Another short and sweet one here - installing Rancher 2.0 using a docker-compose.yml file. Why? Why not! I prefer to have a docker-compose file every time I setup a docker container, even if its just one container. Its an easy way to document how you want to configure your setup, no matter how simple or complex!
But, this also allows me to show different setups that may vary from the norm. For example, I am using external SSL termination on a completely different host. These are the methods I will go over:
- Rancher 2.0 with self-signed cert
- Rancher 2.0 with your own cert
- Rancher 2.0 using Let's Encrypt
- Rancher 2.0 using External SSL Termination
- Rancher 2.0 with SSL termination using nginx-proxy and Let's Encrypt
Bonus: All of these already include the necessary docker volume for persistent storage!
This does not include the steps for installing docker, or docker-compose. I recommend using the documentation provided on https://docs.docker.com, and in addition, take a look at the Docker version requirements on Ranchers website here.
Rancher 2.0 with self-signed cert
version: '3'
services:
rancher:
image: rancher/rancher:latest
restart: unless-stopped
ports:
- '443:443'
- '80:80'
volumes:
- rancher-vol:/var/lib/rancher
volumes:
rancher-vol:
Rancher 2.0 with your own cert
Make sure if you use this, you update the certificate volumes to the location of your pem files!
version: '3'
services:
rancher:
image: rancher/rancher:latest
restart: unless-stopped
ports:
- '443:443'
- '80:80'
volumes:
- rancher-vol:/var/lib/rancher
- ./full_chain.pem:/etc/rancher/ssl/cert.pem:ro
- ./privatekey.pem:/etc/rancher/ssl/key.pem:ro
volumes:
rancher-vol:
If you are using a self-signed certificate, make sure you add the following line to your volumes with the location of your cacerts.pem file:
- ./cacerts.pem:/etc/rancher/ssl/cacerts.pem:ro
Rancher 2.0 using Let's Encrypt
For this one to work, Rancher needs to be sitting on a machine with a public IP, or ports 80 and 443 forwarded to it. Be sure to update your domain and double-check your public DNS record is pointed to your public IP address.
version: '3'
services:
rancher:
image: rancher/rancher:latest
restart: unless-stopped
ports:
- '80:80'
volumes:
- rancher-vol:/var/lib/rancher
command: --acme-domain rancher.example.com
volumes:
rancher-vol:
Rancher 2.0 with External SSL Termination
Since the SSL termination is happening on a different host or load balanecer, we only need to expose port 80.
version: '3'
services:
rancher:
image: rancher/rancher:latest
restart: unless-stopped
ports:
- '80:80'
volumes:
- rancher-vol:/var/lib/rancher
command: --no-cacerts
volumes:
rancher-vol:
Rancher 2.0 with SSL termination using Nginx-Proxy and Let's Encrypt
This one may seem a little weird. You may be thinking, "If rancher already has built-in Let's Encrypt support, why would I use this?" To which I would reply, what if you'd like SSL termination to more than one service, on the same host?
version: '3'
services:
nginx-proxy:
restart: always
image: jwilder/nginx-proxy:alpine
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/etc/nginx/vhost.d"
- "/usr/share/nginx/html"
- "certs:/etc/nginx/certs:ro"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./custom_nginx_settings.conf:/etc/nginx/conf.d/custom_nginx_settings.conf"
nginx-letsencrypt:
restart: always
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
depends_on:
- nginx-proxy
volumes_from:
- nginx-proxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/etc/nginx/certs:rw"
rancher:
image: rancher/rancher:latest
restart: unless-stopped
expose:
- '80'
volumes:
- rancher-vol:/var/lib/rancher
command: --no-cacerts
environment:
- "VIRTUAL_HOST=rancher.example.com"
- "LETSENCRYPT_HOST=rancher.example.com"
# other proxied services below here
volumes:
rancher-vol: