How to use docker virtual network

Docker is one of the most popular containerization platforms currently, which can greatly simplify the deployment and management of applications. One of the most important features is Docker virtual network, which helps users create multiple containers on a separate physical machine and work collaboratively while providing good network isolation and security.

In this article, we will introduce how to use docker virtual network to build communication and network interoperability between containers, and also introduce the importance of network isolation and security.

1. Create and manage docker virtual network

First, we need to create a docker virtual network. You can use the following command to create a virtual network named "my-network":

docker network create my-network

After creating the network, you can use the following command to list the current docker virtual network:

docker network ls

The running results are as follows :

NETWORK ID          NAME                DRIVER              SCOPE
6e8c0391c9ac        bridge              bridge              local
a8a551c45849        host                host                local
d6a050011a56        my-network          bridge              local
69f86bb8f6bc        none                null                local

Now that we have created a virtual network called "my-network", we can use it to create containers and communicate.

2. Connect containers to docker virtual network

Next, we will create two containers and connect them to the "my-network" virtual network we just created . We use the --network parameter to connect the container to the virtual network.

Use the following command to start a container named "webserver" and connect it to the virtual network:

docker run --name webserver --network my-network -p 8080:80 -d nginx

In the above command, we used the "nginx" image to create our container. The -p parameter maps the docker container's port "80" to the physical machine's port "8080".

We can also use a similar method to create a second container and connect it to the virtual network:

docker run --name database --network my-network -e MYSQL_ROOT_PASSWORD=password -d mysql

In the above command, we use the "mysql" image to create our container , and set a MySQL root password.

Now, we have created two containers and connected them to the virtual network we created.

3. Testing communication between containers

To test that our containers are communicating successfully, we can use a simple HTML page in the "webserver".

First, we enter the "webserver" container and install the text editor nano using the following command:

docker exec -it webserver apt-get update
docker exec -it webserver apt-get install nano

Then, we create a simple index.html page using the nano text editor:

docker exec -it webserver nano /usr/share/nginx/html/index.html

In the page, we add the following content:

<!DOCTYPE html>
<html>
<head>
<title>Welcome to my website</title>
</head>
<body>
<p>Hello from webserver!</p>
<?php
$servername = "database";
$username = "root";
$password = "password";

// Create connection
$conn = new mysqli($servername, $username, $password);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
echo "Connected successfully to database";
?>
</body>
</html>

In the above code, we add a text message to the page, and a PHP script to connect to the MySQL database in the "database" container.

Now, we can just use the following URL on the physical machine's web browser to open the page:

http://127.0.0.1:8080

The page will display "Hello from webserver!" and a successful connection message.

Meanwhile, if we run the "docker logs database" command on the "database" container, we will see the following output:

...
Version: '5.7.22'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
2019-05-22T20:02:24.809716Z 0 [Note] Event Scheduler: Loaded 0 events
Connected successfully to database

This indicates that the communication between the two containers is normal , and our test page can successfully connect to the MySQL database on the "database" container.

4. Network isolation and security

Another important role of docker virtual network is to provide network isolation and security between different containers. For example, if we run a malicious code in the "webserver" container, it will not be able to access and affect other containers.

In addition, we can also use docker virtual network to restrict container access to external networks. For example, we can increase the security of our application by creating a virtual network and ensuring that containers can only communicate with other containers in that network and cannot access other containers on the Internet.

5. Summary

In this article, we introduced how to use docker virtual network to connect different containers and enable communication between containers. We also learned how docker virtual networks provide network isolation and security.

Virtual network is a very important feature in docker, which can be used to build powerful containerized applications and provide good security. If you are building an application using docker, be sure to consider using virtual networks to improve your application security and efficiency.

The above is the detailed content of How to use docker virtual network. For more information, please follow other related articles on the PHP Chinese website!