Docker Networking Deep Dive

Network Drivers

Bridge Networks

# Create a custom network
docker network create myapp-net

# Run containers on the network
docker run -d --name web --network myapp-net nginx
docker run -d --name api --network myapp-net myapi

# Containers can reach each other by name
docker exec web ping api

Default vs Custom Bridge

Exposing Ports

# Map host port 8080 to container port 80
docker run -p 8080:80 nginx

# Map to specific interface
docker run -p 127.0.0.1:8080:80 nginx

# Random host port
docker run -P nginx

Tip Use 127.0.0.1:PORT:PORT when the service should only be accessible via Nginx reverse proxy, not directly from the internet.

Container-to-Container Communication

# docker-compose.yml
services:
  web:
    image: nginx
    networks:
      - frontend
      - backend

  api:
    image: myapi
    networks:
      - backend

  db:
    image: postgres
    networks:
      - backend

networks:
  frontend:
  backend:

In this setup:

• web can reach both api and db
• api can reach db but not web's frontend network
• db is isolated from the frontend

Inspecting Networks

# List networks
docker network ls

# Inspect a network
docker network inspect myapp-net

# See container's network settings
docker inspect --format='{{json .NetworkSettings.Networks}}' container-name

DNS Resolution

Within a Docker network:

# Containers resolve each other by name
curl http://api:3000/health

# Full internal DNS name
curl http://api.myapp-net:3000/health

Warning Never expose database ports (-p 5432:5432) to the host. Keep databases on internal networks only, accessible through application containers.