docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added section for AWS load balancer, and release notes for Docker for AWS 17.06 (#3726) 

* Added section for AWS load balancer, and added Docker for AWS 17.06 release notes

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>

* Updated PR per comments

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>

* Reformatting CLI commands for readability

* Sentence case fixes

* More fixes from comments

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
This commit is contained in:
Ken Cochrane 2017-06-29 15:21:11 -04:00 committed by John Mulhausen
parent ec13b0a2e6
commit 325adb2061
3 changed files with 143 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/toc.yaml
View File

@ -77,6 +77,8 @@ guides:
title: Deploy your app
- path: /docker-for-aws/persistent-data-volumes/
title: Persistent data volumes
- path: /docker-for-aws/load-balancer/
title: Load balancer
- path: /docker-for-aws/faqs/
title: FAQs
- path: /docker-for-aws/opensource/

108
docker-for-aws/load-balancer.md Normal file
View File

@ -0,0 +1,108 @@
---
description: Load Balancer
keywords: aws load balancer elb
title: Configure the Docker for AWS load balancer
---
{% include d4a_buttons.md %}
## How does it work?
When you create a service, any ports that are exposed with `-p` are automatically exposed through the platform load balancer:
```bash
$ docker service create --name nginx -p 80:80 nginx
```
This opens up port 80 on the Elastic Load Balancer (ELB) and direct any traffic on that port, to your swarm service.
## How can I configure my load balancer to support SSL/TLS traffic?
Docker uses [Amazons' ACM service](https://aws.amazon.com/certificate-manager/), which provides free SSL/TLS certificates, and can be used with ELBs. You need to create a new certificate for your domain, and get the ARN for that certificate.
You add a label to your service to tell swarm that you want to use a given ACM cert for SSL connections to your service.
### Examples
Start a service and listen on the ELB with ports `80` and `443`. Port `443` is served using a SSL certificate from ACM, which is referenced by the ARN that is described in the service label `com.docker.aws.lb.arn`
```bash
$ docker service create \
--name demo \
--detach=true \
--publish 80:80 \
--publish 443:80 \
--label com.docker.aws.lb.arn="arn:aws:acm:us-east-1:0123456789:certificate/c02117b6-2b5f-4507-8115-87726f4ab963" \
yourname/your-image:latest
```
By default when you add an ACM ARN as a label, it listens on port `443`. If you want to change which port to listen too you append an `@` symbol and a list of ports you want to expose.
#### links SSL to port 443
```none
com.docker.aws.lb.arn="arn:..."
```
#### links SSL to port 444
```none
com.docker.aws.lb.arn="arn:...@444"
```
#### links SSL to ports 444 and 8080
```none
com.docker.aws.lb.arn="arn:...@444,8080"
```
### More full examples:
listen for HTTP on ports 80 and HTTPS on 444
```bash
$ docker service create \
--name demo \
--detach=true \
--publish 80:80 \
--publish 444:80 \
--label com.docker.aws.lb.arn="arn:aws:acm:us-east-1:0123456789:certificate/c02117b6-2b5f-4507-8115-87726f4ab963@444" \
yourname/your-image:latest
```
#### SSL listen on port 444 and 443
```bash
$ docker service create \
--name demo \
--detach=true \
--publish 80:80 \
--publish 444:80 \
--label com.docker.aws.lb.arn="arn:aws:acm:us-east-1:0123456789:certificate/c02117b6-2b5f-4507-8115-87726f4ab963@443,444" \
yourname/your-image:latest
```
#### SSL listen on port 8080
```bash
$ docker service create \
--name demo \
--detach=true \
--publish 8080:80 \
--label com.docker.aws.lb.arn="arn:aws:acm:us-east-1:0123456789:certificate/c02117b6-2b5f-4507-8115-87726f4ab963@8080" \
yourname/your-image:latest
```
### Add a CNAME for your ELB
Once you have your ELB setup, with the correct listeners and certificates, you need to add a DNS CNAME that points to your ELB at your DNS provider.
### ELB SSL limitations
- There can only be one SSL certificate per ELB, so that means you can only have one label per swarm. If you add more than one `com.docker.aws.lb.arn` label per swarm the last one loaded overwrites the other one.
- If you remove the service that has the `com.docker.aws.lb.arn` label, it is removed from the ELB.
- If you edit the ELB config directly from the dashboard, the changes are removed after the next update.
## Can I manually change the ELB configuration?
No. If you make any manual changes to the ELB, they are removed the next time we update the ELB configuration based on any swarm changes. This is because the swarm service configuration is the source of record for service ports. If you add listeners to the ELB manually, they could conflict with what is in swarm, and cause issues.

35
docker-for-aws/release-notes.md
View File

@ -8,12 +8,29 @@ title: Docker for AWS Release Notes
## Stable Channel
### 17.06.0 CE
Release date: 06/28/2017
{{aws_blue_latest}}
**New**
- Docker Engine upgraded to [Docker 17.06.0 CE](https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce)
- Fixed an issue with load balancer controller that caused the ELB health check to fail.
- Added VPCID output when a VPC is created
- Added CloudStor support (EFS (in regions that support EFS), and EBS) for [persistent storage volumes](persistent-data-volumes.md)
- Added CloudFormation parameter to enable/disable CloudStor
- Changed the AutoScaleGroup Manager max size to 6, so that it correctly upgrades with 5 managers
- Added lambda support for Mumbai
- Removed the ELB Name to allow for longer stack names
- Added i3 EC2 instance types
- [Bring your own VPC] Added a VPC CIDR Parameter
### 17.03.1 CE
Release date: 03/30/2017
{{aws_blue_latest}}
**New**
- Docker Engine upgraded to [Docker 17.03.1 CE](https://github.com/docker/docker/blob/master/CHANGELOG.md)
@ -48,6 +65,20 @@ Release date: 01/18/2017
## Edge Channel
### 17.06.0-edge CE
Release date: 06/28/2017
{{aws_blue_latest}}
**New**
- Docker Engine upgraded to [Docker 17.06.0 CE](https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce)
- Fixed an issue with load balancer controller that caused the ELB health check to fail.
- Changed the AutoScaleGroup Manager max size to 6, so that it correctly upgrades with 5 managers
- Added Beta support for [adding AWS ACM certificates to the ELB to support SSL/TLS traffic](load-balancer.md)
### 17.05.0-edge CE
Release date: 05/08/2017