After I turned on TLS on client and server side following tutorial instructions to generate self-signed certificate, I run into issue of not beeing able to read logs of the task.
That’s because task logs are on a different machine and I see browser trying to read from IP directly like this: https://10.0.1.10:4646/ and receiving TLS errors. I attempted at adding this URL to Firefox certificate exceptions and it did not have effect when I try to use independent tab with url.
When I use nomad UI, I am also getting CORS errors, which makes sense, because original UI uses domain and I have nginx certificate in front of nomad UI.
So, it seems that nomad has a couple issues:
even if node has a proper domain name, call to agent logs is done by IP address and not domain name.
when agent call is done CORS is triggered on IP or on domain name, because agent’s hostname or IP is different from server hostname.
It seems that a proper solution would be to pipe logs from agent to UI server. Is there a setting like that?
Perhaps there are other options.
I can put agent behind a good lets encrypt certificate, but in that case I still have to instruct nomad to generate a proper URL.