Cannot fetch logs when TLS is used

After I turned on TLS on client and server side following tutorial instructions to generate self-signed certificate, I run into issue of not beeing able to read logs of the task.

That’s because task logs are on a different machine and I see browser trying to read from IP directly like this: https://10.0.1.10:4646/ and receiving TLS errors. I attempted at adding this URL to Firefox certificate exceptions and it did not have effect when I try to use independent tab with url.

When I use nomad UI, I am also getting CORS errors, which makes sense, because original UI uses domain and I have nginx certificate in front of nomad UI.

So, it seems that nomad has a couple issues:

  • even if node has a proper domain name, call to agent logs is done by IP address and not domain name.

  • when agent call is done CORS is triggered on IP or on domain name, because agent’s hostname or IP is different from server hostname.

It seems that a proper solution would be to pipe logs from agent to UI server. Is there a setting like that?

Perhaps there are other options.

I can put agent behind a good lets encrypt certificate, but in that case I still have to instruct nomad to generate a proper URL.

I managed to take control of client agent URL through its advertise and ports options, but that does not solve the CORS problem. If I use * option for CORS, then authentication is not possible according to console logs. If I don’t use * in CORS, then call is denied.

So, I am at a loss how we are supposed to look at task STDOUT and STDERR logs when client and agent are on different machines, which is the recommended setup.