Configure the layer 7 routing service

Estimated reading time: 1 minute

When enabling the layer 7 routing solution from the UCP web UI, you can configure the ports for incoming traffic. If you want to further customize the layer 7 routing solution, you can do it by updating the ucp-interlock service with a new Docker configuration.

Here’s how it works:

  1. Find out what configuration is currently being used for the ucp-interlock service and save it to a file:
CURRENT_CONFIG_NAME=$(docker service inspect --format '{{ (index .Spec.TaskTemplate.ContainerSpec.Configs 0).ConfigName }}' ucp-interlock)
docker config inspect --format '{{ printf "%s" .Spec.Data }}' $CURRENT_CONFIG_NAME > config.toml
  1. Make the necessary changes to the config.toml file. Learn about the configuration options available.
  2. Create a new Docker configuration object from the file you’ve edited:
NEW_CONFIG_NAME="com.docker.ucp.interlock.conf-$(( $(cut -d '-' -f 2 <<< "$CURRENT_CONFIG_NAME") + 1 ))"
docker config create $NEW_CONFIG_NAME config.toml
  1. Update the ucp-interlock service to start using the new configuration:
docker service update \
  --config-rm $CURRENT_CONFIG_NAME \
  --config-add source=$NEW_CONFIG_NAME,target=/config.toml \
  ucp-interlock

By default the ucp-interlock service is configured to pause if you provide an invalid configuration. The service won’t restart without a manual intervention.

If you want the service to automatically rollback to a previous stable configuration, you can update it with:

docker service update \
  --update-failure-action rollback \
  ucp-interlock

Another thing to be aware is that every time you enable the layer 7 routing solution from the UCP UI, the ucp-interlock service is started using the default configuration.

If you’ve customized the configuration used by the ucp-interlock service, you’ll have to update it again to use the Docker configuration object you’ve created.

routing, proxy