I am trying to setup a Rancher HA server with an ngix LB, but seems I may have not setup the LB correctly. When I try to join other nodes to the cluster I get the following error:

failed to get CA certs: Get \"<https://rancher.mydomain.com:9345/cacerts>\": dial tcp... connect: connection refused"

The following suggests setting up a listener https://rancher.com/docs/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-rke2/ Note that in order for RKE2 to work correctly with the load balancer, you need to set up two listeners: one for the supervisor on port 9345, and one for the Kubernetes API on port 6443. How should these be setup? Is it an nginx configuration?

You installed it inside a kubernetes cluster?

The LB is external and installed in a VM

What dose it mean external

As in not in any cluster

And the rancher is inside a k8s cluster?

I am following the rancher docs, which suggests creating 4 VMs. Install rke2 on 3 of them for the rancher server. Install nginx on the 4th.

Anyway the listeners are configured as a configuration of nginx https://www.nginx.com/products/nginx/load-balancing/

domain needs an entry in /etc/rancher/rke2/config.yaml under tls-san right?

I had the domain in the tls-san. The issue was with the nginx config. For nodes to communicate with each other on port 9345, the LB config needs a listener and forward the request