Use service labels

Interlock uses service labels to configure how applications are published, to define the host names that are routed to the service, to define the applicable ports, and to define other routing configurations.

The following occurs when you deploy or update a Swarm service with service labels:

  1. The ucp-interlock service monitors the Docker API for events and publishes the events to the ucp-interlock-extension service.

  2. The ucp-interlock-extension service generates a new configuration for the proxy service based on the labels you have added to your services.

  3. The ucp-interlock service takes the new configuration and reconfigures ucp-interlock-proxy to start using the new configuration.

This process occurs in milliseconds and does not interrupt services.

The following table lists the service labels that Interlock uses:




Comma-separated list of the hosts for the service to serve.,

Port to use for internal upstream communication.


Name of the network for the proxy service to attach to for upstream connectivity.


Context or path to use for the application.


Changes the path from the value of label to / when set to true.


Docker secret to use for the SSL certificate.

Docker secret to use for the SSL key.

Comma-separated list of endpoints to be upgraded for websockets.


Name of the service cluster to use for the application.


Cookie to use for sticky sessions.


Semicolon-separated list of redirects to add in the format of <source>, <target>.,

Enables SSL passthrough when set to true.


Selects the backend mode that the proxy should use to access the upstreams. The default is task.