docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Review HRM admin guide

This commit is contained in:
Joao Fernandes 2017-03-16 14:30:11 -07:00 committed by Joao Fernandes
parent a128588772
commit 270d317e80
16 changed files with 463 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_data/toc.yaml
View File

@ -1264,8 +1264,8 @@ manuals:
section:
- path: /datacenter/ucp/2.1/guides/user/services/deploy-a-service/
title: Deploy a service
- path: /datacenter/ucp/2.1/guides/user/services/use-hostnames-to-access-your-service/
title: Use hostnames to access your service
- path: /datacenter/ucp/2.1/guides/user/services/use-domain-names-to-access-services/
title: Use domain names to access services
- path: /datacenter/ucp/2.1/guides/user/services/
title: Deploy an app from the UI
- path: /datacenter/ucp/2.1/guides/user/services/deploy-app-cli/

138
datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services.md
View File

@ -1,104 +1,78 @@
---
title: Configure the HTTP Routing Mesh
description: Learn how to configure UCP's HTTP Routing Mesh
title: Use domain names to access services
description: Docker Universal Control Plane has an HTTP routing mesh that
allows you to make your services accessible through a domain name. Learn more.
keywords: ucp, services, http, dns
---
UCP provides an HTTP routing mesh, that extends the networking capabilities
of Docker Engine. Docker Engine provides load balancing and service discovery
at the transport layer for TCP and UDP connections. UCP's HTTP routing mesh
allows you to extend service discovery to have name-based virtual hosting for
HTTP and HTTPS services.
Docker has a transport-layer load balancer, also know as an L4 load balancer.
This allows you to access your services independently of the node they are
running.
See the
[Docker Engine documentation on overlay networks](/engine/swarm/networking.md)
for more information on what Docker Engine provides.
![swarm routing mesh](../../images/use-domain-names-1.svg)
In this example, the wordpress service is being served on port 8080.
Users can access wordpress using the IP address of any node
in the cluster and port 8080. If wordpress is not running in that node, the
request is redirected to a node that is.
UCP extends this and provides an http routing mesh for application-layer
load balancing. This allows you to access services with HTTP and HTTPS endpoints
using a domain name instead of an IP.
![http routing mesh](../../images/use-domain-names-2.svg)
In this example, the Wordpress service listens on port 8080 and is attached to
the `ucp-hrm` network. There's also a DNS entry mapping `wordpress.example.org`
to the IP addresses of the UCP nodes.
When users access `wordpress.example.org:80`, the HTTP routing mesh routes
the request to the service running Wordpress in a way that is transparent to
the user.
## Enable the HTTP routing mesh
To enable the HTTP routing mesh, go to the **UCP web UI**, navigate to the
**Settings** page, and click the **Routing Mesh** tab.
**Settings** page, and click the **Routing Mesh** option.
Check the **Enable HTTP routing mesh** option.
<!-- todo: add screenshot -->
![http routing mesh](../../images/use-domain-names-3.png){: .with-border}
The default port for HTTP services is **80**, and the default port for HTTPS
services is **8443**. You may choose an alternate port on this screen.
By default the HTTP routing mesh service listens on port 80 for HTTP and port
8443 for HTTPS. Change the ports if you already have services that are using
them.
Check the checkbox to enable the HTTP routing mesh. This will create a service
called `ucp-hrm` and a network called `ucp-hrm`.
## Under the hood
If the HTTP routing mesh receives a HTTP request for a domain that it does not
handle, it returns a 503 error (Bad Gateway). For HTTPS requests, all unknown
domains are routed to the UCP web interface.
Once you enable the HTTP routing mesh, UCP deploys:
## HTTPS support
| Name | What | Description |
|:----------|:--------|:------------------------------------------------------------------------------|
| `ucp-hrm` | Service | Receive HTTP and HTTPS requests and send them to the right service |
| `ucp-hrm` | Network | The network used to communicate with the services using the HTTP routing mesh |
The HTTP routing mesh has support for routing using HTTPS. Using a feature of
HTTPS called Server Name Indication, the HTTP routing mesh is able to route
connections to service backends without terminating the HTTPS connection.
You then deploy a service that exposes a port, attach that service to the
`ucp-hrm` network, and create a DNS entry to map a domain name to the IP
address of the UCP nodes.
To use HTTPS support, no certificates for the service are provided to the HTTP
routing mesh. Instead, the backend service **must** handle HTTPS connections
directly. Services that meet this criteria can use the `SNI` protocol to
indicate handling of HTTPS in this manner.
When a user tries to access an HTTP service from that domain name:
## Route to a service
1. The DNS resolution will point them to the IP of one of the UCP nodes
2. The HTTP routing mesh looks at the Hostname header in the HTTP request
3. If there's a service that maps to that hostname the request is routed to the
port where the service is listening
4. If not, the user receives an HTTP 503, bad gateway error
The HTTP routing mesh can route to a Docker service that runs a webserver.
This service must meet three criteria:
For services exposing HTTPS things are similar. The HTTP routing mesh doesn't
terminate the TLS connection, and instead leverages an extension to TLS called
Server Name Indication, that allows a client to announce in clear the domain
name it is trying to reach.
* The service must be connected a network with a `com.docker.ucp.mesh.http` label
* The service must publish one or more ports
* The service must have one or more labels prefixed with
`com.docker.ucp.mesh.http` to specify the ports to route (see the syntax
below)
When receiving a connection in the HTTPS port, the routing mesh looks at the
Server Name Indication header and routes the request to the right service.
The service is responsible for terminating the HTTPS connection.
These options can be configured using the UCP UI, or can be entered manually
using the `docker service` command.
## Route domains to the HTTP routing mesh
## Where to go next
The HTTP routing mesh uses the `Host` HTTP header (or the Server Name
Indication field for HTTPS requests) to determine which service should receive
a particular HTTP request. This is typically done using DNS and pointing one or
more domains to one or more nodes in the UCP cluster.
## Networks, Access Control, and the HTTP routing mesh
The HTTP routing mesh uses one or more overlay networks to communicate with the
backend services. By default, a single network is created called `ucp-hrm`,
with the access control label `ucp-hrm`. Adding a service to this network
either requires administrator-level access, or the user must be in a group that
gives them `ucp-hrm` access.
This default configuration does not provide any isolation between services
using the HTTP routing mesh.
Isolation between services may be implemented by creating one or more overlay
networks with the label `com.docker.ucp.mesh.http` prior to enabling the HTTP
routing mesh. Once the HTTP routing mesh is enabled, it will be able to route
to all services attached to any of these networks, but services on different
networks cannot communicate directly.
## Using the HTTP routing mesh
Once DNS and networks are configured, you can begin setting up services for
these domains. See the guides for the [UCP web
UI](../../user/services/use-hostnames-to-access-your-service.md) and [Docker
CLI](../../user/services/hrm-labels.md).
## Disable the HTTP routing mesh
To disable the HTTP routing mesh, first ensure that all services that are using
the HTTP routing mesh are disconnected from the **ucp-hrm** network.
Next, go to the **UCP web UI**, navigate to the **Settings** page, and click
the **Routing Mesh** tab. Uncheck the checkbox to disable the HTTP routing mesh.
## Troubleshoot
If a service is not configured properly for use of the HTTP routing mesh, this
information is available in the UI when inspecting the service.
More logging from the HTTP routing mesh is available in the logs of the
`ucp-controller` containers on your UCP manager nodes.
* [Run only the images you trust](run-only-the-images-you-trust.md)

47
datacenter/ucp/2.1/guides/images/use-hostnames-to-access-your-service-1.svg → datacenter/ucp/2.1/guides/images/use-domain-names-1.svg
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="250px" viewBox="0 0 740 250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 40.1 (33804) - http://www.bohemiancoding.com/sketch -->
<title>use-hostnames-1</title>
<!-- Generator: Sketch 42 (36781) - http://www.bohemiancoding.com/sketch -->
<title>use-domain-names-1</title>
<desc>Created with Sketch.</desc>
<defs>
<circle id="path-1" cx="4" cy="4" r="4"></circle>
@ -31,7 +31,7 @@
</mask>
</defs>
<g id="ucp-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="use-hostnames-1">
<g id="use-domain-names-1">
<g id="nodes" transform="translate(108.000000, 104.000000)">
<g id="workers" transform="translate(321.000000, 0.000000)">
<g id="node-1" transform="translate(107.000000, 0.000000)">
@ -40,7 +40,7 @@
</text>
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#445D6E" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
@ -48,14 +48,14 @@
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-worker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="20.4755859" y="15">UCP worker</tspan>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP </tspan>
</text>
</g>
<g id="app-copy" transform="translate(1.000000, 56.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="nginx" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="35.2387695" y="15">nginx</tspan>
<text id="wordpress:8000" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="10.5390625" y="15">wordpress:8000</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
@ -66,7 +66,7 @@
</text>
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#E0E4E7" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
@ -74,8 +74,8 @@
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-worker" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="20.4755859" y="15">UCP worker</tspan>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
@ -88,7 +88,7 @@
</text>
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#E0E4E7" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
@ -96,8 +96,8 @@
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-manager" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="16.0297852" y="15">UCP manager</tspan>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
@ -108,7 +108,7 @@
</text>
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#E0E4E7" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
@ -116,8 +116,8 @@
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-manager" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="16.0297852" y="15">UCP manager</tspan>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
@ -128,7 +128,7 @@
</text>
<g id="node">
<g id="node-label">
<rect id="Rectangle-127" fill="#E0E4E7" x="0" y="0" width="71" height="21.2904762" rx="2"></rect>
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
@ -136,8 +136,8 @@
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP-manager" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="16.0297852" y="15">UCP manager</tspan>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
@ -187,7 +187,12 @@
</g>
</g>
</g>
<path d="M370,31 C373.59125,31 376.5,28.083125 376.5,24.5 C376.5,20.90875 373.59125,18 370,18 C366.40875,18 363.5,20.90875 363.5,24.5 C363.5,28.083125 366.40875,31 370,31 L370,31 Z M370,34.25 C365.669375,34.25 357,36.419375 357,40.75 L357,44 L383,44 L383,40.75 C383,36.419375 374.330625,34.25 370,34.25 L370,34.25 Z" id="Shape" fill="#82949E"></path>
<g id="user" transform="translate(321.000000, 4.000000)" fill="#82949E">
<text id="192.168.99.100:8000" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500">
<tspan x="0.191894531" y="42">192.168.99.100:8000</tspan>
</text>
<path d="M49,13 C52.59125,13 55.5,10.083125 55.5,6.5 C55.5,2.90875 52.59125,0 49,0 C45.40875,0 42.5,2.90875 42.5,6.5 C42.5,10.083125 45.40875,13 49,13 L49,13 Z M49,16.25 C44.669375,16.25 36,18.419375 36,22.75 L36,26 L62,26 L62,22.75 C62,18.419375 53.330625,16.25 49,16.25 L49,16.25 Z" id="Shape"></path>
</g>
</g>
</g>
</svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 15 KiB

198
datacenter/ucp/2.1/guides/images/use-domain-names-2.svg Normal file
View File

@ -0,0 +1,198 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="250px" viewBox="0 0 740 250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 42 (36781) - http://www.bohemiancoding.com/sketch -->
<title>use-domain-names-2</title>
<desc>Created with Sketch.</desc>
<defs>
<circle id="path-1" cx="4" cy="4" r="4"></circle>
<mask id="mask-2" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-1" fill="black"></use>
</mask>
<circle id="path-3" cx="4" cy="4" r="4"></circle>
<mask id="mask-4" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-3" fill="black"></use>
</mask>
<circle id="path-5" cx="4" cy="4" r="4"></circle>
<mask id="mask-6" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-5" fill="black"></use>
</mask>
<circle id="path-7" cx="4" cy="4" r="4"></circle>
<mask id="mask-8" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-7" fill="black"></use>
</mask>
<circle id="path-9" cx="4" cy="4" r="4"></circle>
<mask id="mask-10" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-9" fill="black"></use>
</mask>
</defs>
<g id="ucp-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="use-domain-names-2">
<g id="nodes" transform="translate(108.000000, 104.000000)">
<g id="workers" transform="translate(321.000000, 0.000000)">
<g id="node-1" transform="translate(107.000000, 0.000000)">
<text id="192.168.99.104" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.104</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP </tspan>
</text>
</g>
<g id="app-copy" transform="translate(1.000000, 56.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="wordpress:8000" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="10.5390625" y="15">wordpress:8000</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy">
<text id="192.168.99.103" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.103</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
</g>
<g id="managers">
<g id="node-1" transform="translate(214.000000, 0.000000)">
<text id="192.168.99.102" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.102</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy-3" transform="translate(107.000000, 0.000000)">
<text id="192.168.99.101" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.101</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy-2">
<text id="192.168.99.100-copy-4" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.100</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
</g>
</g>
<g id="load-balancer" transform="translate(107.000000, 59.000000)">
<g id="lb">
<rect id="Rectangle-138" fill="#445D6E" x="0" y="0" width="527" height="22" rx="2"></rect>
<text id="HTTP-routing-mesh" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="218.33504" y="15">HTTP routing mesh</tspan>
</text>
</g>
<g id="arrow-copy-2" transform="translate(477.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-477.500000, -32.500000) translate(465.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-1"></use>
<use stroke="#F7F8F9" mask="url(#mask-2)" stroke-width="4" xlink:href="#path-1"></use>
</g>
</g>
<g id="arrow-copy-3" transform="translate(370.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-370.500000, -32.500000) translate(358.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#E0E4E7" fill-rule="evenodd" xlink:href="#path-3"></use>
<use stroke="#F7F8F9" mask="url(#mask-4)" stroke-width="4" xlink:href="#path-3"></use>
</g>
</g>
<g id="arrow-copy-4" transform="translate(263.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-263.500000, -32.500000) translate(251.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#E0E4E7" fill-rule="evenodd" xlink:href="#path-5"></use>
<use stroke="#F7F8F9" mask="url(#mask-6)" stroke-width="4" xlink:href="#path-5"></use>
</g>
</g>
<g id="arrow-copy-5" transform="translate(156.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-156.500000, -32.500000) translate(144.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#E0E4E7" fill-rule="evenodd" xlink:href="#path-7"></use>
<use stroke="#F7F8F9" mask="url(#mask-8)" stroke-width="4" xlink:href="#path-7"></use>
</g>
</g>
<g id="arrow-copy-6" transform="translate(49.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-49.500000, -32.500000) translate(37.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#E0E4E7" fill-rule="evenodd" xlink:href="#path-9"></use>
<use stroke="#F7F8F9" mask="url(#mask-10)" stroke-width="4" xlink:href="#path-9"></use>
</g>
</g>
</g>
<g id="user" transform="translate(306.000000, 4.000000)" fill="#82949E">
<text id="wordpress.example.or" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500">
<tspan x="0.0424804688" y="42">wordpress.example.org:80</tspan>
</text>
<path d="M64,13 C67.59125,13 70.5,10.083125 70.5,6.5 C70.5,2.90875 67.59125,0 64,0 C60.40875,0 57.5,2.90875 57.5,6.5 C57.5,10.083125 60.40875,13 64,13 L64,13 Z M64,16.25 C59.669375,16.25 51,18.419375 51,22.75 L51,26 L77,26 L77,22.75 C77,18.419375 68.330625,16.25 64,16.25 L64,16.25 Z" id="Shape"></path>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
datacenter/ucp/2.1/guides/images/use-domain-names-3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 221 KiB

BIN
datacenter/ucp/2.1/guides/images/use-domain-names-4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 293 KiB

BIN
datacenter/ucp/2.1/guides/images/use-domain-names-5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 301 KiB

BIN
datacenter/ucp/2.1/guides/images/use-domain-names-6.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 265 KiB

BIN
datacenter/ucp/2.1/guides/images/use-domain-names-7.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 259 KiB

BIN
datacenter/ucp/2.1/guides/images/use-hostnames-to-access-your-service-2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 306 KiB

BIN
datacenter/ucp/2.1/guides/images/use-hostnames-to-access-your-service-3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 313 KiB

BIN
datacenter/ucp/2.1/guides/images/use-hostnames-to-access-your-service-4.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 271 KiB

BIN
datacenter/ucp/2.1/guides/images/use-hostnames-to-access-your-service-5.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 186 KiB

118
datacenter/ucp/2.1/guides/user/services/hrm-labels.md
View File

@ -1,118 +0,0 @@
---
title: Use the Docker CLI to configure hostnames to access your service
description: Learn how to configure your services to make them accessible using a hostname instead of IP addresses and ports, using the Docker CLI.
keywords: ucp, services, http, dns
---
UCP's HTTP routing mesh provides configuration through the web UI, but it is
also possible to configure a service by using the Docker CLI directly. This
information is stored in the labels of the services and other configuration of
the service. This guide will walk you through configuring a sample service for
use with the HTTP routing mesh and also provide a full reference to the label
syntax.
This configuration can be performed manually using the Docker CLI. It is also
appropriate to use this in automation, either using the Docker CLI or the
Docker Remote API directly.
The HTTP routing mesh can route to a Docker service that runs a webserver (HTTP
or HTTPS). This service must meet three criteria:
* The service must be connected a network with a `com.docker.ucp.mesh.http` label
* The service must publish the ports that you wish to route
* The service must have one or more labels prefixed with
`com.docker.ucp.mesh.http` to specify the ports to route (see the syntax
below)
## Route to a service using the CLI
### Networks
Services must be connected to a network that has a `com.docker.ucp.mesh.http`
label. The value is not relevant. A `ucp-hrm` network is created for you
automatically when enabling the HTTP routing mesh, or your administrators may
create one for you. Refer to the administrator's guide for more information.
### Service Labels
The key of the label must begin with `com.docker.ucp.mesh.http`. For multiple
labels, some examples could be `com.docker.ucp.mesh.http.80` and
`com.docker.ucp.mesh.http.443`. Here `80` and `443` are used to differentiate
the HRM labels via port numbers. You can use whatever values you want, just
make sure they are different from each other and you can keep track of them.
Labels with the prefix `com.docker.ucp.mesh.http` allow you to configure a
single hostname and port to route to a service. If you wish to route multiple
ports or hostnames to the same service, then multiple labels with the prefix
`com.docker.ucp.mesh.http` may be created.
### Example using the CLI
A service based on the image `myimage/mywebserver:latest` with a webserver
running on port 8080 can be routed to `http://foo.example.com` can be created
using the following:
```sh
$ docker service create \
-p 8080 \
--network ucp-hrm \
--label com.docker.ucp.mesh.http.8080=external_route=http://foo.example.com,internal_port=8080 \
--name myservice \
myimage/mywebserver:latest
```
## Service Label Syntax
The key of the label must begin with `com.docker.ucp.mesh.http`, for example
`com.docker.ucp.mesh.http.80` and `com.docker.ucp.mesh.http.443`.
The value of the label is a comma separated list of key/value pairs separated
by equals signs. These pairs are optional unless noted below, and are as
follows:
* `external_route` **(required)** the external URL to route to this service.
Examples: `http://myapp.example.com` and `sni://myapp.example.com`
* `internal_port`: the internal port to use for the service. Examples: `80`,
`8443`. This is **required** if more one port is published by the service.
* `sticky_sessions`: if present, use the named cookie to route the user to the
same backend task for this service. See the "Sticky Sessions" section below.
* `redirect`: if present, perform redirection to the specified URL. See the
"Redirection" section below.
### Sticky Sessions
Enable the sticky sessions option for a route if your application requires that
a user's session continues to use the same task of a backend service. This
option uses HTTP cookies to choose which task receives a given connection.
The cookie name for this feature is configured as the value of this option
within the label. The cookie must be created by the application, and its value
is used to pick a backend task.
Stickyness may be lost temporarily if the number of tasks for a service
changes, or if a service is reconfigured in a way that requires all of its
tasks to restart.
This option is incompatible with the `sni` protocol (routing HTTPS connections
without termination).
### Redirection
The `redirect` option indicates that all requests to this route should be
redirected to another domain name using a HTTP redirect.
One use of this feature is for a service which only listens using HTTPS, with
HTTP traffic to it being redirected to HTTPS. If the service is on
`example.com`, then this can be accomplished with two labels:
* `com.docker.ucp.mesh.http.1=external_route=http://example.com,redirect=https://example.com`
* `com.docker.ucp.mesh.http.2=external_route=sni://example.com`
Another use is a service expecting traffic only on a single domain, but other
domains should be redirected to it. For example, a website that has been
renamed might use this functionality. The following labels accomplish this for
`new.example.com` and `old.example.com`
* `com.docker.ucp.mesh.http.1=external_route=http://old.example.com.com,redirect=http://new.example.com`
* `com.docker.ucp.mesh.http.2=external_route=http://new.example.com`

181
datacenter/ucp/2.1/guides/user/services/use-domain-names-to-access-services.md Normal file
View File

@ -0,0 +1,181 @@
---
title: Use domain names to access services
description: Learn how to configure your services to make them accessible using a hostname instead of IP addresses and ports.
keywords: ucp, services, http, dns
redirect_from:
- /datacenter/ucp/2.1/guides/user/services/use-hostnames-to-access-your-service/
---
You can make it easier for users to access your HTTP and HTTPS services, by
making them accessible from a domain name, instead of an IP address.
![http routing mesh](../../images/use-domain-names-2.svg)
In this example, we're going to deploy a Wordpress service and make it accessible
to users at `http://wordpress.example.org`.
## Enable the HTTP routing mesh
Before you start, make sure an administrator user has
[enabled the HTTP routing mesh service](../../admin/configure/use-domain-names-to-access-services.md).
You also need permissions to attach services to the `ucp-hrm` network.
## Deploy Wordpress
Log in the **UCP web UI**, navigate to the **Services** page, and click
**Create a service**. Then create a Wordpress service with the following
configurations:
| Field | Value |
|:------------------|:----------------------|
| Service name | wordpress |
| Image name | wordpress:latest |
| Internal port | 80 |
| Protocol | tcp |
| Publish Mode | ingress |
| Public port | 8000 |
| External scheme | http:// |
| Routing mesh host | wordpress.example.com |
When creating the service, make sure to publish both internal and public ports.
This maps the port 80 on the container running the service, to port 8000 on the
ingress routing mesh.
![](../../images/use-domain-names-4.png){: .with-border}
Then click the **Add hostname based route** to set the hostname that will
resolve to the service.
![](../../images/use-domain-names-5.png){: .with-border}
Finally, you need to connect the service to the `ucp-hrm` network. This is
what ensures traffic send to the HTTP routing mesh is redirected to your
service.
![](../../images/use-domain-names-6.png){: .with-border}
Click **Deploy now** to deploy your service. Once the service is deployed,
the HTTP routing mesh service is reconfigured to redirect HTTP requests with
the hostname set to `wordpress.example.org`, to the Wordpress service.
## Add a DNS entry
Now that Wordpress is deployed, add a new DNS entry that maps
`wordpress.example.org` to the IP address of any node in the UCP cluster.
When testing locally, you can also change your `/etc/hosts` file to
create this mapping, instead of using a DNS service.
Once this is done, you can access the wordpress service from your browser.
![](../../images/use-domain-names-7.png){: .with-border}
## From the CLI
To deploy the Wordpress service from the CLI, you need to add labels to the
service that are specific to the HTTP routing mesh.
Once you get your [UCP client bundle](../access-ucp/cli-based-access.md), you
can run:
```none
docker service create \
--publish target=80,published=8000 \
--network ucp-hrm \
--label com.docker.ucp.mesh.http=external_route=http://wordpress.example.org,internal_port=80 \
--name wordpress \
wordpress:latest
```
## Under the hood
Under the hood, UCP relies on labels to configure your services to use the
HTTP routing mesh. The UCP web UI automatically adds labels to your services,
but when deploying from the CLI or using compose files, you need to add labels
to your services.
The HTTP routing mesh can route to a service, as long as that service:
* Is attached to a network that has the `com.docker.ucp.mesh.http` label. You
can use the default `ucp-hrm` network or create your own
* Publishes the ports that you want to route to
* Has one or more labels with the prefix `com.docker.ucp.mesh.http`, specifying
the ports to route to
### Service labels
The HTTP routing mesh label that you apply to your services needs to have a list
of keys and values separated by a comma, specifying how to route the traffic to
your service. The label syntax looks like this:
```none
com.docker.ucp.mesh.http[.label-number]=<key-1>=<value-1>,<key-2>=<value-2>
```
Where `.label-number` is an optional number that you can include in your label
name if you want to have multiple routes to the same service. As an example
you could have one route for HTTP and another for HTTPS. In that case you'd
apply two labels:
```none
com.docker.ucp.mesh.http.1=<key-1>=<value-1>
com.docker.ucp.mesh.http.2=<key-1>=<value-1>
```
The keys and values in your label are what defined the route configuration.
These keys are supported:
| Key | Mandatory | Values | Description |
|:----------------|:------------------------------------------|:-----------------------------------------|:---------------------------------------------------------------------------------------------------------|
| external_route | yes | http://domain-name or sni://domain-name | The external URL to route to this service |
| internal_port | yes, if the port published multiple ports | port-number | The internal port to use for the service |
| sticky_sessions | no | cookie-name | Always route a user to the same service, using HTTP cookies. This option can't be used with HTTPS routes |
| redirect | no | http://domain-name, or sni://domain-name | Redirect incoming requests to another route using an HTTP 301 redirect |
### Sticky sessions
You can use the `sticky_sessions` value to always route a user to the same
backend service. The first time a user makes a request, the service includes
a cookie in the response. When the user makes a new request, their browser
will send the cookie, and the HTTP routing mesh can use it to decide to which
service to route to.
Since this requires the HTTP routing mesh to be able to read the cookie, this
option only works with HTTP routes.
Sticky sessions might stop temporarily if the service is reconfigured to
change the number of replicas, or if the replicas are restarted.
### HTTP redirects
You can use the `redirect` option to redirect requests from one route to
another.
This allows you to redirect traffic to a new domain name if you've renamed the
domain you're using to serve your services. For that, you apply two labels to
your service:
```none
com.docker.ucp.mesh.http.1=external_route=http://old.example.org,redirect=http://new.example.org
com.docker.ucp.mesh.http.2=external_route=http://new.example.org
```
You can also use this to redirect HTTP requests to an HTTPS route. For that you
apply two labels to your service:
```none
com.docker.ucp.mesh.http.1=external_route=http://example.org,redirect=https://example.org
com.docker.ucp.mesh.http.2=external_route=sni://example.org
```
### Keep services isolated
If you want to keep the services from sharing the same network, before
enabling the HTTP routing mesh:
1. Create multiple networks and apply the `com.docker.ucp.mesh.http` label to them
2. Enable the HTTP routing mesh
3. Attach each service to one of the different networks you've created
The HTTP routing mesh will route to all services in these networks, but services
on different networks can't communicate directly.

83
datacenter/ucp/2.1/guides/user/services/use-hostnames-to-access-your-service.md
View File

@ -1,83 +0,0 @@
---
title: Use hostnames to access your service
description: Learn how to configure your services to make them accessible using a hostname instead of IP addresses and ports.
keywords: ucp, services, http, dns
---
When you deploy a service with an HTTP or HTTPS endpoint, you can make it
accessible to users by mapping the service port to the swarm routing mesh port.
This makes your service available using the IP address of any node in the
cluster.
![](../../images/use-hostnames-to-access-your-service-1.svg)
UCP takes this one step further and allows you to configure your HTTP or HTTPS
services to make them available using hostnames while sharing the same port.
This simplifies configuration, with each service specifies the hostname or
hostnames that it handles, giving your team fewer places to configure common
options for routing.
In this example we're going to deploy an NGINX service and make it available
with the hostname `app.ucp.example.com`. This guide uses the UCP web UI. The
same functionality is [provided via the Docker CLI and API using
labels](hrm-labels.md).
## Configuring a service for the HTTP routing mesh using the UCP web UI
Start by making sure that the
[HTTP routing mesh service is enabled](../../admin/configure/use-domain-names-to-access-services.md),
you have access to the `ucp-hrm` network, and that DNS records are configured.
If you don't have administrator credentials, ask your system administrator to
enable the HTTP routing mesh, and grant you access to the `ucp-hrm` network.
Log in the **UCP web UI**, navigate to the **Services** page, and click
**Create a service**. Then create an NGINX service with the following
configurations:
| Field | Value |
|:------------------|:--------------------|
| Service name | nginx |
| Image name | nginx |
| Internal port | 80 |
| Protocol | tcp |
| Publish Mode | ingress |
| Public port | 8000 |
| External scheme | http:// |
| Routing mesh host | app.ucp.example.com |
When creating the service, make sure to publish both internal and public ports.
This maps the port 80 on the container running the service, to port 8000 on the
ingress routing mesh.
![](../../images/use-hostnames-to-access-your-service-2.png){: .with-border}
Then click the **Add hostname based route** to set the hostname that will
resolve to the service.
![](../../images/use-hostnames-to-access-your-service-3.png){: .with-border}
Finally, you need to connect the service to the `ucp-hrm` network. This is
what ensures traffic send to the HTTP routing mesh is redirected to your
service.
![](../../images/use-hostnames-to-access-your-service-4.png){: .with-border}
Click **Deploy now** to deploy your service. Once the service is deployed,
the HTTP routing mesh service is reconfigured to redirect HTTP requests with
the hostname set to `app.ucp.example.com`, to the NGINX service.
To make this service accessible to users, you need to add an entry to your DNS,
mapping the name `app.ucp.example.com` to the IP address of any node in the
UCP cluster. When testing locally, you can also change your `/etc/hosts` file to
create this mapping, instead of using a DNS service.
Now when you access `http://app.ucp.example.com` from your browser, you'll see
the default NGINX page.
![](../../images/use-hostnames-to-access-your-service-5.png){: .with-border}
## Next Steps
Once you have configured the HTTP routing mesh with a simple service, you may
want to explore other configuration options, including configuration using the
Docker CLI or advanced options.