rancher-desktop: Default Traefik not working properly on Rancher Desktop because not routable IP to the instance

Right now all ports above 1023 are auto-forwarded to localhost, but for privileged ports this has to be done manually. Right now the default Traefik installed with Rancher Desktop does not really work properly due to this; will be good to have a routable IP address for the instance so we can make Traefik work properly and use the corresponding ports for HTTP/HTTPS (80, 443).

About this issue

Original URL
State: open
Created 3 years ago
Reactions: 10
Comments: 19 (16 by maintainers)

Commits related to this issue

Added RancherDesktop unprivileged port workaround Fixes #110 This workaround is based on the main repo issues: https://github.com/rancher-sandbox/rancher-desktop/issues/576 — committed to nunix/epinio-docs by nunix 2 years ago

Most upvoted comments

Thanks for bringing this up. We are aware of the problem and already working on a solution.

mattfarina on Sep 3, 2021

Nowadays anything .localhost should route to 127.0.0.1 so myingress.rancher.localhost should work and than if traefik is running with port 80 and 443 bound. That should work on both Windows, Linux and MacOS.

The problem on Linux becomes that port 80 and 443 is not able to be used for traefik ingress. You would need to use sudo sysctl net.ipv4.ip_unprivileged_port_start=80 or figure out the correct sudo setcap cap_net_bind_service=+ep /path/to/rancher-desktop

I am currently not running on Linux so I don’t know the exact path to rancher-desktop or potentially that would be needed for the k3s binary?

See #1668

jetersen on Apr 2, 2022

On Linux user has to find the Ingress port manually first on localhost by for. eg:

The root cause is the same between macOS and Linux, but the fixes will have to be different.

First localhost: this works on macOS because we can bind privileged ports to 0.0.0.0 as a regular user, whereas on Linux you would have to be root (or at least have the NET_BIND capability).

On macOS we should have a routable port once the vde_vmnet work is completed.

On Linux we will need to create a tap device for this, and we don’t have that work scheduled yet. So this will not happen in time for the next release.

jandubois on Oct 19, 2021

I believe this is just a browser feature (internal redirect), so it will work in Chrome and Firefox, but not with Safari.

systemd-resolved will resolve domains with TLD .localhost to loopback device. For example, this is on my Ubuntu 21.10 desktop with no other configuration around DNS:

$ curl -v hello.localhost
*   Trying ::1:80...
* connect to ::1 port 80 failed: Connection refused
*   Trying 127.0.0.1:80...
* Connected to hello.localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: hello.localhost
> User-Agent: curl/7.74.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Date: Wed, 04 May 2022 19:22:00 GMT
< Content-Type: text/html
< Content-Length: 146
< Connection: keep-alive
< 
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host hello.localhost left intact

mattupstate on May 4, 2022