Docker Networking
Docker Networking
Section titled “Docker Networking”Docker creates isolated network namespaces for containers. Networking controls which containers can communicate with each other and how they’re exposed to the outside world.
Network Types
Section titled “Network Types”| Driver | Description |
|---|---|
bridge | Default for single-host containers. Isolated network with NAT. |
host | Shares the host’s network namespace — no isolation. |
none | No network access. |
overlay | Multi-host networking for Docker Swarm. |
macvlan | Assigns a MAC address to the container — appears as physical device. |
Default Bridge Network
Section titled “Default Bridge Network”All containers without a network specified join the default bridge network:
docker run -d nginx # uses default bridgedocker run -d my-app # can reach nginx by IP only (not name)The default bridge doesn’t support DNS — containers can only reach each other by IP address.
User-Defined Bridge Networks
Section titled “User-Defined Bridge Networks”Containers on the same user-defined network can resolve each other by container name:
# Create a networkdocker network create my-network
# Run containers on the networkdocker run -d --name db --network my-network postgres:16docker run -d --name api --network my-network my-api-image
# api can reach db by hostname "db"# e.g., DATABASE_URL=postgresql://db:5432/mydbPort Mapping
Section titled “Port Mapping”Expose container ports to the host:
# Map host port 8080 → container port 80docker run -p 8080:80 nginx
# Map to a specific host interfacedocker run -p 127.0.0.1:8080:80 nginx
# Map all ports declared with EXPOSEdocker run -P nginx
# Check mapped portsdocker port my-containerDocker Compose Networking
Section titled “Docker Compose Networking”Compose automatically creates a network for your project and connects all services to it. Services can reach each other by service name:
services: api: build: . environment: - DATABASE_URL=postgresql://postgres:password@db:5432/myapp # 'db' resolves to the db service's IP automatically depends_on: - db
db: image: postgres:16No manual network configuration needed — this is the recommended approach.
Custom Networks in Compose
Section titled “Custom Networks in Compose”services: frontend: networks: - public
api: networks: - public - private
db: networks: - private # db is NOT accessible from frontend
networks: public: private: internal: true # no external accessInspecting Networks
Section titled “Inspecting Networks”# List networksdocker network ls
# Inspect a network (see connected containers, IPs)docker network inspect my-network
# Connect an existing container to a networkdocker network connect my-network my-container
# Disconnectdocker network disconnect my-network my-container
# Remove unused networksdocker network pruneHost Network Mode
Section titled “Host Network Mode”Shares the host’s network stack — no isolation, no port mapping needed:
docker run --network host nginx# nginx now listens on host's port 80 directlyUse cases: performance-sensitive apps where NAT overhead matters, containers that need to scan all host ports.
Container-to-Container Communication
Section titled “Container-to-Container Communication”# Within the same network, use container namecurl http://api:3000/health
# From outside the network, use host port mappingcurl http://localhost:8080/healthExposing Services with Reverse Proxy
Section titled “Exposing Services with Reverse Proxy”In production, expose only the reverse proxy to the outside:
services: nginx: image: nginx:alpine ports: - "80:80" - "443:443" networks: - public
api: build: . networks: - public # reachable by nginx # NO ports: exposed — only nginx can reach it
networks: public:DNS in Docker
Section titled “DNS in Docker”Containers use Docker’s embedded DNS server (127.0.0.11) for name resolution. This resolves:
- Container names on the same user-defined network
- Service names in Docker Compose
- Network aliases (
--network-alias)