This topic describes how to deploy a Swarm service wherein the service manages the TLS connection by encrypting traffic from users to your Swarm service.
Deploy your Swarm service using the following example
version: "3.2" services: demo: image: mirantiseng/docker-demo command: --tls-cert=/run/secrets/cert.pem --tls-key=/run/secrets/key.pem deploy: replicas: 1 labels: com.docker.lb.hosts: app.example.org com.docker.lb.network: demo-network com.docker.lb.port: 8080 com.docker.lb.ssl_passthrough: "true" environment: METADATA: end-to-end-TLS networks: - demo-network secrets: - source: app.example.org.cert target: /run/secrets/cert.pem - source: app.example.org.key target: /run/secrets/key.pem networks: demo-network: driver: overlay secrets: app.example.org.cert: file: ./app.example.org.cert app.example.org.key: file: ./app.example.org.key
This updates the service to start using the secrets with the private key and
certificate and it labels the service with
true, thus configuring the proxy service such that TLS traffic for
app.example.org is passed to the service.
Since the connection is fully encrypted from end-to-end, the proxy service cannot add metadata such as version information or the request ID to the response headers.