← Back to Docker Mastery
Intermediate13 min read

Networking

Configure Docker networking — bridge networks, service discovery, port mapping, overlay networks, and DNS-based container communication.

Network Types

Docker provides several network drivers. Bridge (default) creates isolated networks on a single host. Host removes network isolation — container uses host networking directly. None disables networking entirely.

Overlay networks span multiple Docker hosts for Swarm and Kubernetes. Macvlan assigns MAC addresses for legacy applications needing direct network access.

  • Bridge is the default — containers on the same bridge can communicate
  • Host networking removes port mapping — container binds directly to host ports
  • Custom bridge networks enable automatic DNS resolution by container name
docker network ls
docker network create app-network
docker run -d --network app-network --name api myapp
docker run -d --network app-network --name web nginx

Service Discovery

Containers on the same user-defined bridge network resolve each other by name. Docker embedded DNS server (127.0.0.11) handles name resolution. No need to hardcode IP addresses.

In Docker Compose, service names are automatically registered as DNS names. A web service connects to http://api:3000 and Docker resolves api to the correct container IP.

# Container A can reach Container B by name
docker run -d --name db --network app-net postgres:16
docker run -d --name api --network app-net \
  -e DATABASE_HOST=db myapp

# api connects to db:5432 via Docker DNS

Port Mapping

Publish container ports to the host with -p host:container. Bind to specific interfaces with -p 127.0.0.1:8080:80 for localhost-only access. Use -p 8080:80/udp for UDP ports.

In production, place a reverse proxy (nginx, Traefik) in front of containers rather than exposing application ports directly. The proxy handles TLS, routing, and load balancing.

# Bind to all interfaces
docker run -p 8080:80 nginx

# Localhost only
docker run -p 127.0.0.1:8080:80 nginx

# Random host port
docker run -P nginx  # Maps all EXPOSE ports

Network Inspection and Debugging

Debug networking with docker network inspect to view connected containers and IP assignments. Use docker exec to test connectivity with ping, curl, or nslookup from inside containers.

Common issues: containers on different networks cannot communicate, port conflicts on the host, and firewall rules blocking published ports.

docker network inspect app-network
docker exec api ping db
docker exec api nslookup db
docker exec api curl http://web:80/health

Production Networking Patterns

Use a reverse proxy container on the edge network. Application containers sit on an internal network with no published ports. Only the proxy exposes ports 80/443.

For multi-host deployments, overlay networks with encrypted communication (--opt encrypted) connect containers across nodes. Kubernetes and Swarm manage overlay networks automatically.

services:
  proxy:
    image: traefik:v3
    ports: ["80:80", "443:443"]
    networks: [edge]
  api:
    image: myapp
    networks: [edge, internal]
  db:
    image: postgres:16
    networks: [internal]

networks:
  edge:
  internal:
    internal: true

Get In Touch

Ready to discuss your next project? Drop me a message.