After I turned on TLS on client and server side following tutorial instructions to generate self-signed certificate, I run into issue of not beeing able to read logs of the task.
That’s because task logs are on a different machine and I see browser trying to read from IP directly like this: https://10.0.1.10:4646/ and receiving TLS errors. I attempted at adding this URL to Firefox certificate exceptions and it did not have effect when I try to use independent tab with url.
When I use nomad UI, I am also getting CORS errors, which makes sense, because original UI uses domain and I have nginx certificate in front of nomad UI.
So, it seems that nomad has a couple issues:
-
even if node has a proper domain name, call to agent logs is done by IP address and not domain name.
-
when agent call is done CORS is triggered on IP or on domain name, because agent’s hostname or IP is different from server hostname.
It seems that a proper solution would be to pipe logs from agent to UI server. Is there a setting like that?
Perhaps there are other options.
I can put agent behind a good lets encrypt certificate, but in that case I still have to instruct nomad to generate a proper URL.