.pem:/etc/rancher/ssl/cert.pem:ro
      - ./privatekey.pem:/etc/rancher/ssl/key.pem:ro

volumes:
  rancher-vol:

If you are using a self-signed certificate, make sure you add the following line to your volumes with the location of your cacerts.pem file:

      - ./cacerts.pem:/etc/rancher/ssl/cacerts.pem:ro

Rancher 2.0 using Let's Encrypt

For this one to work, Rancher needs to be sitting on a machine with a public IP, or ports 80 and 443 forwarded to it. Be sure to update your domain and double-check your public DNS record is pointed to your public IP address.

version: '3'

services:
  rancher:
    image: rancher/rancher:latest
    restart: unless-stopped
    ports:
      - '80:80'
    volumes:
      - rancher-vol:/var/lib/rancher
    command: --acme-domain rancher.example.com

volumes:
  rancher-vol:

Rancher 2.0 with External SSL Termination

Since the SSL termination is happening on a different host or load balanecer, we only need to expose port 80.

version: '3'

services:
  rancher:
    image: rancher/rancher:latest
    restart: unless-stopped
    ports:
      - '80:80'
    volumes:
      - rancher-vol:/var/lib/rancher
    command: --no-cacerts

volumes:
  rancher-vol:

Rancher 2.0 with SSL termination using Nginx-Proxy and Let's Encrypt

This one may seem a little weird. You may be thinking, "If rancher already has built-in Let's Encrypt support, why would I use this?" To which I would reply, what if you'd like SSL termination to more than one service, on the same host?

version: '3'

services:
  nginx-proxy:
    restart: always
    image: jwilder/nginx-proxy:alpine
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/etc/nginx/vhost.d"
      - "/usr/share/nginx/html"
      - "certs:/etc/nginx/certs:ro"
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "./custom_nginx_settings.conf:/etc/nginx/conf.d/custom_nginx_settings.conf"

  nginx-letsencrypt:
    restart: always
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-letsencrypt
    depends_on:
      - nginx-proxy
    volumes_from:
      - nginx-proxy
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "certs:/etc/nginx/certs:rw"

  rancher:
    image: rancher/rancher:latest
    restart: unless-stopped
    expose:
      - '80'
    volumes:
      - rancher-vol:/var/lib/rancher
    command: --no-cacerts
    environment:
      - "VIRTUAL_HOST=rancher.example.com"
      - "LETSENCRYPT_HOST=rancher.example.com"

# other proxied services below here

volumes:
  rancher-vol:

Show Comments