Docker Networking Advanced
Master Docker networking for container communication.
A Simple Analogy
Docker networking is like a postal system for containers. Each container has an address (IP), networks are like cities, and containers communicate through defined routes.
Network Types
| Type | Use Case | Scope | |------|----------|-------| | Bridge | Default, container-to-host | Single host | | Host | Performance critical | Host network | | Overlay | Multi-host communication | Swarm/Kubernetes | | Macvlan | Physical network access | Special use | | None | Isolated | Disabled |
Bridge Network (Default)
# Create custom bridge network
docker network create myapp-network
# Run container on network
docker run -d --name api --network myapp-network myapi:latest
docker run -d --name db --network myapp-network postgres:15
# Containers communicate by name: api:3000, db:5432
Multi-Host Networking (Overlay)
# In Docker Swarm
docker network create --driver overlay myapp-overlay
# Services on overlay network communicate across hosts
docker service create --name api --network myapp-overlay myapi:latest
docker service create --name db --network myapp-overlay postgres:15
Port Mapping
# Map container port to host
docker run -p 8080:80 nginx # Host:8080 -> Container:80
# Map to specific interface
docker run -p 127.0.0.1:8080:80 nginx # Only localhost
# Map multiple ports
docker run -p 8080:80 -p 443:443 nginx
# Random port assignment
docker run -p 80 nginx # Gets random host port
DNS and Service Discovery
# In Docker Compose, services are automatically discoverable
version: '3.8'
services:
api:
image: myapi:latest
# Accessible as: http://api:3000
db:
image: postgres:15
# Accessible as: postgresql://db:5432
# api service can connect to db service by name
# Docker's embedded DNS resolves 'db' to container IP
Network Inspect
# List networks
docker network ls
# Inspect network details
docker network inspect myapp-network
# Shows connected containers and their IPs
# Inspect container network
docker inspect container_name | grep -A 20 NetworkSettings
Advanced: Custom DNS
# Use custom DNS server
docker run --dns 8.8.8.8 --dns 8.8.4.4 myapp:latest
# In Docker Compose
version: '3.8'
services:
app:
image: myapp:latest
dns:
- 8.8.8.8
- 8.8.4.4
dns_search:
- example.com
Network Security
# Run container with no network
docker run --network none isolated-app:latest
# Limit outbound to specific hosts
docker run -d \
--cap-add=NET_RAW \
--network restricted \
myapp:latest
# In Docker Compose with explicit networks
version: '3.8'
services:
frontend:
image: frontend:latest
networks:
- frontend-net
api:
image: api:latest
networks:
- frontend-net
- backend-net
db:
image: postgres:latest
networks:
- backend-net
networks:
frontend-net:
backend-net:
Practical Example
version: '3.8'
services:
frontend:
image: frontend:latest
ports:
- "3000:3000"
networks:
- public
depends_on:
- api
api:
image: api:latest
networks:
- public
- private
depends_on:
- db
db:
image: postgres:15
networks:
- private
environment:
POSTGRES_PASSWORD: secret
networks:
public:
driver: bridge
private:
driver: bridge
internal: true # No external access
Best Practices
- Use custom networks: Better isolation
- DNS by name: More reliable than IPs
- Restrict networks: Only connect necessary services
- Monitor traffic: Use tcpdump, Wireshark
- Health checks: Verify connectivity
Related Concepts
- Docker Swarm ingress network
- Kubernetes service networking
- Reverse proxies for routing
- Container load balancing
Summary
Master Docker networking to enable secure, scalable inter-container communication. Use bridge networks for single-host development and overlay networks for multi-host production deployments.
Related Articles
Docker Basics
Get started with Docker: containers, images, and how to containerize your applications.
Read More devopsDocker Compose: Multi-Container Applications
Manage multiple containers with Docker Compose for local development.
Read More devopsDocker Multi-Stage Builds
Optimize Docker images with multi-stage builds.
Read More