@quick-sandwich-76600 this is the command generated by Rancher

sudo docker run -it --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run  rancher/rancher-agent:v2.6.8 --server <https://rancher-dev.maringa.pr.gov.br> --token mklvp5d9kc2lcpgrpp9xr6jh7dzgqtkm2fwkpkp26h4j2zzvnz6v4d --address 172.16.3.182 --internal-address 172.16.3.182 --etcd --controlplane --worker

I'm using Vagrant, Nat to public Ip, Oracle Linux 8, Swap Off, SELinux and Firewall Disabled and Rancher installed in tls secret mode

@quick-sandwich-76600 Using Haproxy, the result is the same

docker run -it --restart=unless-stopped --name my-running-haproxy -p 80:80 -p 443:443 -v /home/vagrant/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg -v /home/vagrant/maringa.pr.gov.br.pem:/etc/haproxy/certs/maringa.pr.gov.br.pem haproxy

haproxy.cfg

global
defaults
    mode http
    log global
    option httplog
    option  http-server-close
    option  dontlognull
    option  redispatch
    option  contstats
    retries 3
    backlog 10000
    timeout client          25s
    timeout connect          5s
    timeout server          25s
    # timeout tunnel available in ALOHA 5.5 or HAProxy 1.5-dev10 and higher
    timeout tunnel        3600s
    timeout http-keep-alive  1s
    timeout http-request    15s
    timeout queue           30s
    timeout tarpit          60s
    default-server inter 3s rise 2 fall 3
    option forwardfor
frontend port80-redirect
    mode http
    bind *:80 
    redirect scheme https    
frontend frontend_https
    bind *:443
    mode tcp
    ## routing based on Host header
    acl host_ws hdr_beg(Host) -i ws.
    use_backend backend_https if host_ws
    ## routing based on websocket protocol header
    acl hdr_connection_upgrade hdr(Connection)  -i upgrade
    acl hdr_upgrade_websocket  hdr(Upgrade)     -i websocket
    use_backend backend_https if hdr_connection_upgrade hdr_upgrade_websocket
    default_backend bk_web    
    default_backend backend_https
backend backend_https
    balance roundrobin
    option httpchk HEAD / 
    mode tcp
    ## websocket protocol validation
    acl hdr_connection_upgrade hdr(Connection)                 -i upgrade
    acl hdr_upgrade_websocket  hdr(Upgrade)                    -i websocket
    acl hdr_websocket_key      hdr_cnt(Sec-WebSocket-Key)      eq 1
    acl hdr_websocket_version  hdr_cnt(Sec-WebSocket-Version)  eq 1
    http-request deny if ! hdr_connection_upgrade ! hdr_upgrade_websocket ! hdr_websocket_key ! hdr_websocket_version
    ## ensure our application protocol name is valid 
    ## (don't forget to update the list each time you publish new applications)
    acl ws_valid_protocol hdr(Sec-WebSocket-Protocol) echo-protocol
    http-request deny if ! ws_valid_protocol
    ## websocket health checking
    option httpchk GET / HTTP/1.1rnHost:\ ws.domain.comrnConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ haproxy\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol
    http-check expect status 101
    server srv1 172.16.3.177:443

@quick-sandwich-76600 and here is the playbook I use to install rancher on RKE cluster

Hi, changing to aws vm's instead vagrant on-premise, I see this log

INFO: Arguments: --server <https://rancher-dev.maringa.pr.gov.br> --token REDACTED --etcd

INFO: Environment: CATTLE_ADDRESS=172.31.8.228 CATTLE_INTERNAL_ADDRESS= CATTLE_NODE_NAME=ip-172-31-8-228 CATTLE_ROLE=,etcd CATTLE_SERVER=https://rancher-dev.maringa.pr.gov.br CATTLE_TOKEN=REDACTED INFO: Using resolv.conf: nameserver 127.0.0.53 options edns0 trust-ad search ec2.internal WARN: Loopback address found in /etc/resolv.conf, please refer to the documentation how to configure your cluster to resolve DNS properly INFO: https://rancher-dev.maringa.pr.gov.br/ping is accessible INFO: rancher-dev.maringa.pr.gov.br resolves to 3.232.184.180 time="2022-10-05T152300Z" level=info msg="Listening on /tmp/log.sock" time="2022-10-05T152300Z" level=info msg="Rancher agent version v2.6.8 is starting" time="2022-10-05T152300Z" level=info msg="Option customConfig=map[address:172.31.8.228 internalAddress: label:map[] roles:[etcd] taints:[]]" time="2022-10-05T152300Z" level=info msg="Option etcd=true" time="2022-10-05T152300Z" level=info msg="Option controlPlane=false" time="2022-10-05T152300Z" level=info msg="Option worker=false" time="2022-10-05T152300Z" level=info msg="Option requestedHostname=ip-172-31-8-228" time="2022-10-05T152300Z" level=info msg="Option dockerInfo={3VNI25U6ULFPTOFAZDFSG5H5DO644JAJCKPOE5JATOLX:WBQJ 1 1 0 0 1 overlay2 [[Backing Filesystem extfs] [Supports d_type true] [Native Overlay Diff true] [userxattr false]] [] {[local] [bridge host ipvlan macvlan null overlay] [] [awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog]} true true true true true true true true true true true true false 28 true 38 2022-10-05T152300.879844199Z json-file cgroupfs 1 0 5.15.0-1019-aws Ubuntu 20.04.5 LTS 20.04 linux x86_64 https://index.docker.io/v1/ 0xc001ca6070 2 4051689472 [] /var/lib/docker ip-172-31-8-228 [] false 20.10.7 map[io.containerd.runc.v2:{runc [] <nil>} io.containerd.runtime.v1.linux:{runc [] <nil>} runc:{runc [] <nil>}] runc { inactive false [] 0 0 <nil> []} false docker-init {9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6} {v1.1.4-0-g5fd4c4d v1.1.4-0-g5fd4c4d} {de40ad0 de40ad0} [name=apparmor name=seccomp,profile=default] [] []}" time="2022-10-05T152300Z" level=info msg="Connecting to wss://rancher-dev.maringa.pr.gov.br/v3/connect/register with token starting with r6fstskk79qn2tm4qrgb68ss55s" time="2022-10-05T152300Z" level=info msg="Connecting to proxy" url="wss://rancher-dev.maringa.pr.gov.br/v3/connect/register" time="2022-10-05T152301Z" level=error msg="Failed to connect to proxy. Response status: 400 - 400 Bad Request. Response body: Operation cannot be fulfilled on nodes.management.cattle.io \"m-3bd692266880\": the object has been modified; please apply your changes to the latest version and try again" error="websocket: bad handshake" time="2022-10-05T152301Z" level=error msg="Remotedialer proxy error" error="websocket: bad handshake" time="2022-10-05T152311Z" level=info msg="Connecting to wss://rancher-dev.maringa.pr.gov.br/v3/connect/register with token starting with r6fstskk79qn2tm4qrgb68ss55s" time="2022-10-05T152311Z" level=info msg="Connecting to proxy" url="wss://rancher-dev.maringa.pr.gov.br/v3/connect/register" time="2022-10-05T152311Z" level=info msg="Waiting for node to register. Either cluster is not ready for registering, cluster is currently provisioning, or etcd, controlplane and worker node have to be registered" time="2022-10-05T152313Z" level=info msg="Waiting for node to register. Either cluster is not ready for registering, cluster is currently provisioning, or etcd, controlplane and worker node have to be registered"

@quick-sandwich-76600 I finally found the problem. Http no-proxy settings was missing on the helm command to install Rancher https://docs.ranchermanager.rancher.io/reference-guides/installation-references/helm-chart-options#http-proxy I think that this directives above strongly should be present on the infrastructure setup too, 'cause it don't mention anything about no-proxy here: https://docs.ranchermanager.rancher.io/how-to-guides/new-user-guides/infrastructure-setup/nginx-load-balancer Big hug!