Channels
pacc-may-31-2023
prefect-ai
pacc-clearcover-june-12-2023
marvin-in-the-wild
data-ecosystem
geo-israel
pacc-june-14-2023
geo-japan
prefect-cloud
ppcc-may-16-2023
prefect-azure
prefect-docker
prefect-recipes
gratitude
geo-nyc
geo-bay-area
geo-boston
geo-london
geo-dc
geo-chicago
geo-berlin
geo-texas
geo-seattle
geo-colorado
prefect-community
data-tricks-and-tips
prefect-aws
prefect-gcp
introductions
find-a-prefect-job
prefect-dbt
random
events
ask-marvin
show-us-what-you-got
prefect-getting-started
prefect-integrations
prefect-contributors
best-practices-coordination-plane
announcements
prefect-server
prefect-ui
prefect-kubernetes
Title
a
Amjad Salhab
08/20/2022, 5:09 PMHi there,
is there a guide or steps to setup prefect 2 environment to run orion server and agent in different containers in different servers?I was able to do that but the agent refuses to connect to server when using https (it only works with http) is there additional configurations needed to have agent connected to orion server over https?
a
Anna Geller
08/20/2022, 7:53 PMHi! So far we have a basic setup described in the docs.prefect.io and there is also this Discourse topic https://discourse.prefect.io/t/main-topic-flow-deployment-patterns-recipes-for-prefect-2-0/1053
🙌 1
r
Ryan Peden
08/21/2022, 2:53 AMHi Amjad, if you want to do HTTPS between your containers, you'll likely need to set up a reverse proxy like Nginx in your Orion server container with a self-signed certificate (which may or may not be adequate and secure for your use case, so ensure you know the pros and cons before you do it.)
I don't believe you'll find this in the posts Anna linked because it's not a Prefect-specific thing. You'd need to set up a reverse proxy like this any time you want to receive HTTPS connections from outside the a container and proxy them to an HTTP service running inside the container.
Since you're communicating between containers on different hosts, you might also consider a CNI like Weave Net that can encrypt all network traffic between your containers.
🙌 2
a
Amjad Salhab
08/21/2022, 7:04 AMHi @Ryan Peden,Thanks for you answer,actually we already have orion server fronted by aws load balancer and having ssl certificate loaded to it,when using the http listener of the load balancer the agent was able to connect to connect to the server,but when using https listener it fails! meanwhile i can access the ui on both http and https, we can't figure out if it's orion or agent issue
this is the error trace
note: i can access the ui using the defined domain name over http and https
r
Ryan Peden
08/22/2022, 7:42 PMThanks for the additional info! And apologies for the slow reply. I wasn't able to reproduce the error. The 'Name or service not known' error leads me to think this is configuration related; for some reason, the hostname/protocol/port combination you're asking the agent to connect to doesn't seem to be visible from inside the container in which you are running the agent.
:thank-you: 1