Open in app

Sign in

Write

Sign in

Docker: Private/Public networks example

Creating public and private networks with dockers

Yeldos Balgabekov
3 min readJul 14, 2020

Full content on Docker Deep Dive is here

# Intro

In this article, I want to describe a simple networking example. I want to create two applications one of which (database) will be placed to a network with no external access to the Internet and the other application to a public facing network that will have access to the internal network as well. Thus, reaching the final state as following:

# Implementation

To create a public facing network:

docker network create frontend
`docker network create frontend`

To create an internal network for your MySQL DB:

docker network create localhost --internal

The flag --internal will guarantee that the network is not bound to any interfaces.

docker network create localhost --internal

As you can see on the diagram above, the network localhost is not connected to the internet.

Now let’s create a MySQL container:

docker container run -d --name database --network localhost -e MYSQL_ROOT_PASSWORD=P4ssW0rd0! mysql:5.7

where mysql:5.7 stands for an image, -d will run the container in a detached mode (in the background),-e is an environment varaible, and --network is a flag to choose the network (the one we’ve created priorly)

docker container run -d --name database --network localhost -e MYSQL_ROOT_PASSWORD=P4ssW0rd0! mysql:5.7

Now, let’s run a container for our front-end application:

docker container run -d --name frontend-app --network frontend nginx:latest
docker container run -d --name frontend-app --network frontend nginx:latest

As you can see the front end application was attached only to a single network frontend

You can confirm both containers are running by

docker container ls

Finally what we need to do is to attach our nginx container to our localhost network by:

docker network connect localhost frontend-app
docker network connect localhost frontend-app

# Bonus: some debugging/exploration commands (if needed):

To verify it was attached you can use

docker container inspect frontend-app

and look for the section Network. It should contain both networks: frontend and localhost

The output with jq is the following:

$ docker container inspect frontend-app | jq \ '.[].NetworkSettings.Networks'{
  "frontend": {
    "IPAMConfig": null,
    "Links": null,
    "Aliases": [
      "018ab70d297d"
    ],
    "NetworkID": "2011307a01c9081fccdd301aba379a528cd7f0a51540f027797de4be279b8abd",
    "EndpointID": "38b785db34cad53e1d6394805e661b6c262eeb4bc294fb1b1a94a8eecd90e6c9",
    "Gateway": "172.18.0.1",
    "IPAddress": "172.18.0.2",
    "IPPrefixLen": 16,
    "IPv6Gateway": "",
    "GlobalIPv6Address": "",
    "GlobalIPv6PrefixLen": 0,
    "MacAddress": "02:42:ac:12:00:02",
    "DriverOpts": null
  },
  "localhost": {
    "IPAMConfig": {},
    "Links": null,
    "Aliases": [
      "018ab70d297d"
    ],
    "NetworkID": "a187cfbc56f5f44b628e1d3b3f85f2d51da4eac480f8e73db1746ba20e18f633",
    "EndpointID": "3012abb253cfe59efa8c9fe1d39e44e95f9415bb9a6855a7efa26e9ad90bdc08",
    "Gateway": "172.19.0.1",
    "IPAddress": "172.19.0.3",
    "IPPrefixLen": 16,
    "IPv6Gateway": "",
    "GlobalIPv6Address": "",
    "GlobalIPv6PrefixLen": 0,
    "MacAddress": "02:42:ac:13:00:03",
    "DriverOpts": {}
  }
}

Using inspect command on your internal network you can see that the network is internal one and has only access from its two containers: database and frontend

$ docker network inspect localhost[
  {
    "Name": "localhost",
    "Id": "a187cfbc56f5f44b628e1d3b3f85f2d51da4eac480f8e73db1746ba20e18f633",
    "Created": "2020-07-14T13:59:10.519288081-04:00",
    "Scope": "local",
    "Driver": "bridge",
    "EnableIPv6": false,
    "IPAM": {
      "Driver": "default",
      "Options": {},
      "Config": [
        {
          "Subnet": "172.19.0.0/16",
          "Gateway": "172.19.0.1"
        }
      ]
    },
    "Internal": true,
    "Attachable": false,
    "Ingress": false,
    "ConfigFrom": {
      "Network": ""
    },
    "ConfigOnly": false,
    "Containers": {
      "018ab70d297de8a268dd1fb06e7ddd787514167b401863dfc88ce0b71343748e": {
        "Name": "frontend-app",
        "EndpointID": "3012abb253cfe59efa8c9fe1d39e44e95f9415bb9a6855a7efa26e9ad90bdc08",
        "MacAddress": "02:42:ac:13:00:03",
        "IPv4Address": "172.19.0.3/16",
        "IPv6Address": ""
      },
      "94bc219f6de1d7575dc7822093efd0dae32dbe8757bf9b97f24fa9246c1ba2f3": {
        "Name": "database",
        "EndpointID": "0e6f7f2017e37e15f6525d6ec95fb4fd9298cb8aa45e0e16796e52f11672eecd",
        "MacAddress": "02:42:ac:13:00:02",
        "IPv4Address": "172.19.0.2/16",
        "IPv6Address": ""
      }
    },
    "Options": {},
    "Labels": {}
  }
]

Full content on Docker Deep Dive is here

Docker
Network
Private
Public
Tutorial

--

--

Yeldos Balgabekov

Written by Yeldos Balgabekov

240 Followers

In love with people growth

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams