Docker Community Forums

Share and learn in the Docker community.

Port address for UCP-Swarm cluster

(Mreferre) #1

I will admit that I am (still) a bit confused about all of the ports / redirects etc but there is something that “annoys” me that I’d like to understand better.

When I deploy UCP a Swarm cluster gets created underneath it.

I have always thought that Swarm uses ports 3375/3376 to mimic the behaviour of a single Docker host (which is available on port 2375/2376).

The fact that with UCP you configure the Docker client to port 443 makes it logic as you can picture it as a tool building on top of other tools: ucp(443) on top of swarm (3376) on top of engine(2376).

The fact that swarm “gets exposed” on port 2376 drives me nuts as it confuses my understanding. For the records this is what I see running on the controller:

           49b60f6c0c4a        docker/ucp-controller:1.1.0   "/bin/controller serv"   5 hours ago         Up 5 hours>8080/tcp                                                                  ubuntu-dtc-1/ucp-controller
           386ed8d9454a        docker/ucp-swarm:1.1.0        "/swarm join --discov"   5 hours ago         Up 5 hours          2375/tcp                                                                                    ubuntu-dtc-1/ucp-swarm-join
           dae88bacce5d        docker/ucp-proxy:1.1.0        "/bin/run"               5 hours ago         Up 5 hours>2376/tcp                                                                ubuntu-dtc-1/ucp-proxy
          22b40ff01221        docker/ucp-etcd:1.1.0         "/bin/etcd --data-dir"   5 hours ago         Up 5 hours          2380/tcp, 4001/tcp, 7001/tcp,>12380/tcp,>2379/tcp   ubuntu-dtc-1/ucp-kv
          b42373d54af7        docker/ucp-cfssl:1.1.0        "/bin/cfssl serve -ad"   5 hours ago         Up 5 hours          8888/tcp,>12381/tcp                                                     ubuntu-dtc-1/ucp-cluster-root-ca
          c873218fcb22        docker/ucp-cfssl:1.1.0        "/bin/cfssl serve -ad"   5 hours ago         Up 5 hours          8888/tcp,>12382/tcp                                                     ubuntu-dtc-1/ucp-client-root-ca
          a20eaf4d534a        docker/ucp-swarm:1.1.0        "/swarm manage --tlsv"   5 hours ago         Up 5 hours>2375/tcp                                                                 ubuntu-dtc-1/ucp-swarm-manager
          4edc0b26dec8        docker/ucp-auth:1.1.0         "/usr/local/bin/enzi "   5 hours ago         Up 5 hours>4443/tcp                                                                ubuntu-dtc-1/ucp-auth-worker
          c4a5f0cb8e9c        docker/ucp-auth:1.1.0         "/usr/local/bin/enzi "   5 hours ago         Up 5 hours>4443/tcp                                                                ubuntu-dtc-1/ucp-auth-api
          d226493ef09d        docker/ucp-auth-store:1.1.0   "/usr/local/bin/rethi"   5 hours ago         Up 5 hours>12383-12384/tcp                                                   ubuntu-dtc-1/ucp-auth-store

(Vivek Saraswat) #2

Sorry, what’s the question here? UCP runs on port 443, catches all incoming requests, and redirects Swarm requests to port 2376 (or whatever port you set with --swarm-port). Individual TLS-enabled docker engines then run on 12376.

For a full list of ports used check out:

(Mreferre) #3

Thanks @vsaraswat. I guess the (soft) question is… given (afaik) the standard docker engine port is 2376 and the standard swarm port is 3376 … why have you chosen to use (when nothing is specified) 2376 for swarm and 12376 for the engine? Doesn’t this confuse other people? It confused me a bit (albeit I should say I am not a Docker ninja).

IMHO it would have made more sense to have 2376 for Engine, 3376 for Swarm and 443 for UCP.