mirror of https://github.com/docker/docs.git
79 lines
3.3 KiB
Markdown
79 lines
3.3 KiB
Markdown
---
|
|
title: Use domain names to access services
|
|
description: Docker Universal Control Plane has an HTTP routing mesh that
|
|
allows you to make your services accessible through a domain name. Learn more.
|
|
keywords: ucp, services, http, dns
|
|
---
|
|
|
|
Docker has a transport-layer load balancer, also know as an L4 load balancer.
|
|
This allows you to access your services independently of the node they are
|
|
running.
|
|
|
|
|
|
|
|
In this example, the wordpress service is being served on port 8080.
|
|
Users can access wordpress using the IP address of any node
|
|
in the cluster and port 8080. If wordpress is not running in that node, the
|
|
request is redirected to a node that is.
|
|
|
|
UCP extends this and provides an http routing mesh for application-layer
|
|
load balancing. This allows you to access services with HTTP and HTTPS endpoints
|
|
using a domain name instead of an IP.
|
|
|
|
|
|
|
|
In this example, the Wordpress service listens on port 8080 and is attached to
|
|
the `ucp-hrm` network. There's also a DNS entry mapping `wordpress.example.org`
|
|
to the IP addresses of the UCP nodes.
|
|
|
|
When users access `wordpress.example.org:80`, the HTTP routing mesh routes
|
|
the request to the service running Wordpress in a way that is transparent to
|
|
the user.
|
|
|
|
## Enable the HTTP routing mesh
|
|
|
|
To enable the HTTP routing mesh, go to the **UCP web UI**, navigate to the
|
|
**Settings** page, and click the **Routing Mesh** option.
|
|
Check the **Enable HTTP routing mesh** option.
|
|
|
|
{: .with-border}
|
|
|
|
By default the HTTP routing mesh service listens on port 80 for HTTP and port
|
|
8443 for HTTPS. Change the ports if you already have services that are using
|
|
them.
|
|
|
|
## Under the hood
|
|
|
|
Once you enable the HTTP routing mesh, UCP deploys:
|
|
|
|
| Name | What | Description |
|
|
|:----------|:--------|:------------------------------------------------------------------------------|
|
|
| `ucp-hrm` | Service | Receive HTTP and HTTPS requests and send them to the right service |
|
|
| `ucp-hrm` | Network | The network used to communicate with the services using the HTTP routing mesh |
|
|
|
|
You then deploy a service that exposes a port, attach that service to the
|
|
`ucp-hrm` network, and create a DNS entry to map a domain name to the IP
|
|
address of the UCP nodes.
|
|
|
|
When a user tries to access an HTTP service from that domain name:
|
|
|
|
1. The DNS resolution will point them to the IP of one of the UCP nodes
|
|
2. The HTTP routing mesh looks at the Hostname header in the HTTP request
|
|
3. If there's a service that maps to that hostname the request is routed to the
|
|
port where the service is listening
|
|
4. If not, the user receives an HTTP 503, bad gateway error
|
|
|
|
For services exposing HTTPS things are similar. The HTTP routing mesh doesn't
|
|
terminate the TLS connection, and instead leverages an extension to TLS called
|
|
Server Name Indication, that allows a client to announce in clear the domain
|
|
name it is trying to reach.
|
|
|
|
When receiving a connection in the HTTPS port, the routing mesh looks at the
|
|
Server Name Indication header and routes the request to the right service.
|
|
The service is responsible for terminating the HTTPS connection.
|
|
|
|
|
|
## Where to go next
|
|
|
|
* [Run only the images you trust](run-only-the-images-you-trust.md)
|