Configure the layer 7 routing service

Estimated reading time: 1 minute

When enabling the layer 7 routing solution from the UCP web UI, you can configure the ports for incoming traffic. If you want to further customize the layer 7 routing solution, you can do it by updating the ucp-interlock service with a new Docker configuration.

Here’s how it works:

  1. Find out what configuration is currently being used for the ucp-interlock service and save it to a file:

    CURRENT_CONFIG_NAME=$(docker service inspect --format '{{ (index .Spec.TaskTemplate.ContainerSpec.Configs 0).ConfigName }}' ucp-interlock)
    docker config inspect --format '{{ printf "%s" .Spec.Data }}' $CURRENT_CONFIG_NAME > config.toml
  2. Make the necessary changes to the config.toml file. Learn about the configuration options available.

  3. Create a new Docker configuration object from the file you’ve edited:

    NEW_CONFIG_NAME="com.docker.ucp.interlock.conf-$(( $(cut -d '-' -f 2 <<< "$CURRENT_CONFIG_NAME") + 1 ))"
    docker config create $NEW_CONFIG_NAME config.toml
  4. Update the ucp-interlock service to start using the new configuration:

    docker service update \
      --config-rm $CURRENT_CONFIG_NAME \
      --config-add source=$NEW_CONFIG_NAME,target=/config.toml \

By default the ucp-interlock service is configured to pause if you provide an invalid configuration. The service won’t restart without a manual intervention.

If you want the service to automatically rollback to a previous stable configuration, you can update it with:

docker service update \
  --update-failure-action rollback \

Another thing to be aware is that every time you enable the layer 7 routing solution from the UCP UI, the ucp-interlock service is started using the default configuration.

If you’ve customized the configuration used by the ucp-interlock service, you’ll have to update it again to use the Docker configuration object you’ve created.

routing, proxy