Getting Started

Consul UI

Consul UI allows operators to monitor and manage Consul clusters, and developers to use consul for service discovery and configuration. Operators can monitor node and service health, secure the cluster and services, and manage the key-value store. Developers can discover services and use the key-value to store application data through the UI. This allows developers without previous Consul experience to start using Consul right away.

You can explore the aspects of the UI described in this guide by setting up a local Consul agent with the UI enabled (according to the instructions below), or by visiting our live demo of the UI.

» Set Up Access to the UI

To set up the UI, you must enable it in the agent configuration. To view your UI, start the local agent downloaded for the previous guides.

consul agent -dev -ui -config-dir=./consul.d

The -ui flag enables the Consul UI on your local agent.

Now you can open any browser to access the UI which is available at the /ui path on the same port as the HTTP API.


At this point, the UI is insecure and does not require credentials to access it. In the final section, you will learn how to secure the UI.

» Monitor Agents and Services

In the UI, you can monitor both servers and agents. The landing page for the UI, the services page, is an overview of all services including their health, tags, type, and source. You can view all services to monitor health or select a specific service to learn more about it. For a selected service, you will be able to see how many instances there are, their health, and which agents they are registered on.

The node page will display an overview of the entire cluster including the health status. You can select individual agents to learn about their health checks, services registered, round trip time, and lock sessions.

Service Page

» Managing the Key-Value Store

The overview page for all keys is designed to have a folder-like structure. This allows you to nest objects according to application or business functions. For example, you could have a folder for each application; Redis, HAProxy, etc. Alternatively, you could nest objects on business function: operations, development, and security. You could even use a combination of these nesting options.

From the main page, you can add new key-value pairs. Then as you select specific key-value pairs, you can update or delete them.

Key Value Page

» Securing Services

To secure services, you can configure Access Control Lists (ACLs) and intentions. ACLs allow you to authenticate services' identities. To use ACLs you would first configure the cluster, however, for this simple development environment it is not necessary. If you configure ACLs you can fully manage them in the UI.

To restrict service to service communication with intentions, you must first enable Connect in your agent's configuration. Connect is enabled by default on your development agent.

Intentions Page

» UI Task Table

Below is a table with the CRUD actions available for each page.

Page Action
Services Read
Nodes Read
Key/Value Create, Read, Update, Delete
Intentions Create, Read, Update, Delete
ACLs Create, Read, Update, Delete

» Next Steps

You can also secure the UI itself with ACLs. Once you've bootstrapped the ACLs, you can limit read, write, and update permissions for the various pages in the UI. Once you have created a token with the appropriate permissions, you can add it to the UI under the ACL page. Note, The browser stores tokens that you add to the UI. To remove access, simply select "Stop using" from your tokens action menu in the token list.

To view a live demo of the Consul Web UI with multiple nodes and services.

Now that you are comfortable navigating the UI, try using the Consul CLI to accomplish the same tasks.

This is good progress, but let's explore the full value of Consul by learning how to automatically encrypt and authorize service-to-service communication with Consul Connect.