docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/ee/ucp/admin/configure/_site/join-nodes/use-a-load-balancer.html

221 lines
18 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<p>Once youve joined multiple manager nodes for high-availability, you can
configure your own load balancer to balance user requests across all
manager nodes.</p>
<p><img src="../../../images/use-a-load-balancer-1.svg" alt="" /></p>
<p>This allows users to access UCP using a centralized domain name. If
a manager node goes down, the load balancer can detect that and stop forwarding
requests to that node, so that the failure goes unnoticed by users.</p>
<h2 id="load-balancing-on-ucp">Load-balancing on UCP</h2>
<p>Since Docker UCP uses mutual TLS, make sure you configure your load balancer to:</p>
<ul>
<li>Load-balance TCP traffic on ports <code class="highlighter-rouge">443</code> and <code class="highlighter-rouge">6443</code>.</li>
<li>Not terminate HTTPS connections.</li>
<li>Use the <code class="highlighter-rouge">/_ping</code> endpoint on each manager node, to check if the node
is healthy and if it should remain on the load balancing pool or not.</li>
</ul>
<h2 id="load-balancing-ucp-and-dtr">Load balancing UCP and DTR</h2>
<p>By default, both UCP and DTR use port 443. If you plan on deploying UCP and DTR,
your load balancer needs to distinguish traffic between the two by IP address
or port number.</p>
<ul>
<li>If you want to configure your load balancer to listen on port 443:
<ul>
<li>Use one load balancer for UCP, and another for DTR,</li>
<li>Use the same load balancer with multiple virtual IPs.</li>
</ul>
</li>
<li>Configure your load balancer to expose UCP or DTR on a port other than 443.</li>
</ul>
<blockquote class="important">
<p>Additional requirements</p>
<p>In addition to configuring your load balancer to distinguish between UCP and DTR, configuring a load balancer for DTR has <a href="https://docs.docker.com/ee/dtr/admin/configure/use-a-load-balancer/#load-balance-dtr">additional requirements</a>.</p>
</blockquote>
<h2 id="configuration-examples">Configuration examples</h2>
<p>Use the following examples to configure your load balancer for UCP.</p>
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#nginx" data-group="nginx">NGINX</a></li>
<li><a data-toggle="tab" data-target="#haproxy" data-group="haproxy">HAProxy</a></li>
<li><a data-toggle="tab" data-target="#aws">AWS LB</a></li>
</ul>
<div class="tab-content">
<div id="nginx" class="tab-pane fade in active">
<div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">user</span> <span class="n">nginx</span>;
<span class="n">worker_processes</span> <span class="m">1</span>;
<span class="n">error_log</span> /<span class="n">var</span>/<span class="n">log</span>/<span class="n">nginx</span>/<span class="n">error</span>.<span class="n">log</span> <span class="n">warn</span>;
<span class="n">pid</span> /<span class="n">var</span>/<span class="n">run</span>/<span class="n">nginx</span>.<span class="n">pid</span>;
<span class="n">events</span> {
<span class="n">worker_connections</span> <span class="m">1024</span>;
}
<span class="n">stream</span> {
<span class="n">upstream</span> <span class="n">ucp_443</span> {
<span class="n">server</span> &lt;<span class="n">UCP_MANAGER_1_IP</span>&gt;:<span class="m">443</span> <span class="n">max_fails</span>=<span class="m">2</span> <span class="n">fail_timeout</span>=<span class="m">30</span><span class="n">s</span>;
<span class="n">server</span> &lt;<span class="n">UCP_MANAGER_2_IP</span>&gt;:<span class="m">443</span> <span class="n">max_fails</span>=<span class="m">2</span> <span class="n">fail_timeout</span>=<span class="m">30</span><span class="n">s</span>;
<span class="n">server</span> &lt;<span class="n">UCP_MANAGER_N_IP</span>&gt;:<span class="m">443</span> <span class="n">max_fails</span>=<span class="m">2</span> <span class="n">fail_timeout</span>=<span class="m">30</span><span class="n">s</span>;
}
<span class="n">server</span> {
<span class="n">listen</span> <span class="m">443</span>;
<span class="n">proxy_pass</span> <span class="n">ucp_443</span>;
}
}
</code></pre></div> </div>
</div>
<div id="haproxy" class="tab-pane fade">
<div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">global</span>
<span class="n">log</span> /<span class="n">dev</span>/<span class="n">log</span> <span class="n">local0</span>
<span class="n">log</span> /<span class="n">dev</span>/<span class="n">log</span> <span class="n">local1</span> <span class="n">notice</span>
<span class="n">defaults</span>
<span class="n">mode</span> <span class="n">tcp</span>
<span class="n">option</span> <span class="n">dontlognull</span>
<span class="n">timeout</span> <span class="n">connect</span> <span class="m">5</span><span class="n">s</span>
<span class="n">timeout</span> <span class="n">client</span> <span class="m">50</span><span class="n">s</span>
<span class="n">timeout</span> <span class="n">server</span> <span class="m">50</span><span class="n">s</span>
<span class="n">timeout</span> <span class="n">tunnel</span> <span class="m">1</span><span class="n">h</span>
<span class="n">timeout</span> <span class="n">client</span>-<span class="n">fin</span> <span class="m">50</span><span class="n">s</span>
<span class="c">### frontends
# Optional HAProxy Stats Page accessible at http://&lt;host-ip&gt;:8181/haproxy?stats
</span><span class="n">frontend</span> <span class="n">ucp_stats</span>
<span class="n">mode</span> <span class="n">http</span>
<span class="n">bind</span> <span class="m">0</span>.<span class="m">0</span>.<span class="m">0</span>.<span class="m">0</span>:<span class="m">8181</span>
<span class="n">default_backend</span> <span class="n">ucp_stats</span>
<span class="n">frontend</span> <span class="n">ucp_443</span>
<span class="n">mode</span> <span class="n">tcp</span>
<span class="n">bind</span> <span class="m">0</span>.<span class="m">0</span>.<span class="m">0</span>.<span class="m">0</span>:<span class="m">443</span>
<span class="n">default_backend</span> <span class="n">ucp_upstream_servers_443</span>
<span class="c">### backends
</span><span class="n">backend</span> <span class="n">ucp_stats</span>
<span class="n">mode</span> <span class="n">http</span>
<span class="n">option</span> <span class="n">httplog</span>
<span class="n">stats</span> <span class="n">enable</span>
<span class="n">stats</span> <span class="n">admin</span> <span class="n">if</span> <span class="n">TRUE</span>
<span class="n">stats</span> <span class="n">refresh</span> <span class="m">5</span><span class="n">m</span>
<span class="n">backend</span> <span class="n">ucp_upstream_servers_443</span>
<span class="n">mode</span> <span class="n">tcp</span>
<span class="n">option</span> <span class="n">httpchk</span> <span class="n">GET</span> /<span class="err">_</span><span class="n">ping</span> <span class="n">HTTP</span>/<span class="m">1</span>.<span class="m">1</span>\<span class="n">r</span>\<span class="n">nHost</span>:\ &lt;<span class="n">UCP_FQDN</span>&gt;
<span class="n">server</span> <span class="n">node01</span> &lt;<span class="n">UCP_MANAGER_1_IP</span>&gt;:<span class="m">443</span> <span class="n">weight</span> <span class="m">100</span> <span class="n">check</span> <span class="n">check</span>-<span class="n">ssl</span> <span class="n">verify</span> <span class="n">none</span>
<span class="n">server</span> <span class="n">node02</span> &lt;<span class="n">UCP_MANAGER_2_IP</span>&gt;:<span class="m">443</span> <span class="n">weight</span> <span class="m">100</span> <span class="n">check</span> <span class="n">check</span>-<span class="n">ssl</span> <span class="n">verify</span> <span class="n">none</span>
<span class="n">server</span> <span class="n">node03</span> &lt;<span class="n">UCP_MANAGER_N_IP</span>&gt;:<span class="m">443</span> <span class="n">weight</span> <span class="m">100</span> <span class="n">check</span> <span class="n">check</span>-<span class="n">ssl</span> <span class="n">verify</span> <span class="n">none</span>
</code></pre></div> </div>
</div>
<div id="aws" class="tab-pane fade">
<div class="language-json highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span><span class="w">
</span><span class="s2">"Subnets"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="s2">"subnet-XXXXXXXX"</span><span class="p">,</span><span class="w">
</span><span class="s2">"subnet-YYYYYYYY"</span><span class="p">,</span><span class="w">
</span><span class="s2">"subnet-ZZZZZZZZ"</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="s2">"CanonicalHostedZoneNameID"</span><span class="p">:</span><span class="w"> </span><span class="s2">"XXXXXXXXXXX"</span><span class="p">,</span><span class="w">
</span><span class="s2">"CanonicalHostedZoneName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"XXXXXXXXX.us-west-XXX.elb.amazonaws.com"</span><span class="p">,</span><span class="w">
</span><span class="s2">"ListenerDescriptions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="s2">"Listener"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="s2">"InstancePort"</span><span class="p">:</span><span class="w"> </span><span class="mi">443</span><span class="p">,</span><span class="w">
</span><span class="s2">"LoadBalancerPort"</span><span class="p">:</span><span class="w"> </span><span class="mi">443</span><span class="p">,</span><span class="w">
</span><span class="s2">"Protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"TCP"</span><span class="p">,</span><span class="w">
</span><span class="s2">"InstanceProtocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"TCP"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="s2">"PolicyNames"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="s2">"HealthCheck"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="s2">"HealthyThreshold"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w">
</span><span class="s2">"Interval"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="p">,</span><span class="w">
</span><span class="s2">"Target"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HTTPS:443/_ping"</span><span class="p">,</span><span class="w">
</span><span class="s2">"Timeout"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w">
</span><span class="s2">"UnhealthyThreshold"</span><span class="p">:</span><span class="w"> </span><span class="mi">4</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="s2">"VPCId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"vpc-XXXXXX"</span><span class="p">,</span><span class="w">
</span><span class="s2">"BackendServerDescriptions"</span><span class="p">:</span><span class="w"> </span><span class="p">[],</span><span class="w">
</span><span class="s2">"Instances"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="s2">"InstanceId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"i-XXXXXXXXX"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="s2">"InstanceId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"i-XXXXXXXXX"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="s2">"InstanceId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"i-XXXXXXXXX"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="s2">"DNSName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"XXXXXXXXXXXX.us-west-2.elb.amazonaws.com"</span><span class="p">,</span><span class="w">
</span><span class="s2">"SecurityGroups"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="s2">"sg-XXXXXXXXX"</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="s2">"Policies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="s2">"LBCookieStickinessPolicies"</span><span class="p">:</span><span class="w"> </span><span class="p">[],</span><span class="w">
</span><span class="s2">"AppCookieStickinessPolicies"</span><span class="p">:</span><span class="w"> </span><span class="p">[],</span><span class="w">
</span><span class="s2">"OtherPolicies"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="s2">"LoadBalancerName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ELB-UCP"</span><span class="p">,</span><span class="w">
</span><span class="s2">"CreatedTime"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2017-02-13T21:40:15.400Z"</span><span class="p">,</span><span class="w">
</span><span class="s2">"AvailabilityZones"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w">
</span><span class="s2">"us-west-2c"</span><span class="p">,</span><span class="w">
</span><span class="s2">"us-west-2a"</span><span class="p">,</span><span class="w">
</span><span class="s2">"us-west-2b"</span><span class="w">
</span><span class="p">],</span><span class="w">
</span><span class="s2">"Scheme"</span><span class="p">:</span><span class="w"> </span><span class="s2">"internet-facing"</span><span class="p">,</span><span class="w">
</span><span class="s2">"SourceSecurityGroup"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="s2">"OwnerAlias"</span><span class="p">:</span><span class="w"> </span><span class="s2">"XXXXXXXXXXXX"</span><span class="p">,</span><span class="w">
</span><span class="s2">"GroupName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"XXXXXXXXXXXX"</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">}</span><span class="w">
</span></code></pre></div> </div>
</div>
</div>
<p>You can deploy your load balancer using:</p>
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#nginx-2" data-group="nginx">NGINX</a></li>
<li><a data-toggle="tab" data-target="#haproxy-2" data-group="haproxy">HAProxy</a></li>
</ul>
<div class="tab-content">
<div id="nginx-2" class="tab-pane fade in active">
<div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Create the nginx.conf file, then
# deploy the load balancer
</span>
<span class="n">docker</span> <span class="n">run</span> --<span class="n">detach</span> \
--<span class="n">name</span> <span class="n">ucp</span>-<span class="n">lb</span> \
--<span class="n">restart</span>=<span class="n">unless</span>-<span class="n">stopped</span> \
--<span class="n">publish</span> <span class="m">443</span>:<span class="m">443</span> \
--<span class="n">volume</span> ${<span class="n">PWD</span>}/<span class="n">nginx</span>.<span class="n">conf</span>:/<span class="n">etc</span>/<span class="n">nginx</span>/<span class="n">nginx</span>.<span class="n">conf</span>:<span class="n">ro</span> \
<span class="n">nginx</span>:<span class="n">stable</span>-<span class="n">alpine</span>
</code></pre></div> </div>
</div>
<div id="haproxy-2" class="tab-pane fade">
<div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Create the haproxy.cfg file, then
# deploy the load balancer
</span>
<span class="n">docker</span> <span class="n">run</span> --<span class="n">detach</span> \
--<span class="n">name</span> <span class="n">ucp</span>-<span class="n">lb</span> \
--<span class="n">publish</span> <span class="m">443</span>:<span class="m">443</span> \
--<span class="n">publish</span> <span class="m">8181</span>:<span class="m">8181</span> \
--<span class="n">restart</span>=<span class="n">unless</span>-<span class="n">stopped</span> \
--<span class="n">volume</span> ${<span class="n">PWD</span>}/<span class="n">haproxy</span>.<span class="n">cfg</span>:/<span class="n">usr</span>/<span class="n">local</span>/<span class="n">etc</span>/<span class="n">haproxy</span>/<span class="n">haproxy</span>.<span class="n">cfg</span>:<span class="n">ro</span> \
<span class="n">haproxy</span>:<span class="m">1</span>.<span class="m">7</span>-<span class="n">alpine</span> <span class="n">haproxy</span> -<span class="n">d</span> -<span class="n">f</span> /<span class="n">usr</span>/<span class="n">local</span>/<span class="n">etc</span>/<span class="n">haproxy</span>/<span class="n">haproxy</span>.<span class="n">cfg</span>
</code></pre></div> </div>
</div>
</div>
<h2 id="where-to-go-next">Where to go next</h2>
<ul>
<li><a href="../add-labels-to-cluster-nodes.md">Add labels to cluster nodes</a></li>
</ul>
Reference in New Issue View Git Blame Copy Permalink