Hello!
I am new to this, and I might find some he...
# k3sr
rough-gigabyte-75159
10/08/2025, 1:26 AMHello!
I am new to this, and I might find some help with my issue here. I've just deployed a k3s and within it I deployed rancher, it works fine if I use the local ingress rule, but when I try to use it externally, it just won't work. I am forwarding all port 80 traffic with a Cloudflare tunnel. My guess is that since rancher always tries to redirect to https, it will never be able to connect just through the http port. Is there a way to tell Rancher to just not redirect http traffic to https?
Thanks!
b
bland-article-62755
10/08/2025, 2:03 AMYeah it wants 443 because that's the only way to encrypt the traffic. Otherwise all your passwords and auth will fly over unencrypted.
bland-article-62755
10/08/2025, 2:03 AMIt's also why it'll want to talk over 6443 for kubectl access.
r
rough-gigabyte-75159
10/08/2025, 2:08 AMI understand that, but I already encrypt all traffic through the Cloudflare tunnel, so really I don’t need to encrypt it again, is there a way to serve the web ui using http and not https? I tried setting tls as external updating it with helm, but no luck…
b
bland-article-62755
10/08/2025, 2:13 AMWhat does your rancher expose ingress look like?
r
rough-gigabyte-75159
10/08/2025, 2:59 AM Copy code
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rancher
annotations:
field.cattle.io/publicEndpoints: '[{"addresses":["192.168.31.155"],"port":80,"protocol":"HTTP","serviceName":"cattle-system:rancher","ingressName":"cattle-system:rancher","hostname":"192.168.31.155.nip.io","path":"/","allNodes":false},{"addresses":["192.168.31.155"],"port":443,"protocol":"HTTPS","serviceName":"cattle-system:rancher","ingressName":"cattle-system:rancher","hostname":"rancher.fire-pro.org","path":"/","allNodes":false}]'
meta.helm.sh/release-name: rancher
meta.helm.sh/release-namespace: cattle-system
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-connect-timeout: '30'
nginx.ingress.kubernetes.io/proxy-read-timeout: '1800'
nginx.ingress.kubernetes.io/proxy-send-timeout: '1800'
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
# key: string
creationTimestamp: '2025-10-06T22:36:48Z'
generation: 26
labels:
app: rancher
app.kubernetes.io/managed-by: Helm
chart: rancher-2.12.2
heritage: Helm
release: rancher
# key: string
namespace: cattle-system
resourceVersion: '254684'
uid: 7e6879d6-adec-44ff-9fbe-e4cac28c9d5b
fields:
- rancher
- <none>
- 192.168.31.155.nip.io
- 192.168.31.155
- 80, 443
- 28h
spec:
rules:
- host: 192.168.31.155.nip.io
http:
paths:
- backend:
service:
name: rancher
port:
number: 80
path: /
pathType: ImplementationSpecific
vKey: 707244775
- host: xxxxxx http:
paths:
- backend:
service:
name: rancher
port:
number: 80
path: /
pathType: ImplementationSpecific
vKey: 3013849366
# - host: string
# http:
# paths:
# - backend:
# resource:
# apiGroup: string
# kind: string
# name: string
# service:
# name: string
# port:
# name: string
# number: int
# path: string
# pathType: string
tls:
- hosts:
- rancher.fire-pro.org
# - hosts:
# - string
# secretName: string
backend:
{}
# defaultBackend:
# resource:
# apiGroup: string
# kind: string
# name: string
# service:
# name: string
# port:
# name: string
# number: int
# ingressClassName: string
__clone: true
cacheObject:
useNestedBackendField: true
showPathType: true<http://192.168.31.155.nip.io|192.168.31.155.nip.io><http://rancher.fire-pro.org|rancher.fire-pro.org>*.<http://fire-pro.org|fire-pro.org><http://localhost:80>rough-gigabyte-75159
10/08/2025, 3:26 AMI fixed it, turns out Cloudflare was trying to verify the TLS certificate, and since it is self signed it failed to verify, I'm so sorry, it was never a Rancher problem... I hope this thread manages to help someone in the future
b
bland-article-62755
10/08/2025, 3:28 AMYeah I was going to say that
``` tls:
- hosts:
- rancher.fire-pro.org```is gonna force traffic to https/443
3 Views