Hello, I am trying to setup a Proxy using Apache or an AWS ALB to route traffic from clients at remote sites to my Chef Automate system so I can run policy/cookbooks on these systems. I am having trouble figuring out the proper settings and would appreciate any help you can provide. My server name is chef-automate.mycompany.local and it's within an AWS VPC. I have an AWS ALB already setup for mycompany.myproject.com and I've added a rule to it to route mycompany.myproject.com/chef to the instance running chef automate. I am getting errors just attempting to load the automate web page hitting this URL from a browser. It looks as though connectivity is there, but the paths are expecting /chef and the chef automate server is not responding with that. As an alternative approach I switch from an AWS ALB to an Apache reverse proxy and I have the exact same issue. I therefore am thinking that I need to configure Chef Automate to recognize the /chef path. If I am way off or need to do this another way thanks in advance!
A couple of things, infra-server is needed for the clients to pull cookbooks/policies from. I'm assuming you deployed automate with infra-server. The ALB needs to route traffic based on the FQDN and not the path /chef in the path is not a valid api endpoint for automate or infra-server. If this is a standalone server then automate and infra-server will share the same FQDN and the internal nginx proxy will route traffic to the correct service based on the url path. If this is an HA automate setup then you need 2 FQDN's to route traffic to infra-server frontend nodes and other for automate frontend nodes.
Thanks! It is a single Automate with both infra-server and automate on the same RHEL system. I am gathering from what you are saying is that what I am trying to do is flat out not going to work and I need to get a new VIP/Load Balancer/DNS entry to point straight to the FQDN and not have the additional /chef inserted into the URL.
What you want to do is exactly how we set up our environment. We're using Automate HA, but the concept is pretty close. We use one VIP for automate, and another one for infra. Works like a charm.
Dano, I am guessing you don't have an inserted layer like /chef in your URL though?
No, I architected it that way from the beginning.