Deploying CockroachDB Console behind Traefil

Hi,

I’m trying to deploy secure Cockroach DB cluster behind Traefik reverse proxy. I’ve managed to have 3 nodes with load balancing behind Traefik with no issues. My problem is with DB Console. The deployment is on my local laptop for now, so I’m using localhost for several containers all accessed via path prefixex -for example localhost/jenkins, or localhost/prometheus, etc.-.

I couldn’t figure a way to have it under a path prefix -like https://localhost/cockroachdb for example-. IT needs its own domain, so I had to give it its, own domain name. I used nip.io for reverse dns lookup, and its working fine.

My only issue is that DB console always returns 502 bad gateway error. I tried, various SSL certificate options. I even created a certificate signed by the Cockroach CA that is used to create the node certificate. It still returns 502 bad gateway.

The certificate is used to trust my domain name (cockroachdb.127.0.0.1.nip.io), which is used to access the DB consol. I’m load balancing the DB console on all my 3 nodes. I can’t add the containers’ IP addresses or local hostnames (like CockroachDB-1, CockroachDB-2) since I’m not sure how many nodes will I have in the cluster.

The CockroachDB containers show nothing in the logs, but in Traefik, it shows failed TLS handshake, unknown certificate error! Based on Traefik documentation, this error is from the container not Traefik.

My setup is in the following compose file if you want to refer to it:

How can I avoid DB console returning 502 error? Is there some sort of skip-verify type of setting / configuration?

Hi Nader,

Welcome to our Forum community.

I see that you have already found a solution via another channel. DB Console returns 502 Bad Gateway error behind reverse proxy · Issue #65598 · cockroachdb/cockroach · GitHub

Thanks, and again, welcome to the CockroachDB community!

Cheers,
Lisa