I followed these instructions here to build a 3 node Docker Swarm cluster.
In the beginning I opened multiple ports with ufw in order to communicate between the docker nodes:
# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
2376/tcp ALLOW IN Anywhere
2377/tcp ALLOW IN Anywhere
7946/tcp ALLOW IN Anywhere
7946/udp ALLOW IN Anywhere
4789/udp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
2376/tcp (v6) ALLOW IN Anywhere (v6)
2377/tcp (v6) ALLOW IN Anywhere (v6)
7946/tcp (v6) ALLOW IN Anywhere (v6)
7946/udp (v6) ALLOW IN Anywhere (v6)
4789/udp (v6) ALLOW IN Anywhere (v6)
As you can see port 80 is not open.
So, at the end of the tutorial I deployed the official nginx docker image to the cluster:
docker service create -p 80:80 --name webserver nginx
I was able to enter the IP address of my server and was presented the nginx hello world page.
Now I am wondering, why am I able to reach the webserver although port 80 is not open?
Docker sets iptables rules itself, interfering with UFW.
Try running the docker daemon with the additional command line option --iptables=false.