Networking

  • For local dev/testing, networks usually "just works"

  • Each container by default connected to a private virtual network "bridge"

  • Each virtual network routes through NAT firewall on host IP

  • All containers on a virtual network can talk to each other without -p

  • Best practice is to create a new virtual network for each app:

    • network "my_web_app" for mysql and php/apache containers

    • network "my_api" for mongo and nodejs containers

  • "Batteries Included, But Removable"

    • Defaults work well in many cases, but easy to swap out parts to customize it

Default Security

  • Create your apps so frontend/backend sit on same Docker network

  • Their inter-communication never leaves host

  • All externally exposed ports closed by default

  • Must be manually exposed by -p, which is better default security!

DNS

  • FORGET IP's

    • Static IP's and using IP's for talking to containers is an anti-pattern. Should be avoided!

  • Docker daemon has built-in DNS server that containers use by default

  • Defaults the hostname to the container's name, but can also be set an aliases

  • Containers shouldn't rely on IP's for inter-communication

  • DNS for friendly names is built-in if you use custom networks

  • Docker Compose makes it easier to manage DNS

Several Networking diagrams

Last updated

Was this helpful?