Yes this is being worked on. Not sure on an ETA.

Had a quick go at this in https://github.com/tpbowden/swarm-ingress-router, managed to get something reasonable working without much work (it uses a native Go reverse proxy instead of nginx/haproxy however). You can just query for labelled services and then Docker will handle all load balancing and routing for you based on the DNS name of the service which resolves to a VIP. No need for external ports on anything except the proxy as long as all frontends are on the same overlay network.

@tpbowden cool!

There is now a PR (#186) that adds Swarm service support.

You can use the ehazlett/interlock:pr-186 image for testing.

There are also example docs in that PR (153bb9f)

If the swarm has 1 manager, and 1 node (and the node is NOT a manager). This tutorial works - then fails after about 15 minutes when the nginx config on the worker node is refreshed (with the error that it is not a manager node)

Promoting the node appears to solve this issue - but it probably something that you'd want to resolve - as it is challenging to troubleshoot and doesn't fail gracefully (it actually works for the first few minutes!)

Yes there is currently a limitation that Interlock must be on managers. I'm trying to work through a solution to get it working across all.

won't specifying --constraint node.role == manager on the interlock service solve this?

from https://docs.docker.com/engine/reference/commandline/service_create/#/set-service-mode

@ehazlett is there also an option to add ssl certs via environment entry's? Not a path to the files but cat the files into the environment so you don't need to mount a volume.

@riemers not currently. however, with swarm secrets that would probably be the way to go for this.