Automated Deployment

This will deploy Shipyard using the current Docker host.


Once deployed, the script will output the URL to connect along with credential information.

Note: this will expose the Docker Engine on port 2375. It is recommended to use TLS if this node will be accessible outside a secure network.

curl -sSL | bash -s

For full usage details:

curl -sSL | bash -s -- -h
Shipyard Deploy uses the following environment variables:
  ACTION: this is the action to use (deploy, upgrade, node, remove)
  DISCOVERY: discovery system used in Swarm (only valid with the 'node' action)
  IMAGE: this overrides the default Shipyard image
  PREFIX: prefix for container names
  SHIPYARD_ARGS: these are passed to the Shipyard controller container as controller args
  TLS_CERT_PATH: path to certs to enable TLS for Shipyard
  PORT: listen port for the shipyard controller (default: 8080)
  PROXY_PORT: port for the docker proxy (default: 2375)

Note: all variables are optional.


To customize the deployment, you can specify the following environment variables.


This controls the action for the deployment. Available options are:

  • deploy: Deploy a new Shipyard instance
  • upgrade: Upgrade an existing instance (note: you will need to pass the same environment variables as when you deployed to keep the same configuration)
  • node: Add current Docker engine as a new Swarm node in the cluster
  • remove: Completely removes Shipyard


This allows you to specify the image for deployment. For example, to use the test version of shipyard you could deploy like:

curl -sSL | IMAGE=shipyard/shipyard:test bash -s


This changes the prefix of the container names when deployed. The default prefix is shipyard.

curl -sSL | PREFIX=shipyard-test bash -s


These are additional controller arguments for the Shipyard controller. See the Controller Usage for details.

curl -sSL | SHIPYARD_ARGS=" --ldap-autocreate-users" bash -s


This causes the deployment to enable TLS for all components of the system. The proxy, swarm and controller will all be configured for TLS. This is an opinionated configuration and the deployer expects the following.

The certificates in the specified path must be named as follows:

  • ca.pem: Cerfiticate Authority cert
  • server.pem: Server certificate - this must have a SAN of proxy for the internal Docker engine proxy to work properly
  • server-key.pem: Server certificate private key
  • cert.pem: Client certificate
  • key.pem: Client certificate key

These will be placed in a volume container and shared amongst the various components. If you need to debug, you can link this container to your debug container. The data container name is $PREFIX-certs.

If you need to create certificates, CertM will generate all of the needed certificates with a single command:

docker run --rm \
    -v $(pwd)/certs:/certs \
    ehazlett/certm \
    -d /certs \
    bundle \
    generate \
    -o shipyard \
    --host proxy \

You can then specify this path when deploying:

curl -sSL | TLS_CERT_PATH=$(pwd)/certs bash -s

Adding a Node

The Shipyard deploy script will automatically setup a key/value store. To add additional nodes to the Swarm cluster, you can use this script again by specifying node for the ACTION. For example, if the IP of your initial node is can add a node by running the following:

curl -sSL | ACTION=node DISCOVERY=etcd:// bash -s