RancherOS is a linux distro for running Docker container. There is an AMI (Amazon Machine Images) in the marketplace, but it took me a while to figure out how to setup the security group etc. Here is the missing manual:

  1. Assume you already have a .pem key, then launch instance and select the Rancher AMI

  1. Open terminal and connect to your instance. Note that instead of ssh as root, use rancher as the user:
   $ ssh -i “XXX.pem” [rancher@ec2–XX–XXX–XX–XX.ap-southeast-1.compute.amazonaws.com](mailto:rancher@ec2-54-169-64-13.ap-southeast-1.compute.amazonaws.com)
  1. The rancher/server should be running already, check by:
   $ docker ps

If not, download and run the server using docker:

    docker run -d -p 8080:8080 rancher/server
  1. Go to the Security Group tab and create a new one with** inbound **rules:


  • **Ports 22, 2376 and 8080/tcp **are for Docker machine to provision hosts
  • Ports 500 and 4500/udp for Rancher network
  • Ports 9345 and 9346/tcp for UI
  • **Port 80/tcp **is for the site we deploy
  1. Select the instance, then Actions > Networking > Change Security Group for the image > checked the new Security Group ID > Assign Security Group using the one we just created.

  2. Open a browser and go to the Public DNS with port 8080, such as http://ec2-XX-XXX-XX-13.ap-southeast-1.compute.amazonaws.com:8080

And you should be able to see the Rancher UI:

  1. Add host with Amazon EC2 using the Access Key and Secret Key. If you don’t have it yet, go the AWS console > IAM (Identity and Access Management) > Create New Users > download the credentials.csv

Then go to the Groups tab > Group Actions > Add Users to Group to add this user in. Also Attached Policy > Search for AmazonEC2FullAccess to check the box and apply.

  1. Back to Rancher UI to add the newly generated Access Key and Secret Key from the credentials.csv

Finally fill out the informations according to what you need, and see your host up and running from now on.

P.S. To handle the docker’s secret API keys, certificate files and production config, you could try the beta vault integration depending on how you integrate.