Docker networking enables container communication. Here's how to configure networks effectively.
Network Types#
1# List networks
2docker network ls
3
4# Network drivers:
5# - bridge: Default for standalone containers
6# - host: Remove network isolation
7# - none: Disable networking
8# - overlay: Multi-host networking (Swarm)
9# - macvlan: Assign MAC address
10
11# Create custom bridge network
12docker network create mynetwork
13
14# Create with options
15docker network create \
16 --driver bridge \
17 --subnet 172.20.0.0/16 \
18 --gateway 172.20.0.1 \
19 --ip-range 172.20.240.0/20 \
20 mynetwork
21
22# Inspect network
23docker network inspect mynetworkBridge Networks#
1# Default bridge
2# Containers get random IP, communicate via IP only
3
4docker run -d --name container1 nginx
5docker run -d --name container2 nginx
6
7# Get container IP
8docker inspect container1 | grep IPAddress
9
10# Ping works by IP only on default bridge
11docker exec container2 ping 172.17.0.2
12
13# Custom bridge network
14# Containers can communicate by name (DNS)
15
16docker network create app-network
17
18docker run -d --name web --network app-network nginx
19docker run -d --name api --network app-network node:alpine
20
21# DNS works on custom networks
22docker exec api ping web # Works!
23
24# Connect existing container to network
25docker network connect app-network container1
26
27# Disconnect from network
28docker network disconnect app-network container1Docker Compose Networking#
1# docker-compose.yml
2version: '3.8'
3
4services:
5 web:
6 image: nginx
7 ports:
8 - "80:80"
9 networks:
10 - frontend
11 - backend
12
13 api:
14 image: node:alpine
15 networks:
16 - backend
17 - database
18
19 db:
20 image: postgres
21 networks:
22 - database
23
24networks:
25 frontend:
26 driver: bridge
27 backend:
28 driver: bridge
29 database:
30 driver: bridge
31 internal: true # No external access
32
33# Services communicate by service name
34# web can reach api at http://api:3000
35# api can reach db at postgres://db:54321# Advanced network configuration
2version: '3.8'
3
4services:
5 app:
6 networks:
7 frontend:
8 ipv4_address: 172.20.0.10
9 aliases:
10 - app.local
11
12networks:
13 frontend:
14 driver: bridge
15 ipam:
16 driver: default
17 config:
18 - subnet: 172.20.0.0/16
19 gateway: 172.20.0.1
20 driver_opts:
21 com.docker.network.bridge.name: br-frontendPort Mapping#
1# Map container port to host
2docker run -p 8080:80 nginx
3# Access at localhost:8080
4
5# Map to specific interface
6docker run -p 127.0.0.1:8080:80 nginx
7# Only accessible from localhost
8
9# Random host port
10docker run -p 80 nginx
11docker port <container> # See assigned port
12
13# UDP ports
14docker run -p 53:53/udp dns-server
15
16# Multiple ports
17docker run -p 80:80 -p 443:443 nginx1# docker-compose.yml port mapping
2services:
3 web:
4 image: nginx
5 ports:
6 - "80:80"
7 - "443:443"
8 - "127.0.0.1:8080:8080" # Localhost only
9 expose:
10 - "3000" # Only expose to other containers, not hostContainer DNS#
1# Custom DNS server
2docker run --dns 8.8.8.8 alpine
3
4# Custom hostname
5docker run --hostname myhost alpine
6
7# Add hosts entry
8docker run --add-host db:192.168.1.100 alpine
9
10# Disable DNS
11docker run --dns-opt ndots:1 alpine1# docker-compose.yml DNS settings
2services:
3 app:
4 dns:
5 - 8.8.8.8
6 - 8.8.4.4
7 dns_search:
8 - example.com
9 extra_hosts:
10 - "host.docker.internal:host-gateway"Host Networking#
1# Container uses host's network stack
2docker run --network host nginx
3
4# No port mapping needed
5# Container binds directly to host ports
6# No network isolation
7# Best performance
8
9# Use cases:
10# - Performance-critical applications
11# - Applications that need to bind to many ports
12# - Network monitoring toolsNetwork Security#
1# Isolate networks
2version: '3.8'
3
4services:
5 frontend:
6 networks:
7 - public
8
9 backend:
10 networks:
11 - public
12 - private
13
14 database:
15 networks:
16 - private # Only backend can reach it
17
18networks:
19 public:
20 driver: bridge
21 private:
22 driver: bridge
23 internal: true # No internet access1# Limit container network access
2docker run --cap-drop NET_RAW alpine # Disable ping
3
4# Read-only network config
5docker run --read-only alpine
6
7# Disable inter-container communication
8docker network create --driver bridge \
9 -o "com.docker.network.bridge.enable_icc=false" \
10 isolatedTroubleshooting#
1# Check container network settings
2docker inspect --format='{{json .NetworkSettings}}' container_name
3
4# Check connected networks
5docker inspect --format='{{range .NetworkSettings.Networks}}{{.NetworkID}}{{end}}' container_name
6
7# Test connectivity from container
8docker exec container_name ping other_container
9docker exec container_name curl http://other_container:port
10
11# Check DNS resolution
12docker exec container_name nslookup service_name
13
14# View network traffic
15docker run --rm --net container:target_container nicolaka/netshoot tcpdump
16
17# Debug network namespace
18docker run -it --net container:target_container nicolaka/netshoot
19
20# Check iptables rules
21sudo iptables -L -n -v | grep dockerMulti-Host Networking#
1# Overlay network (requires Swarm)
2docker swarm init
3docker network create -d overlay my-overlay
4
5# Connect services across hosts
6docker service create --name web --network my-overlay nginx
7
8# Attachable overlay for standalone containers
9docker network create -d overlay --attachable my-overlay1# docker-compose.yml with external network
2version: '3.8'
3
4services:
5 app:
6 networks:
7 - my-overlay
8
9networks:
10 my-overlay:
11 external: trueBest Practices#
Design:
✓ Use custom networks for isolation
✓ Separate frontend/backend/database
✓ Use internal networks for databases
✓ Name networks descriptively
Security:
✓ Limit exposed ports
✓ Use internal networks
✓ Disable ICC when not needed
✓ Use TLS for service communication
Performance:
✓ Use host networking when needed
✓ Minimize network hops
✓ Use overlay sparingly
✓ Monitor network metrics
Conclusion#
Docker networking enables flexible container communication. Use custom bridge networks for service discovery, isolate sensitive services with internal networks, and leverage Compose for multi-container networking. Proper network design improves both security and maintainability.