Using the private network between your UpCloud servers when initializing the swarm ensures the connections will remain secure. However, when publishing ports in the swarm, as mentioned before, they are accessible through any node\u2019s public IP. In Docker Engine 1.12, it is not possible to bind the published port to a specific IP address. If you wish to prevent direct access to the container ports, set up a firewall blocking the incoming connections to the swarm public IP addresses.<\/p>\n\n\n\n
Deploying CoreOS nodes<\/h2>\n\n\n\n
Start off by logging into your UpCloud control panel<\/a> and deploying two CoreOS nodes for the Docker Swarm and a third node for the load balancer. If you are not familiar with deploying CoreOS nodes for Docker, take a look at our introductory guide to Docker Swarm Orchestration<\/a> for a quick start guide.<\/p>\n\n\n\n Once you have the three nodes online, log into each of them with SSH.<\/p>\n\n\n\n To enable Docker Swarm mode, you will need to update CoreOS to a version that includes Docker 1.12 or newer. You can find the version numbers in the CoreOS release notes<\/a>. At the time of the update, the required Docker version was only available on the CoreOS Alpha channel. Perform the following steps on all three of your nodes to update them.<\/p>\n\n\n\n Edit the updated configuration file and change the GROUP<\/em> from stable<\/em> to alpha<\/em>.<\/p>\n\n\n\n Save the file and exit the editor, then reboot the servers.<\/p>\n\n\n\n Although CoreOS usually performs updates automatically in the background, use the following command to run the update manually.<\/p>\n\n\n\n When the update finishes, it will prompt you to restart the servers.<\/p>\n\n\n\n With the CoreOS nodes updated, verify that the Docker is running the required version.<\/p>\n\n\n\n You can then continue with configuring the swarm itself.<\/p>\n\n\n\n Enable the Swarm mode for two of the three nodes by initializing one of them as the cluster manager and then joining the second node to it. Run the command below on the node you wish to assign as the Swarm manager.<\/p>\n\n\n\n Once the initialization is complete, you will see a docker swarm<\/tt> command towards the end of the output similar to the one below.<\/p>\n\n\n\n Run the command with your swarm manager token and manager private IP on the second node to join it to the cluster.<\/p>\n\n\n\n You can see the nodes in your cluster using the command below.<\/p>\n\n\n\n Then, start the web host service with replicas for both nodes.<\/p>\n\n\n\n A short explanation of the command above. Docker creates two replicas of the latest nginx<\/em> container named backend<\/em> and publishes them to an external port 8080.<\/p>\n\n\n\n Using a load balancer outside of the Swarm allows an easy way to connect to your containers without having to worry about the cluster nodes. As all of the published services are available through any of the swarm nodes thanks to the ingress routing, the load balancer can be set to use the swarm private IP addresses without concern of which node is hosting what service.<\/p>\n\n\n\n For consistency, the load balancer will be deployed on its own single-node swarm. Open an SSH connection to your load balancer server and initialize a new swarm on it.<\/p>\n\n\n\n Next, prepare the load balancer setup by creating a default.conf file in a new directory.<\/p>\n\n\n\n Enter the following server and upstream segments in the configuration file and replace the <node private IP> placeholders with the private IP addresses of the two swarm nodes hosting your web service.<\/p>\n\n\n\n Save the file and exit the editor.<\/p>\n\n\n\n Then, create the load balancer container using the following command to publish it to port 80 and mount the configuration directory in the container.<\/p>\n\n\n\n The container will start in a matter of seconds and allow connections to the web services hosted by your Docker Swarm. You can test the load balancer by opening the load balancer server’s public IP address in your web browser.<\/p>\n\n\n If everything is running correctly, you will be greeted by the default nginx welcome page.<\/p>\n\n\n\n The Docker Swarm mode allows an easy and fast load-balancing setup with minimal configuration. Even though the swarm itself already performs a level of load balancing with the ingress mesh, having an external load balancer makes the setup simple to expand upon.<\/p>\n\n\n\n If you wish to further improve upon the redundancy of your web cluster, you should look into setting up a floating IP address between multiple load balancer servers. Follow this article to\u00a0find out more about the floating IPs on UpCloud<\/a>.<\/p>\n","protected":false},"author":3,"featured_media":27362,"comment_status":"open","ping_status":"closed","template":"","community-category":[223,274],"class_list":["post-2311","tutorial","type-tutorial","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/tutorial\/2311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/tutorial"}],"about":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/types\/tutorial"}],"author":[{"embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/comments?post=2311"}],"version-history":[{"count":0,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/tutorial\/2311\/revisions"}],"wp:attachment":[{"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/media?parent=2311"}],"wp:term":[{"taxonomy":"community-category","embeddable":true,"href":"https:\/\/upcloud.com\/global\/wp-json\/wp\/v2\/community-category?post=2311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}sudo vi \/etc\/coreos\/update.conf\n\nGROUP=alpha<\/pre>\n\n\n\n
sudo reboot<\/pre>\n\n\n\n
sudo update_engine_client -update\n...\nUpdate succeeded -- reboot needed.<\/pre>\n\n\n\n
sudo reboot\n...\nCoreOS alpha (1192.1.0)<\/pre>\n\n\n\n
docker -v\n\nDocker version 1.12.1, build 7a86f89<\/pre>\n\n\n\n
Configuring the backend nodes<\/h2>\n\n\n\n
docker swarm init --advertise-addr <manager private IP><\/pre>\n\n\n\n
docker swarm join \n--token <SWMTKN token> \n<manager private IP><\/pre>\n\n\n\n
docker node ls\n\nID HOSTNAME STATUS AVAILABILITY MANAGER STATUS\n3h39l1ex8c1i5oo2xn4qnwkj6 * node0 Ready Active Leader\n4bdtzjfa0qw799e6npb4dxvl1 node1 Ready Active<\/pre>\n\n\n\n
docker service create \n--name backend \n--replicas 2 \n--publish 8080:80 \nnginx<\/pre>\n\n\n\n
Setting up the load balancer<\/h2>\n\n\n\n
docker swarm init --advertise-addr <load balancer private IP><\/pre>\n\n\n\n
sudo mkdir -p \/data\/loadbalancer\n\nsudo vi \/data\/loadbalancer\/default.conf<\/pre>\n\n\n\n
server {\n listen 80;\n location \/ {\n proxy_pass http:\/\/backend;\n }\n}\nupstream backend {\n server <node0 private IP>:8080;\n server <node1 private IP>:8080;\n}<\/pre>\n\n\n\ndocker service create \n--name loadbalancer \n--mount type=bind,source=\/data\/loadbalancer,target=\/etc\/nginx\/conf.d \n--publish 80:80 \nnginx<\/pre>\n\n\n\n
![\"Nginx](\"https:\/\/upcloud.com\/media\/nginx_custom_default_page-2.png\")
<\/figure>\n<\/div>\n\n\nSummary<\/h2>\n\n\n\n