Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to understand port mapping, container link and Networking in Docker network". The explanation in this article is simple and clear and easy to learn and understand. please follow the editor's train of thought to study and learn "how to understand port mapping, container link and Networking in Docker network".

When using Docker containers, we need to access the internal network of containers, or we need to access each other between containers. The Docker container does not open any ports by default, so you need to map the container to the host to make the container externally accessible. Containers can access each other not only based on port mapping, but also through container link (Link) or Docker network (Networking).

Port Mapping and external access Container

1.1-P bind host random port

1.2-p designated port, IP address binding

1.3 other

Container Link (Link)

2.1 naming of containers

2.2 Interconnection of containers

Docker Network (Networking)

3.1 create a network

3.2 create a container and connect to the network

3.3 Connect existing containers to the Docker network

3.4 disconnect the network and delete the network

1. Port Mapping and external access Container

After the Docker container is running, no network ports are opened by default, so the container cannot be accessed through the network. To enable the container to access the internal network of the Docker container through the external network, it is necessary to establish a mapping relationship between the container port and the host port.

When establishing a port mapping relationship between the container and the host, you can use the-P or-p parameter to specify the port mapping when running the container. The differences between the two are as follows:

The-P parameter randomly assigns a port between 49000 and 49900 to the open network (specified by EXPORT) inside the container.

-p can specify the port to be mapped, and only one container can be bound on a specified port

1.1-P bind host random port

The-P parameter randomly binds a port between 49000 and 49900 to the export port of the container running.

For example, run a container and bind the host port with-P:

$sudo docker run-d-name experss-app-P itbilu/express-app28003e2dcdcd38075d1ad68d4791c77edaca47dc3d468b0333669ba483cd7b3d

In this example, we create and run a container called express-app from the itbilu/express-app image. When running the container, we do the port mapping with the-P parameter. At this point, you can view the assigned port number through the docker ps command:

$sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES0781edb13563 itbilu/express-app "npm start" 15 seconds ago Up 14 seconds 0.0.0.0 seconds ago Up 32771-> 3000/tcp experss-app

As shown above, port 32771 of the host is bound to port 3000 of the container.

1.2-p designated port, IP address binding

If you do not want to use a random port, you can use the-p parameter to specify the port number to bind. The-p parameter can specify not only the port number, but also the IP of the host, which is very useful during use.

-p supports the following binding formats:

/ / bind host IP and port ip:hostPort:containerPort// bind host IPip::containerPort// bind host port hostPort:containerPort

Bind all the IP of the host

When using hostPort:containerPort format for host and container port mapping, all IP of the host will be bound to the container by default. Such as:

$sudo docker run-d-name experss-app-p 3000UR 3000 itbilu/express-app

In this example, port 3000 of the host is mapped to port 3000 of the container. In this case, all IP addresses on all local interfaces are bound.

Map to the specified port of the specified address

You can bind the IP and port specified by the host to the container port using the ip:hostPort:containerPort format.

For example, bind 127.0.0.1IP to the container:

$sudo docker run-d-- name experss-app-p 127.0.0.1 itbilu/express-app 3000 itbilu/express-app

Map specified address and random port

The ip::containerPort format binds the specified IP address of the host and the random port to the container port. Such as:

$sudo docker run-d-- name experss-app-p 127.0.0.1 itbilu/express-app 3000 itbilu/express-app

Use docker ps to view the assigned ports:

$sudo docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES6289a4714594 itbilu/express-app "npm start" 4 seconds ago Up 4 seconds 127.0.0.1 seconds ago Up 32768-> 3000/tcp experss-app1.3 other

In the previous example, we looked at the created container and the port bound to it through docker ps. In addition to the docker ps command, you can also use docker port to view the bound port and IP address:

$sudo docker port experss-app3000/tcp-> 127.0.0.1 purl 32768

Multiple network ports may be used inside the container. When you use the docker port command, you can specify port parameters to view the binding of the specified port of the container:

$sudo docker port experss-app 3000127.0.0.1 purl 32768

When creating / running a container, the-p parameter can be used multiple times to bind multiple container ports:

$sudo docker run-d-- name experss-app-p 3000 itbilu/express-app 3000-p 5000 itbilu/express-app

When Docker binds to a port, the TCP port is bound by default. You can also use udp tags to bind udp ports:

$sudo docker run-d-name experss-app-p 3000:3000/udp itbilu/express-app2. Container Link (Link)

The link system of the container is another way to interact with the application in the container in addition to port mapping. The system creates a tunnel between the source container and the receiving container, and the receiving container can see the information specified by the source container. The link to Docker is an abstraction layer that connects specific containers together to communicate.

2.1 naming of containers

The connection system of Docker will connect according to the name of the container, so you need to define the name of the container first. If the container command is not specified, the system randomly assigns a name. However, custom container names are relatively easy to remember.

To customize the container name, you can use the-- name parameter:

$sudo docker run-d-name db training/postgres

Command and run the container, you can view the relevant information through the docker ps command. You can also use the docker inspect command to view the name of the container:

Interconnection of $sudo docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESdb2093b13127 training/postgres "su postgres-c'/..." 4 seconds ago Up 2 seconds 5432/tcp db$ sudo docker inspect-f "{{.Name}}" db2093b13127/db2.2 containers

Use the-- link parameter to allow containers to interconnect securely.

For example, we can create a container called web and connect it to the db container as follows:

$sudo docker run-d-P-name web-- link db:db training/webapp python app.py

This creates an interconnection between web and db.

-- link parameter format

The format of the-- link parameter is-- link name:alias, where: name represents the name of the container to be connected, and alias represents the alias after the connection.

With the-- link parameter sensitive, Docker creates a secure tunnel between two interconnected containers without mapping their ports to the host host. When we started the db container earlier, we did not use the-p and-P parameters, thus avoiding exposing the database port to the external network and increasing the security of the container.

3. Docker Network (Networking)

After Docker 1.9, Docker Networking and docker network commands have been added. Connections between containers are created over a network, which is called Docker Networking.

Opening the container's internal network through port mapping is not flexible and powerful enough, and exposes the port to the external network. Container links and Dcoker Networking are better ways of handling. Versions prior to Docker 1.9 recommend using container links (Link), and Dcoker Networking is more recommended in Docker 1.9 and later. Networking has the following advantages over links:

Dcoker Networking can connect containers to containers on different hosts

Containers connected through Dcoker Networking can be stopped, started, or restarted without updating the connection. On the other hand, links need to update the network between containers by updating the configuration and restarting the corresponding containers.

Using Dcoker Networking, you can obtain the resolution and discovery of container names within the network, regardless of whether the container is running or the running order of the container.

The Docker installer will have three networks created automatically. You can view it through the docker network ls command:

$docker network lsNETWORK ID NAME DRIVER SCOPE32dfd86b7900 bridge bridge local18814c612f64 host host local7914b1c3168c none null local

In the history of Docker, these three networks were part of the implementation of Docker. When running the container, you can use-- network to specify the network on which you want to run the container, all three of which are optional.

3.1 create a network

Docker Networking allows users to create their own network through which containers can communicate with each other. Docker Networking allows containers to communicate across different hosts, and the network configuration is more flexible.

Docker Engine automatically creates a network called bridge (bridging) when the engine is installed, which corresponds to docker0 (Docker Internal Network).

In addition, users can also create their own bridge or overlay type of network. The bridge network is suitable for a single Docker engine environment where a single host runs, while the overlay network allows us to communicate across multiple hosts.

To achieve Docker Networking interconnection, first create a network using the docker network create command:

$sudo docker network create my_network32ddd24fd698665888ffa542215ae79a140b31ab3a10c96422ce2aee67b904a9

As above, we have created a network called my_network, and we can now view the new network through docker network inspect:

$sudo docker network inspect my_network [{"Name": "my_network", "Id": "32ddd24fd698665888ffa542215ae79a140b31ab3a10c96422ce2aee67b904a9", "Created": "2017-04-04T04:05:13.230681143Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {"Driver": "default" "Options": {}, "Config": [{"Subnet": "172.18.0.0 Attachable 16", "Gateway": "172.18.0.1"}]}, "Internal": false, "Attachable": false "Containers": {}, "Options": {}, "Labels": {}}]

Without adding additional parameters, a local bridging network is created. To create an overlay network, you need to have some conditions in advance. Detailed official document: Create networks

You can also see the newly created network using the docker network ls command:

$docker network lsNETWORK ID NAME DRIVER SCOPE32ddd24fd698 my_network bridge localae4ab5ad7602 bridge bridge local18814c612f64 host host local7914b1c3168c none null local3.2 creates a container and connects to the network

After you create a network, you can specify the network to be used by the container with the-- network parameter when you create the container:

$sudo docker run-d-name db-network=my_network training/postgres

Use docker network inspect to view the network situation:

$docker network inspect my_network [{"Name": "my_network", "Id": "32ddd24fd698665888ffa542215ae79a140b31ab3a10c96422ce2aee67b904a9", "Created": "2017-04-04T04:05:13.230681143Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": {"Driver": "default" "Options": {}, "Config": [{"Subnet": "172.18.0.0 Attachable 16", "Gateway": "172.18.0.1"}]}, "Internal": false, "Attachable": false "Containers": {"dccb4267650d8659e65aa3876ec6a427224111a91b4b253bb105af2295ad7a4a": {"Name": "db", "EndpointID": "6b1610e37eafbd044beb33f91f1d5d8e337da1b7376690f05b6fdeb0916edb9f", "MacAddress": "02:42:ac:12:00:02", "IPv4Address": "172.18.0.2 max 16" "IPv6Address": ""}}, "Options": {}, "Labels": {}}]

You can see that the Containers parameter of the my_network network contains the information of the container created by the network. The container in the table is connected to the network we created, and the IP address of the container is 172.18.0.2.

Next, create an interactive container and view the network inside the container:

$sudo docker run-t-I-- name web-- network=my_network training/webapp / bin/bashroot@acb03a7adec2:/opt/webapp#

Then use ping to test whether you can connect to the db container:

# ping dbPING db (172.18.0.2) 56 (84) bytes of data.64 bytes from db.my_network (172.18.0.2): icmp_seq=1 ttl=64 time=0.136 ms64 bytes from db.my_network (172.18.0.2): icmp_seq=2 ttl=64 time=0.092 ms...

Thus it can be seen that containers in the same network can access each other.

3.3 Connect existing containers to the Docker network

You can use the docker network connect command when you need to add a container that is already running to an existing network.

Delete the web container you just created and recreate it using the following command:

$sudo docker run-d-name web training/webapp python app.py

Connect this container to the network you have created called my_network:

$sudo docker network connect my_network web

Using docker network inspect to view the network, the content of the Containers node is as follows:

.. "Containers": {"7258828bc9ab9153f060aa38c24daa63e22478632270172f5a1485e0e9a4797b": {"Name": "web", "EndpointID": "457fbf4ecebaabbe6cce2e95d7b1f47e35450897de3e6a00cde835cd3305eee9", "MacAddress": "02:42:ac:12:00:03", "IPv4Address": "172.18.0.3 02:42:ac:12:00:03", "IPv6Address": ""}, "dccb4267650d8659e65aa3876ec6a427224111a91b4b253bb105af2295ad7a4a": {"Name": "db" "EndpointID": "6b1610e37eafbd044beb33f91f1d5d8e337da1b7376690f05b6fdeb0916edb9f", "MacAddress": "02:42:ac:12:00:02", "IPv4Address": "172.18.0.2 Compact 16", "IPv6Address": ""}}.

A container can be connected to multiple networks to build a very complex network model.

3.4 disconnect the network and delete the network

You can also use the docker network disconnect command to disconnect the container from the network:

$sudo docker network disconnect my_network web

This disconnects the container web from the network my_network.

After the network is no longer needed, you can use the docker network rm command to delete the network:

$sudo docker network rm my_network

Note: when deleting a network, you need to disconnect the container, otherwise the deletion will fail.

Thank you for reading, the above is the content of "how to understand port mapping, container link, Networking in Docker network". After the study of this article, I believe you have a deeper understanding of how to understand port mapping, container link and Networking in Docker network. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.