Docker Networking

Docker networking is essential for enabling communication between containers, the host machine, and external systems. Whether you’re setting up a local development environment or deploying applications at scale, understanding Docker’s networking features is crucial for smooth integration. In this guide, we’ll cover the basics of Docker networking, including key concepts like Docker networks and ports, and show you how to manage them using the Docker CLI. You’ll also find practical examples, such as setting up a web server and database, to help solidify your understanding.

In this section, we’ll cover the following topics:

What Is a Docker Network?

What is a Network?

A network is a system of communication between computers or devices. In Docker, a network is the way containers can connect and communicate with each other or with the outside world. Think of it like the roads between buildings in a city. If you want different containers (buildings) to communicate, they need to be on the same network (road system).

Docker Network

By default, Docker containers are connected to the bridge network (a virtual Ethernet bridge) if no other network is specified. For simple use cases, especially when you're running a single container or containers that don't need to communicate with each other, you don't need to create a custom Docker network.

Note:

When you might not need to specify a network:

• Single container: If you're running a standalone container (e.g., a web server) that doesn't need to communicate with other containers, the default bridge network is usually sufficient.

docker run -d nginx

When you should set a network:

• Multiple containers communicating: If you have multiple containers that need to talk to each other (e.g., a web server talking to a database), you’ll want to set a custom Docker network to allow them to communicate by name rather than by IP address.

Example:

docker run -d --network my-network --name web-server nginx
docker run -d --network my-network --name database mysql

• Cross-host communication: If you're working with Docker Swarm or Kubernetes, you might use an overlay network to allow containers on different hosts to communicate.

Types of Docker Network

Docker provides different types of networks like bridge, host, and overlay, each serving different purposes:

• Bridge Network: Used by default for isolated communication between containers on the same machine.
• Host Network: Allows a container to share the host machine’s network stack (faster but less isolated).
• Overlay Network: Used to allow containers on different machines to communicate with each other (often used in multi-host setups like Docker Swarm).

What Is a Docker Port?

A port is like a door or entry point into a computer or service. Every service running inside a container has a port that it listens on for incoming data (like a website, database, etc.). Ports allow external systems (like a web browser or another container) to connect to a specific service inside the container.

Docker Port

When running containers, port mapping (using the -p flag) is needed when you want to expose a service running inside the container to the host machine (or external systems).

When you might not need to set a port:

Internal communication: If the container is running a service that doesn't need to be accessed from outside the container (e.g., a background task or a service used by other containers), you don't need to expose any ports. Docker will keep the service internal to the container.

docker run -d my-background-service

The service inside the container will run but won't be accessible via the host.

When you should set a port:

External access: If you're running a web server (like Nginx or Apache) or any service that needs to be accessed from outside the container (e.g., through a web browser or API), you must expose a port on the host using the -p option.

Example:

docker run -d -p 8080:80 nginx

Here, the container’s port 80 (the web server port) is exposed to port 8080 on the host machine.

Managing Docker Networks with CLI

Managing Docker networks is an essential part of container orchestration. Docker provides several commands to create, inspect, connect, and manage networks, making it easier to establish secure and isolated communication between containers. In this section, we will cover several key Docker network commands that help manage networking effectively.

1. Creating a Docker Network

The docker network create command allows you to create a custom network. By default, containers use the bridge network, but creating your own network offers greater flexibility and isolation.

docker network create

Command Syntax:

docker network create <network_name>

Example:

docker network create my_network

This creates a new network named my_network. You can then attach containers to this network to ensure they communicate within the same isolated environment.

2. Listing Docker Networks

To view all the available Docker networks, use the docker network ls command. This is useful for seeing all existing networks on your host.

docker network ls

Command Syntax:

docker network ls

This will display a list of all networks, including the default networks like bridge, host, and none, along with any custom networks you've created.

3. Inspecting a Docker Network

The docker network inspect command gives you detailed information about a specific network, including the containers connected to it, IP addresses, and configuration.

docker network inspect

Command Syntax:

docker network inspect <network_name>

Example:

docker network inspect my_network

This command will show detailed JSON output about the my_network, including information about connected containers, IP address allocations, and network settings.

4. Connecting a Container to a Network

The docker network connect command allows you to connect a running container to an existing network, enabling it to communicate with other containers on that network.

docker network connect

Command Syntax:

docker network connect <network_name> <container_name_or_id>

Example:

docker network connect my_network my_container

This connects the my_container to the my_network, enabling communication between containers on that network.

5. Disconnecting a Container from a Network

If you need to remove a container from a network, use the docker network disconnect command.

docker network disconnect

Command Syntax:

docker network disconnect <network_name> <container_name_or_id>

Example:

docker network disconnect my_network my_container

This disconnects the my_container from the my_network, effectively isolating it from other containers on that network.

6. Pruning Unused Networks

Over time, unused Docker networks can accumulate. To clean up unused networks, you can use the docker network prune command, which removes all networks that are not currently in use by any container.

docker network prune

Command Syntax:

docker network prune

This will prompt you to confirm the removal of unused networks, helping to free up system resources.

Managing Docker Ports with CLI

Docker ports are a vital aspect of container communication, enabling external access to the services running inside containers. Managing Docker ports effectively ensures that applications inside containers can be reached from the host system or external networks. In this section, we will explore the Docker CLI commands used to manage and interact with Docker ports.

1. Exposing Ports When Running a Container

When you start a container, you can expose a port from the container to the host using the -p option. This is essential for making the services inside the container accessible externally (e.g., a web server or database).

docker run -p

Command Syntax:

docker run -p <host_port>:<container_port> <image_name>

Example:

docker run -p 8080:80 nginx

In this example, port 80 inside the container (where the Nginx server runs) is mapped to port 8080 on the host. This makes the Nginx web server accessible by browsing to http://localhost:8080 on the host system.

2. Listing the Exposed Ports of a Running Container

You can view the exposed ports of a container using the docker port command. This command displays which ports from inside the container are mapped to the host system.

docker port

Command Syntax:

docker port <container_name_or_id>

Example:

docker port my_container

This will display the port mappings for the container named my_container. For example:

80/tcp -> 0.0.0.0:8080

Case Study: Using Docker Networks for a Web Server and Database

In this case study, we will walk through setting up a simple web app and a database container using Docker. We’ll use a Python-based web application as an example. The Python web app will allow users to input data into the database and view the results through a web browser. We will use Flask, a lightweight and flexible Python web application framework, for its simplicity and beginner-friendly design, making it ideal for quickly building and testing web apps. MySQL will be used as the database.

Through this case study, we will cover how to configure Docker networks and expose ports to allow communication between the web server and the database, making them accessible from outside the container.

Step 1: Create a Custom Docker Network

Create the Network:
Run the following command to create a network named my_network:

docker network create my_network

Verify the Network:
Check that the network was created successfully:

docker network ls

Example Result:

NETWORK ID     NAME          DRIVER    SCOPE
1a2b3c4d5e6f   bridge        bridge    local
2b3c4d5e6f7g   host          host      local
3c4d5e6f7g8h   my_network    bridge    local
4d5e6f7g8h9i   none          null      local

In this result, my_network is the custom network we just created.

Step 2: Set Up the MySQL Database

1. Run the MySQL Container:

Start the MySQL container with the necessary environment variables and connect it to the my_network network:

docker run -d --name mysql_db --network my_network \
    -e MYSQL_ROOT_PASSWORD=rootpassword \
    -e MYSQL_DATABASE=testdb \
    -e MYSQL_USER=testuser \
    -e MYSQL_PASSWORD=testpassword \
    -p 3306:3306 mysql:latest

Explanation of Docker Network Settings:

--network my_network: This flag connects the container to the custom Docker network (my_network) created earlier. Containers on the same network can communicate with each other by using their container names as hostnames. For example, the Flask app will use mysql_db as the hostname to connect to this MySQL container.

2. Verify the Database Container:

Check that the MySQL container is running:

docker ps

Example Result:

3. Verify the Network Connection:

After starting the container, you can inspect the network to confirm that the mysql_db container is connected:

docker network inspect my_network

Here’s an example output of the docker network inspect my_network command, showing only the part related to the mysql_db container:

{
    "Name": "my_network",
    "Id": "3c4d5e6f7g8h9i",
    "Created": "2025-01-27T12:00:00.000000000Z",
    "Scope": "local",
    "Driver": "bridge",
    "Containers": {
        "123456789abcde": {
            "Name": "mysql_db",
            "EndpointID": "abcd1234efgh5678ijkl9101mnopqrs",
            "MacAddress": "02:42:ac:11:00:02",
            "IPv4Address": "172.18.0.2/16",
            "IPv6Address": ""
        }
    }
}

Explanation of Key Fields:

• "Name": The name of the container (mysql_db) connected to the network.
• "EndpointID": A unique identifier for the container's network endpoint.
• "MacAddress": The MAC address assigned to the container within this network.
• "IPv4Address": The container's IP address (172.18.0.2) within the my_network bridge network.
• "IPv6Address": Empty because IPv6 is not configured in this example.

This output confirms that the mysql_db container is connected to the my_network network and can be accessed via its IP address or container name (mysql_db).

Step 3: Prepare the Python Flask Application

1. Create a Project Folder:

Organize your project files in a dedicated folder to keep everything structured. This folder will contain the Python Flask application and related files.

mkdir docker-network-case
cd docker-network-case

The ch4-docker-network-demo folder will serve as the working directory for the case study.

2. Create the app.py File:

Inside the ch4-docker-network-demo folder, create a file named app.py. This script will handle the web application logic, database connection, and data entry form.

touch app.py

If you're using a text editor like VS Code, you can create a file using its graphical user interface (GUI) to create the file.

3. Add Flask Code to app.py:

Open the app.py file in your preferred text editor and paste the following code:

This script creates a web application to insert and view data in the MySQL database.

from flask import Flask, request, render_template_string
import mysql.connector

app = Flask(__name__)

# Database configuration
db_config = {
    'host': 'mysql_db',
    'user': 'testuser',
    'password': 'testpassword',
    'database': 'testdb'
}

html_template = """
<!DOCTYPE html>
<html>
<head>
    <title>Data Entry</title>
</head>
<body>
    <h1>Enter Data into MySQL Database</h1>
    <form method="POST">
        Name: <input type="text" name="name" required><br><br>
        Age: <input type="number" name="age" required><br><br>
        <button type="submit">Submit</button>
    </form>
    <h2>Entries:</h2>
    <ul>
        {% for entry in entries %}
            <li>{{ entry[0] }} ({{ entry[1] }} years old)</li>
        {% endfor %}
    </ul>
</body>
</html>
"""

@app.route('/', methods=['GET', 'POST'])
def index():
    conn = mysql.connector.connect(**db_config)
    cursor = conn.cursor()
    cursor.execute("CREATE TABLE IF NOT EXISTS people (name VARCHAR(255), age INT)")

    if request.method == 'POST':
        name = request.form['name']
        age = request.form['age']
        cursor.execute("INSERT INTO people (name, age) VALUES (%s, %s)", (name, age))
        conn.commit()

    cursor.execute("SELECT * FROM people")
    entries = cursor.fetchall()
    conn.close()

    return render_template_string(html_template, entries=entries)

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000)

Step 4: Run the Python Flask App

1. Start the Flask App Container:

Use the official Python Docker image to run the Flask app, mounting the app.py file into the container and connecting it to the custom network.

docker run -d --name web_app --network my_network \
    -v $(pwd)/app.py:/app/app.py \
    -w /app \
    -p 5000:5000 \
    python:3.9-slim \
    sh -c "pip install flask mysql-connector-python && python app.py"

Explanation of Docker Network Settings:

• --network my_network: This connects the Flask app container to the custom Docker network (my_network). Containers on the same network can communicate with each other by their container names. In this case, the Flask app connects to the MySQL database using the hostname mysql_db.
• -p 5000:5000: Flask uses port 5000 by default for its development server. This port is widely recognized for Flask applications, making it a standard choice.

    -p 5000:5000 \

docker: Error response from daemon: Conflict. The container name "/web_app" is already in use by container "abd71a17dc3ee74ee1d8b38545cfa084d3811bc30f0c946855c40f50d7d13d4c". You have to remove (or rename) that container to be able to reuse that name.

Bind Mount Note:

• -v $(pwd)/app.py:/app/app.py: This is an example of a bind mount, which allows us to map the app.py file on our local system to the /app/app.py path inside the container. Any changes to the local file are reflected instantly in the container.
• Note: Bind mounts will be covered in more detail in the next section, where we’ll explore how they work and why they are useful.

2. Verify the Flask App Container:

Use the docker ps command to confirm that the Flask app container is running. If everything is set up correctly, you should see output similar to this:

Step 5: Test the Application

1. Access the Web App:

Open your browser and go to:

http://localhost:5000 (or http://localhost:5001 if using port 5001).

The web app includes a simple form where you can enter a name and age. Below the form, it displays a list of all entries stored in the database, showing names and their corresponding ages.

2. Test the Web App Functionality:

Enter a name and age in the form and click "Submit." The data will be stored in the MySQL database and displayed on the same page.

Step 6: Clean Up

Cleaning up unused Docker resources ensures your environment stays clean and frees up disk space, especially when working on multiple projects.

1. Stop and Remove Containers:

First, stop the running containers for the Flask app and MySQL database:

docker stop web_app mysql_db

Then, remove the stopped containers:

docker rm web_app mysql_db

2. Remove the Custom Docker Network:

Delete the my_network network:

docker network rm my_network

3. Clean Up Docker Images:

If you no longer need the downloaded images (e.g., Python and MySQL), you can remove them to free up disk space:

docker rmi python:3.9-slim mysql:latest

4. Verify Cleanup:

Ensure no containers, networks, or images remain:

1. Ensure No Containers Remain:

Use the following command to check that all containers, including stopped ones, have been removed:

docker ps -a

2. Check Network Status:

Verify that the custom network my_network has been deleted:

docker network ls

NETWORK ID     NAME      DRIVER    SCOPE
1a2b3c4d5e6f   bridge    bridge    local
2b3c4d5e6f7g   host      host      local
3c4d5e6f7g8h   none      null      local

3. Ensure No Images Remain:

Check for leftover Docker images:

docker images

These steps confirm that the custom containers, networks, and images associated with the project have been successfully cleaned up.

Summary of Steps

Step 1: Create a Custom Docker Network: Set up a custom Docker network (my_network) to enable communication between the Flask app and MySQL database.

Step 2: Configure the MySQL Database: Start a MySQL container with appropriate environment variables and connect it to the my_network network.

Step 3: Prepare the Python Flask Application: Create the app.py file with Flask and MySQL integration, and refer to the official Flask documentation for more details.

Step 4: Run the Flask App Using Bind Mounts: Use the official Python Docker image to run the app, and bind-mount the app.py file into the container for real-time updates.

Step 5: Test the Application: Access the Flask app at http://localhost:5000 (or use port 5001 if port 5000 is unavailable), submit data, and see results displayed on the browser.

Step 6: Clean Up: Stop and remove the containers. Delete the custom network and docker images.

Summary of Docker Network Commands

Below is a list of essential Docker network commands along with a one-line explanation for each:

This summary provides a quick reference to essential Docker network commands, helping you manage container communication and networking efficiently.