docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Move HRM config to interlock

This commit is contained in:
Joao Fernandes 2017-12-21 11:37:06 -08:00 committed by Jim Galasyn
parent 081bbacce2
commit ad99769c85
10 changed files with 317 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_data/toc.yaml
View File

@ -1571,8 +1571,6 @@ manuals:
title: UCP configuration file
- path: /datacenter/ucp/3.0/guides/admin/configure/use-node-local-network-in-swarm/
title: Use a local node network in a swarm
- path: /datacenter/ucp/3.0/guides/admin/configure/use-domain-names-to-access-services/
title: Use domain names to access services
- path: /datacenter/ucp/3.0/guides/admin/configure/use-your-own-tls-certificates/
title: Use your own TLS certificates
- path: /datacenter/ucp/3.0/guides/admin/configure/manage-and-deploy-private-images/
@ -1707,6 +1705,8 @@ manuals:
section:
- title: Get started
path: /datacenter/ucp/3.0/guides/interlock/install/
- title: Manual deployment
path: /datacenter/ucp/3.0/guides/interlock/install/manual-deployment/
- title: Production
path: /datacenter/ucp/3.0/guides/interlock/install/production/
- title: Offline install

4
datacenter/ucp/3.0/guides/admin/configure/restrict-services-to-worker-nodes.md
View File

@ -23,7 +23,3 @@ or not.
Having a grant with the `Scheduler` role against the `/` collection takes
precedence over any other grants with `Node Schedule` on subcollections.
## Where to go next
* [Use domain names to access your services](use-domain-names-to-access-services.md)

82
datacenter/ucp/3.0/guides/admin/configure/use-domain-names-to-access-services.md
View File

@ -1,82 +0,0 @@
---
title: Enable using domain names to access services
description: Docker Universal Control Plane has an HTTP routing mesh that allows you to make your services accessible through a domain name.
keywords: ucp, services, http, https, dns, routing
---
Docker has a transport-layer load balancer, also known as an L4 load balancer.
This allows you to access your services independently of the node where they are
running.
![swarm routing mesh](../../images/use-domain-names-1.svg)
In this example, the WordPress service is being served on port 8000.
Users can access WordPress using the IP address of any node in the cluster
and port 8000. If WordPress is not running in that node, the
request is redirected to a node that is.
UCP extends this and provides an HTTP routing mesh for application-layer
load balancing. This allows you to access services with HTTP and HTTPS
endpoints using a domain name instead of an IP.
![http routing mesh](../../images/use-domain-names-2.svg)
In this example, the WordPress service listens on port 8000 and is attached to
the `ucp-hrm` network. There's also a DNS entry mapping `wordpress.example.org`
to the IP addresses of the UCP nodes.
When users access `wordpress.example.org:8000`, the HTTP routing mesh routes
the request to the service running WordPress in a way that is transparent to
the user.
## Enable the HTTP routing mesh
To enable the HTTP routing mesh, Log in as an administrator, go to the
UCP web UI, navigate to the **Admin Settings** page, and click the
**Routing Mesh** option. Check the **Enable routing mesh** option.
![http routing mesh](../../images/use-domain-names-3.png){: .with-border}
By default, the HTTP routing mesh service listens on port 80 for HTTP and port
8443 for HTTPS. Change the ports if you already have services that are using
them.
## Under the hood
Once you enable the HTTP routing mesh, UCP deploys:
| Name | What | Description |
|:----------|:--------|:------------------------------------------------------------------------------|
| `ucp-hrm` | Service | Receive HTTP and HTTPS requests and send them to the right service |
| `ucp-hrm` | Network | The network used to communicate with the services using the HTTP routing mesh |
You then deploy a service that exposes a port, attach that service to the
`ucp-hrm` network, and create a DNS entry to map a domain name to the IP
address of the UCP nodes.
When a user tries to access an HTTP service from that domain name:
1. The DNS resolution will point them to the IP of one of the UCP nodes
2. The HTTP routing mesh looks at the Hostname header in the HTTP request
3. If there's a service that maps to that hostname, the request is routed to the
port where the service is listening
4. If not, the user receives an `HTTP 503, bad gateway` error.
For services exposing HTTPS things are similar. The HTTP routing mesh doesn't
terminate the TLS connection, and instead leverages an extension to TLS called
Server Name Indication, that allows a client to announce in clear the domain
name it is trying to reach.
When receiving a connection in the HTTPS port, the routing mesh looks at the
Server Name Indication header and routes the request to the right service.
The service is responsible for terminating the HTTPS connection. Note that
the routing mesh uses the SSL session ID to make sure that a single SSL
session always goes to the same task for the service. This is done for
performance reasons so that the same SSL session can be maintained across
requests.
## Where to go next
- [Use your own TLS certificates](use-your-own-tls-certificates.md)
- [Run only the images you trust](run-only-the-images-you-trust.md)

0
datacenter/ucp/3.0/guides/images/use-domain-names-1.svg → datacenter/ucp/3.0/guides/images/interlock-install-1.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 15 KiB

198
datacenter/ucp/3.0/guides/images/interlock-install-2.svg Normal file
View File

@ -0,0 +1,198 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="740px" height="250px" viewBox="0 0 740 250" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<!-- Generator: Sketch 42 (36781) - http://www.bohemiancoding.com/sketch -->
<title>use-domain-names-2</title>
<desc>Created with Sketch.</desc>
<defs>
<circle id="path-1" cx="4" cy="4" r="4"></circle>
<mask id="mask-2" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-1" fill="black"></use>
</mask>
<circle id="path-3" cx="4" cy="4" r="4"></circle>
<mask id="mask-4" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-3" fill="black"></use>
</mask>
<circle id="path-5" cx="4" cy="4" r="4"></circle>
<mask id="mask-6" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-5" fill="black"></use>
</mask>
<circle id="path-7" cx="4" cy="4" r="4"></circle>
<mask id="mask-8" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-7" fill="black"></use>
</mask>
<circle id="path-9" cx="4" cy="4" r="4"></circle>
<mask id="mask-10" maskContentUnits="userSpaceOnUse" maskUnits="objectBoundingBox" x="-2" y="-2" width="12" height="12">
<rect x="-2" y="-2" width="12" height="12" fill="white"></rect>
<use xlink:href="#path-9" fill="black"></use>
</mask>
</defs>
<g id="ucp-diagrams" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="use-domain-names-2">
<g id="nodes" transform="translate(108.000000, 104.000000)">
<g id="workers" transform="translate(321.000000, 0.000000)">
<g id="node-1" transform="translate(107.000000, 0.000000)">
<text id="192.168.99.104" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.104</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#445D6E"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#439FD1" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP </tspan>
</text>
</g>
<g id="app-copy" transform="translate(1.000000, 56.000000)">
<rect id="Rectangle-138" fill="#FFB463" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="wordpress:8000" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="10.5390625" y="15">wordpress:8000</tspan>
</text>
</g>
<rect id="node-border" stroke="#445D6E" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy">
<text id="192.168.99.103" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.103</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="worker-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">worker node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
</g>
<g id="managers">
<g id="node-1" transform="translate(214.000000, 0.000000)">
<text id="192.168.99.102" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.102</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy-3" transform="translate(107.000000, 0.000000)">
<text id="192.168.99.101" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.101</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
<g id="node-1-copy-2">
<text id="192.168.99.100-copy-4" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500" fill="#82949E">
<tspan x="13.4824219" y="116">192.168.99.100</tspan>
</text>
<g id="node">
<g id="node-label">
<path d="M0,2.00295631 C0,0.896754086 0.897702336,0 1.99174577,0 L71,0 L71,10.6452381 C71,16.5244408 66.2312425,21.2904762 60.3513837,21.2904762 L0,21.2904762 L0,2.00295631 Z" id="Rectangle-127" fill="#E0E4E7"></path>
<text id="manager-node" font-family="OpenSans, Open Sans" font-size="8" font-weight="normal" fill="#FFFFFF">
<tspan x="6" y="14">manager node</tspan>
</text>
</g>
</g>
<g id="app" transform="translate(1.000000, 79.000000)">
<rect id="Rectangle-138" fill="#A1CFE8" x="0" y="0" width="95" height="22" rx="2"></rect>
<text id="UCP" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="38.1953125" y="15">UCP</tspan>
</text>
</g>
<rect id="node-border" stroke="#E0E4E7" stroke-width="2" x="0" y="0" width="97" height="102" rx="2"></rect>
</g>
</g>
</g>
<g id="load-balancer" transform="translate(107.000000, 59.000000)">
<g id="lb">
<rect id="Rectangle-138" fill="#445D6E" x="0" y="0" width="527" height="22" rx="2"></rect>
<text id="HTTP-routing-mesh" font-family="OpenSans, Open Sans" font-size="10" font-weight="normal" fill="#FFFFFF">
<tspan x="218.33504" y="15">HTTP routing mesh</tspan>
</text>
</g>
<g id="arrow-copy-2" transform="translate(477.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-477.500000, -32.500000) translate(465.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#445D6E" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#445D6E" fill-rule="evenodd" xlink:href="#path-1"></use>
<use stroke="#F7F8F9" mask="url(#mask-2)" stroke-width="4" xlink:href="#path-1"></use>
</g>
</g>
<g id="arrow-copy-3" transform="translate(370.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-370.500000, -32.500000) translate(358.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#E0E4E7" fill-rule="evenodd" xlink:href="#path-3"></use>
<use stroke="#F7F8F9" mask="url(#mask-4)" stroke-width="4" xlink:href="#path-3"></use>
</g>
</g>
<g id="arrow-copy-4" transform="translate(263.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-263.500000, -32.500000) translate(251.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#E0E4E7" fill-rule="evenodd" xlink:href="#path-5"></use>
<use stroke="#F7F8F9" mask="url(#mask-6)" stroke-width="4" xlink:href="#path-5"></use>
</g>
</g>
<g id="arrow-copy-5" transform="translate(156.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-156.500000, -32.500000) translate(144.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#E0E4E7" fill-rule="evenodd" xlink:href="#path-7"></use>
<use stroke="#F7F8F9" mask="url(#mask-8)" stroke-width="4" xlink:href="#path-7"></use>
</g>
</g>
<g id="arrow-copy-6" transform="translate(49.500000, 32.500000) scale(1, -1) rotate(-90.000000) translate(-49.500000, -32.500000) translate(37.500000, 28.500000)">
<path d="M2,4 L24,4" id="Line" stroke="#E0E4E7" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<g id="Oval">
<use fill="#E0E4E7" fill-rule="evenodd" xlink:href="#path-9"></use>
<use stroke="#F7F8F9" mask="url(#mask-10)" stroke-width="4" xlink:href="#path-9"></use>
</g>
</g>
</g>
<g id="user" transform="translate(306.000000, 4.000000)" fill="#82949E">
<text id="wordpress.example.or" font-family="OpenSans-Semibold, Open Sans" font-size="10" font-weight="500">
<tspan x="0.0424804688" y="42">wordpress.example.org:80</tspan>
</text>
<path d="M64,13 C67.59125,13 70.5,10.083125 70.5,6.5 C70.5,2.90875 67.59125,0 64,0 C60.40875,0 57.5,2.90875 57.5,6.5 C57.5,10.083125 60.40875,13 64,13 L64,13 Z M64,16.25 C59.669375,16.25 51,18.419375 51,22.75 L51,26 L77,26 L77,22.75 C77,18.419375 68.330625,16.25 64,16.25 L64,16.25 Z" id="Shape"></path>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

0
datacenter/ucp/3.0/guides/images/use-domain-names-3.png → datacenter/ucp/3.0/guides/images/interlock-install-3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 25 KiB

10
datacenter/ucp/3.0/guides/interlock/index.md
View File

@ -14,9 +14,13 @@ application traffic.
- [Introduction](intro/index.md)
- [What is Interlock](intro/index.md)
- [Architecture](intro/architecture.md)
- [Deployment](install/)
- [Requirements](install/index.md#requirements)
- [Installation](install/index.md#deployment)
## Deployment
- [Get started](install/index.md)
- [Deploy Interlock manually](install/manual-deployment.md)
- [Deploy Interlock offline](install/offline.md)
- [Deploy Interlock for production](install/production.md)
## Configuration

92
datacenter/ucp/3.0/guides/interlock/install/index.md
View File

@ -1,82 +1,42 @@
---
title: Get started with Interlock
description: Learn about Interlock, an application routing and load balancing system
description: earn about Interlock, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
---
Docker Enterprise Edition has a routing mesh that allows you to make your
services available to the outside world using a domain name. This is also
known as a layer 7 load balancer.
## Requirements
![swarm routing mesh](../../images/interlock-install-1.svg)
- [Docker](https://www.docker.com) version 17.06+ is required to use Interlock
- Docker must be running in [Swarm mode](https://docs.docker.com/engine/swarm/)
- Internet access (see [Offline Installation](offline.md) for installing without internet access)
In this example, the WordPress service is being served on port 8000.
Users can access WordPress using the IP address of any node in the cluster
and port 8000. If WordPress is not running in that node, the
request is redirected to a node that is.
## Deployment
Interlock uses a configuration file for the core service. The following is an example config
to get started. In order to utilize the deployment and recovery features in Swarm we will
create a Docker Config object:
Docker EE extends this and provides a routing mesh for application-layer
load balancing. This allows you to access services with HTTP and HTTPS
endpoints using a domain name instead of an IP.
```bash
$> cat << EOF | docker config create service.interlock.conf -
ListenAddr = ":8080"
DockerURL = "unix:///var/run/docker.sock"
PollInterval = "3s"
![http routing mesh](../../images/interlock-install-2.svg)
[Extensions]
[Extensions.default]
Image = "interlockpreview/interlock-extension-nginx:2.0.0-preview"
Args = ["-D"]
ProxyImage = "nginx:alpine"
ProxyArgs = []
ProxyConfigPath = "/etc/nginx/nginx.conf"
ServiceCluster = ""
PublishMode = "ingress"
PublishedPort = 80
TargetPort = 80
PublishedSSLPort = 443
TargetSSLPort = 443
[Extensions.default.Config]
User = "nginx"
PidPath = "/var/run/proxy.pid"
WorkerProcesses = 1
RlimitNoFile = 65535
MaxConnections = 2048
EOF
oqkvv1asncf6p2axhx41vylgt
```
In this example, the WordPress service listens on port 8000, but it is made
available to the outside world as `wordpress.example.org`.
Next we will create a dedicated network for Interlock and the extensions:
When users access `wordpress.example.org`, the HTTP routing mesh routes
the request to the service running WordPress in a way that is transparent to
them.
```bash
$> docker network create -d overlay interlock
```
## Enable the routing mesh
Now we can create the Interlock service. Note the requirement to constrain to a manager. The
Interlock core service must have access to a Swarm manager, however the extension and proxy services
are recommended to run on workers. See the [Production](production.md) section for more information
on setting up for an production environment.
To enable the HTTP routing mesh, Log in as an administrator, go to the
UCP web UI, navigate to the **Admin Settings** page, and click the
**Routing Mesh** option. Check the **Enable routing mesh** option.
```bash
$> docker service create \
--name interlock \
--mount src=/var/run/docker.sock,dst=/var/run/docker.sock,type=bind \
--network interlock \
--constraint node.role==manager \
--config src=service.interlock.conf,target=/config.toml \
interlockpreview/interlock:2.0.0-preview -D run -c /config.toml
sjpgq7h621exno6svdnsvpv9z
```
![http routing mesh](../../images/interlock-install-3.png){: .with-border}
There should be three (3) services created. One for the Interlock service,
one for the extension service and one for the proxy service:
```bash
$> docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
lheajcskcbby modest_raman replicated 1/1 nginx:alpine *:80->80/tcp *:443->443/tcp
oxjvqc6gxf91 keen_clarke replicated 1/1 interlockpreview/interlock-extension-nginx:2.0.0-preview
sjpgq7h621ex interlock replicated 1/1 interlockpreview/interlock:2.0.0-preview
```
The Interlock traffic layer is now deployed. Continue with the [Deploying Applications](/usage/index.md) to publish applications.
By default, the routing mesh service listens on port 80 for HTTP and port
8443 for HTTPS. Change the ports if you already have services that are using
them.

82
datacenter/ucp/3.0/guides/interlock/install/manual-deployment.md Normal file
View File

@ -0,0 +1,82 @@
---
title: Deploy Interlock manually
description: Learn about Interlock, an application routing and load balancing system
for Docker Swarm.
keywords: ucp, interlock, load balancing
---
## Requirements
- [Docker](https://www.docker.com) version 17.06+ is required to use Interlock
- Docker must be running in [Swarm mode](https://docs.docker.com/engine/swarm/)
- Internet access (see [Offline Installation](offline.md) for installing without internet access)
## Deployment
Interlock uses a configuration file for the core service. The following is an example config
to get started. In order to utilize the deployment and recovery features in Swarm we will
create a Docker Config object:
```bash
$> cat << EOF | docker config create service.interlock.conf -
ListenAddr = ":8080"
DockerURL = "unix:///var/run/docker.sock"
PollInterval = "3s"
[Extensions]
[Extensions.default]
Image = "interlockpreview/interlock-extension-nginx:2.0.0-preview"
Args = ["-D"]
ProxyImage = "nginx:alpine"
ProxyArgs = []
ProxyConfigPath = "/etc/nginx/nginx.conf"
ServiceCluster = ""
PublishMode = "ingress"
PublishedPort = 80
TargetPort = 80
PublishedSSLPort = 443
TargetSSLPort = 443
[Extensions.default.Config]
User = "nginx"
PidPath = "/var/run/proxy.pid"
WorkerProcesses = 1
RlimitNoFile = 65535
MaxConnections = 2048
EOF
oqkvv1asncf6p2axhx41vylgt
```
Next we will create a dedicated network for Interlock and the extensions:
```bash
$> docker network create -d overlay interlock
```
Now we can create the Interlock service. Note the requirement to constrain to a manager. The
Interlock core service must have access to a Swarm manager, however the extension and proxy services
are recommended to run on workers. See the [Production](production.md) section for more information
on setting up for an production environment.
```bash
$> docker service create \
--name interlock \
--mount src=/var/run/docker.sock,dst=/var/run/docker.sock,type=bind \
--network interlock \
--constraint node.role==manager \
--config src=service.interlock.conf,target=/config.toml \
interlockpreview/interlock:2.0.0-preview -D run -c /config.toml
sjpgq7h621exno6svdnsvpv9z
```
There should be three (3) services created. One for the Interlock service,
one for the extension service and one for the proxy service:
```bash
$> docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
lheajcskcbby modest_raman replicated 1/1 nginx:alpine *:80->80/tcp *:443->443/tcp
oxjvqc6gxf91 keen_clarke replicated 1/1 interlockpreview/interlock-extension-nginx:2.0.0-preview
sjpgq7h621ex interlock replicated 1/1 interlockpreview/interlock:2.0.0-preview
```
The Interlock traffic layer is now deployed. Continue with the [Deploying Applications](/usage/index.md) to publish applications.

5
datacenter/ucp/3.0/guides/user/services/use-domain-names-to-access-services.md
View File

@ -14,9 +14,8 @@ to users at `http://wordpress.example.org`.
## Enable the HTTP routing mesh
Before you start, make sure an administrator user has
[enabled the HTTP routing mesh service](../../admin/configure/use-domain-names-to-access-services.md).
You also need permissions to attach services to the `ucp-hrm` network.
Before you start, make sure an administrator user has enabled the HTTP routing
mesh service You also need permissions to attach services to the `ucp-hrm` network.
## Deploy WordPress