Home Explore Blog CI



docker
3rd chunk of `content/manuals/engine/swarm/swarm-mode.md`
d959c9a07e480532ef3dede4bbfabb07d8b5de2578289f1700000001000008e7
- [Swarm networking](./networking.md) for more information about the default address pool usage
- `docker swarm init` [CLI reference](/reference/cli/docker/swarm/init.md) for more detail on the `--default-addr-pool` flag.

### Configure the advertise address

Manager nodes use an advertise address to allow other nodes in the swarm access
to the Swarmkit API and overlay networking. The other nodes on the swarm must be
able to access the manager node on its advertise address.

If you don't specify an advertise address, Docker checks if the system has a
single IP address. If so, Docker uses the IP address with the listening port
`2377` by default. If the system has multiple IP addresses, you must specify the
correct `--advertise-addr` to enable inter-manager communication and overlay
networking:

```console
$ docker swarm init --advertise-addr <MANAGER-IP>
```

You must also specify the `--advertise-addr` if the address where other nodes
reach the first manager node is not the same address the manager sees as its
own. For instance, in a cloud setup that spans different regions, hosts have
both internal addresses for access within the region and external addresses that
you use for access from outside that region. In this case, specify the external
address with `--advertise-addr` so that the node can propagate that information
to other nodes that subsequently connect to it.

Refer to the `docker swarm init` [CLI reference](/reference/cli/docker/swarm/init.md)
for more detail on the advertise address.

### View the join command or update a swarm join token

Nodes require a secret token to join the swarm. The token for worker nodes is
different from the token for manager nodes. Nodes only use the join-token at the
moment they join the swarm. Rotating the join token after a node has already
joined a swarm does not affect the node's swarm membership. Token rotation
ensures an old token cannot be used by any new nodes attempting to join the
swarm.

To retrieve the join command including the join token for worker nodes, run:

```console
$ docker swarm join-token worker

To add a worker to this swarm, run the following command:

    docker swarm join \
    --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \
Title: Configuring Advertise Address and Managing Join Tokens in Docker Swarm
Summary
This section describes how to configure the advertise address for Docker Swarm manager nodes to ensure proper communication within the swarm, especially in multi-IP or multi-region setups, using the `--advertise-addr` option with `docker swarm init`. It also explains how to retrieve and rotate join tokens for worker and manager nodes using `docker swarm join-token` to secure swarm membership, emphasizing that token rotation only affects new nodes joining the swarm.