docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update plan-for-production.md

This commit is contained in:
Wang Jie 2018-03-08 14:53:41 +08:00 committed by Joao Fernandes
parent c56517543b
commit a08e5363af
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
swarm/plan-for-production.md
View File

@ -32,7 +32,7 @@ All nodes in a swarm cluster must bind their Docker Engine daemons to a network
port. This brings with it all of the usual network related security port. This brings with it all of the usual network related security
implications such as man-in-the-middle attacks. These risks are compounded when implications such as man-in-the-middle attacks. These risks are compounded when
the network in question is untrusted such as the internet. To mitigate these the network in question is untrusted such as the internet. To mitigate these
risks, Swarm and the Engine support Transport Layer Security(TLS) for risks, Swarm and the Engine support Transport Layer Security (TLS) for
authentication. authentication.
The Engine daemons, including the swarm manager, that are configured to use TLS The Engine daemons, including the swarm manager, that are configured to use TLS
@ -58,11 +58,11 @@ configure your firewalls and other network access control lists.
- **Inbound 80/tcp (HTTP)**. This allows `docker pull` commands to work. If you plan to pull images from Docker Hub, you must allow Internet connections through port 80. - **Inbound 80/tcp (HTTP)**. This allows `docker pull` commands to work. If you plan to pull images from Docker Hub, you must allow Internet connections through port 80.
- **Inbound 2375/tcp**. This allows Docker Engine CLI commands direct to the Engine daemon. - **Inbound 2375/tcp**. This allows Docker Engine CLI commands direct to the Engine daemon.
- **Inbound 3375/tcp**. This allows Engine CLI commands to the swarm manager. - **Inbound 3375/tcp**. This allows Engine CLI commands to the swarm manager.
- **Inbound 22/tcp**. This allows remote management via SSH - **Inbound 22/tcp**. This allows remote management via SSH.
- **Service Discovery**: - **Service Discovery**:
- **Inbound 80/tcp (HTTP)**. This allows `docker pull` commands to work. If you plan to pull images from Docker Hub, you must allow Internet connections through port 80. - **Inbound 80/tcp (HTTP)**. This allows `docker pull` commands to work. If you plan to pull images from Docker Hub, you must allow Internet connections through port 80.
- **Inbound *Discovery service port***. This needs setting to the port that the backend discovery service listens on (consul, etcd, or zookeeper). - **Inbound *Discovery service port***. This needs setting to the port that the backend discovery service listens on (consul, etcd, or zookeeper).
- **Inbound 22/tcp**. This allows remote management via SSH - **Inbound 22/tcp**. This allows remote management via SSH.
- **Swarm nodes**: - **Swarm nodes**:
- **Inbound 80/tcp (HTTP)**. This allows `docker pull` commands to work. If you plan to pull images from Docker Hub, you must allow Internet connections through port 80. - **Inbound 80/tcp (HTTP)**. This allows `docker pull` commands to work. If you plan to pull images from Docker Hub, you must allow Internet connections through port 80.
- **Inbound 2375/tcp**. This allows Engine CLI commands direct to the Docker daemon. - **Inbound 2375/tcp**. This allows Engine CLI commands direct to the Docker daemon.
@ -84,7 +84,7 @@ connections from interfaces on known swarm devices.
If your swarm cluster is configured for TLS, replace `2375` with `2376`, and If your swarm cluster is configured for TLS, replace `2375` with `2376`, and
`3375` with `3376`. `3375` with `3376`.
The ports listed above are just for swarm cluster operations such as; cluster The ports listed above are just for swarm cluster operations such as cluster
creation, cluster management, and scheduling of containers against the cluster. creation, cluster management, and scheduling of containers against the cluster.
You may need to open additional network ports for application-related You may need to open additional network ports for application-related
communications. communications.
@ -285,7 +285,7 @@ Or perhaps there is nothing to consider when it comes to scheduling strategy and
--> -->
Scheduling strategies are how Swarm decides which nodes on a cluster to start Scheduling strategies are how Swarm decides which nodes in a cluster to start
containers on. Swarm supports the following strategies: containers on. Swarm supports the following strategies:
- spread - spread