Hi there,
is there a guide or steps to setup prefe...
# prefect-communitya
Amjad Salhab
08/20/2022, 5:09 PMHi there,
is there a guide or steps to setup prefect 2 environment to run orion server and agent in different containers in different servers?I was able to do that but the agent refuses to connect to server when using https (it only works with http) is there additional configurations needed to have agent connected to orion server over https?
a
Anna Geller
08/20/2022, 7:53 PM
Hi! So far we have a basic setup described in the docs.prefect.io and there is also this Discourse topic https://discourse.prefect.io/t/main-topic-flow-deployment-patterns-recipes-for-prefect-2-0/1053
🙌 1
Anna Geller
08/20/2022, 7:53 PM
r
Ryan Peden
08/21/2022, 2:53 AMHi Amjad, if you want to do HTTPS between your containers, you'll likely need to set up a reverse proxy like Nginx in your Orion server container with a self-signed certificate (which may or may not be adequate and secure for your use case, so ensure you know the pros and cons before you do it.)
I don't believe you'll find this in the posts Anna linked because it's not a Prefect-specific thing. You'd need to set up a reverse proxy like this any time you want to receive HTTPS connections from outside the a container and proxy them to an HTTP service running inside the container.
Since you're communicating between containers on different hosts, you might also consider a CNI like Weave Net that can encrypt all network traffic between your containers.
🙌 2
a
Amjad Salhab
08/21/2022, 7:04 AMHi @Ryan Peden,Thanks for you answer,actually we already have orion server fronted by aws load balancer and having ssl certificate loaded to it,when using the http listener of the load balancer the agent was able to connect to connect to the server,but when using https listener it fails! meanwhile i can access the ui on both http and https, we can't figure out if it's orion or agent issue
Amjad Salhab
08/21/2022, 7:50 AMthis is the error trace
note: i can access the ui using the defined domain name over http and https
Amjad Salhab
08/21/2022, 7:54 AMr
Ryan Peden
08/22/2022, 7:42 PMThanks for the additional info! And apologies for the slow reply. I wasn't able to reproduce the error. The 'Name or service not known' error leads me to think this is configuration related; for some reason, the hostname/protocol/port combination you're asking the agent to connect to doesn't seem to be visible from inside the container in which you are running the agent.
🙏 1
3 Views