faicel/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Page: 05-Docker-Swarm
Pages
00-Architecture-Overview 01-System-Hardware 02-Operating-System 03-SSH-Hardening 04-Docker-Installation 05-Docker-Swarm 06-Network-Architecture 07-Stacks-Deployment 08-Reverse-Proxy 09-Certbot-Lets-Encrypt 10-TURN-server 11-PostgreSQL-Configuration 12-MinIO-Configuration 13-Forgejo-Configuration 14-Mattermost-Configuration 15-Backup-and-Recovery 16-Security-Checklist Home
1 05-Docker-Swarm
faycel edited this page 2026-02-26 20:01:30 +00:00
Table of Contents

This page documents the initialization and configuration of Docker Swarm in single-node production mode.

Snapshot date: 2026-02
Node role: Manager (Leader)
Mode: Single-node swarm

1. Initialize Swarm

Initialize the swarm cluster:

sudo docker swarm init

Expected output:

  • Node becomes a manager
  • Swarm mode: active
  • Join token generated

2. Verify Swarm Status

Check swarm state:

sudo docker info | grep -i swarm

Expected:

Swarm: active

Check node status:

sudo docker node ls

Expected:

  • One node
  • Status: Ready
  • Availability: Active
  • Manager Status: Leader

3. Overlay Networks

Swarm requires overlay networks for inter-service communication.

Create public network:

sudo docker network create --driver overlay --attachable web

Create internal network:

sudo docker network create --driver overlay --attachable internal

Network Design

Network Purpose
web Public-facing services (Nginx, etc.)
internal Private service communication (PostgreSQL, MinIO, etc.)

Overlay networks allow:

  • Service-to-service DNS resolution
  • Isolation between public and private services
  • Multi-node scalability (future-ready)

4. Verify Networks

sudo docker network ls

Expected to see:

  • ingress
  • web
  • internal

Inspect a network:

sudo docker network inspect web

5. Swarm Security Notes

  • Only manager nodes can modify cluster state.
  • Secrets are encrypted at rest in Swarm.
  • Overlay traffic is encrypted by default between nodes.

Single-node considerations:

  • No high availability
  • Manager and worker run on same host
  • Backups are critical

6. Swarm Tokens

Retrieve manager join token:

sudo docker swarm join-token manager

Retrieve worker join token:

sudo docker swarm join-token worker

These tokens allow additional nodes to join the cluster.

Store them securely.

7. Current Production State

Current node:

sudo docker node ls

Expected state:

  • 1 Manager (Leader)
  • Status: Ready
  • Availability: Active

8. Swarm Best Practices

  • Never run application containers outside of Swarm
  • Always deploy via stack files
  • Use Docker secrets for sensitive data
  • Separate public and internal networks
  • Avoid direct container port exposure unless required
  1. Architecture Overview
  2. System Hardware
  3. Operating System
  4. SSH Hardening
  5. Docker Installation
  6. Docker Swarm Configuration
  7. Network Architecture
  8. Stacks Deployment
  9. Reverse Proxy
  10. Certbot & Let's Encrypt
  11. TURN Server (Coturn)
  12. PostgreSQL Configuration
  13. MinIO Configuration
  14. Forgejo Configuration
  15. Mattermost Configuration
  16. Backup and Recovery
  17. Security Checklist