- For local dev/testing, networks usually "just works"
- Each container by default connected to a private virtual network "bridge"
- Each virtual network routes through NAT firewall on host IP
- All containers on a virtual network can talk to each other without -p
- Best practice is to create a new virtual network for each app:
network "my_web_app"for mysql and php/apache containers
network "my_api"for mongo and nodejs containers
- "Batteries Included, But Removable"
- Defaults work well in many cases, but easy to swap out parts to customize it
- Create your apps so frontend/backend sit on same Docker network
- Their inter-communication never leaves host
- All externally exposed ports closed by default
- Must be manually exposed by
-p, which is better default security!
- FORGET IP's
- Static IP's and using IP's for talking to containers is an anti-pattern. Should be avoided!
- Docker daemon has built-in DNS server that containers use by default
Defaults the hostname to the container's name, but can also be set an aliases
Containers shouldn't rely on IP's for inter-communication
DNS for friendly names is built-in if you use custom networks
Docker Compose makes it easier to manage DNS
Several Networking diagrams