Docker Network Infrastructure Configuration

Brief introduction

　　A large number of Internet application services include a plurality of service components, which often need to cooperate with each other via a network communication between a plurality of containers.
　　Docker currently offers maps of the container and the container port to the host host interconnect mechanism to provide network services for the container.
　　This article will explain how to use the Docker network functions. Including the use of port mapping mechanism to the container application service provider to the external network, as well as through the container interconnected systems let you perform fast network communication between multiple containers.

Container port mapping to achieve access

Container application access from the outside

　　When the container starts, if you do not specify the corresponding parameter in the outer container it is unable to access network applications and services within the container through the network.
　　When some network applications running in the container, to let the external access them, you may be designated by port mapping or -P -p parameters. When using -P flag, Docker randomly mapping a 49000 ~ 49900 port open to the interior of the container port of the network:

[root@gavin ~]# sudo docker run -d -P tomcat:latest
afe8064a2e604ebd212ec2a620fde7d0c2f72b51d298066f3e4c454df1b74e6e
[root@gavin ~]# sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
afe8064a2e60        tomcat:latest       "catalina.sh run"   13 seconds ago      Up 12 seconds       0.0.0.0:32769->8080/tcp   festive_panini

　　In this case, the use of docker ps can be seen, the local host 32769 is mapped to port 8080 of container.
　　32769 host access host port interface within the container to access the Web applications.

　　Also, you can view information about the application by docker logs command:

[root@gavin ~]# sudo docker logs afe8
28-Aug-2019 14:18:27.546 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.5.45
28-Aug-2019 14:18:27.548 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Aug 14 2019 22:21:25 UTC
28-Aug-2019 14:18:27.548 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.5.45.0
28-Aug-2019 14:18:27.549 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
28-Aug-2019 14:18:27.549 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            3.10.0-957.el7.x86_64
...

　　-p (lowercase) may be mapped to the designated port, and, only on a designated port can be bound to a container. Supported formats are ip: hostport: containerPort l ip :: containerPort I hostPort: containerPort.

All mapping interface address

　　Use hostPort: containerPort local format mapped to port 8080 of container 8080 may execute the following command:

[root@gavin ~]# sudo docker run -d -p 8080:8080 tomcat:latest
b7b692ed0bc99bf73f68b92ddca20a1ae5ab510c42ae234f76a4b36093e1fd31
[root@gavin ~]# sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
b7b692ed0bc9        tomcat:latest       "catalina.sh run"   9 seconds ago       Up 8 seconds        0.0.0.0:8080->8080/tcp    tender_wescoff

　　At this time, the default will bind all local addresses on all interfaces. Multiple use -p mark can bind multiple ports.
　　E.g:

[root@gavin ~]# sudo docker run -d -p 8088:8088 -p 8099:8099 tomcat:latest
c1629208e59a8953369b2229de6c352ae83faa00154c7acdb5178931e84bedce
[root@gavin ~]# sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                                      NAMES
c1629208e59a        tomcat:latest       "catalina.sh run"   6 seconds ago       Up 5 seconds        0.0.0.0:8088->8088/tcp, 8080/tcp, 0.0.0.0:8099->8099/tcp   nervous_robinson

Mapped to the specified port specified address

　　You can use ip: hostPort: containerPort format specified map using a specific address, such as My IP is 192.168.1.16:

[root@gavin ~]# sudo docker run -d -p 192.168.1.16:8081:8080 tomcat:latest 
7f5eab8748fe3fcb0ffd3b2828928be05f8193d88ff80d2f88aee9ae262f6114
[root@gavin ~]# sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                                      NAMES
7f5eab8748fe        tomcat:latest       "catalina.sh run"   10 seconds ago      Up 9 seconds        192.168.1.16:8081->8080/tcp                                stoic_robinson

Port mapped to any specified address

　　Any use 192.168.1.16 ip :: containerPort binding container port to port 8080, the local host will automatically assign a port:

[root@gavin ~]# sudo docker run -d -p 192.168.1.16::8080 tomcat:latest 
8108af81e853076df2a55d125b559476422df4d16c4560afd6439f51cb67bcfc
[root@gavin ~]# sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                                      NAMES
8108af81e853        tomcat:latest       "catalina.sh run"   7 seconds ago       Up 6 seconds        192.168.1.16:32768->8080/tcp                               inspiring_zhukovsky

View map port configuration

　　Use docker port to view the current port configuration mapping, you can also view the address binding:

[root@gavin ~]# sudo docker port 8108
8080/tcp -> 192.168.1.16:32768

Container Linked through communication between containers

　　Connecting the container (Linking) system is another way can interact with the container in addition to port mapping application.
　　It creates a tunnel between the source and the receiving container, the receptacle can see the information source container specified.

Custom naming container

　　Connecting systems to perform according to the name of the container. So, first you need to customize a catchy name the container.
　　Although when the container is created, the system will assign a default name, but the custom naming container has two advantages:

Since naming defined, relatively easy to remember, such as a Web application container, we can give it the name web.
When connected to other containers, it can serve as a useful reference point, such as a container connected to the Web db container.

　　Use --name tag name can be customized container:

[root@gavin ~]# sudo docker run -d -P --name web tomcat:latest
47a03555a3aa0c4581df781f906baaa0e3c0b8fcc1ebc5764ad94eb0c14716a8

　　Use docker ps to verify that the named set

[root@gavin ~]# sudo docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                                      NAMES
47a03555a3aa        tomcat:latest       "catalina.sh run"   46 seconds ago      Up 45 seconds       0.0.0.0:32770->8080/tcp                                    web

Interconnection container

　　Use --link parameter allows secure interaction between container.
　　The following create a new database container:

[root@gavin ~]# sudo docker run -d --name db postgres

　　Delete web container created earlier

[root@gavin ~]# sudo docker rm -f web

　　Then create a new web container, and connect it to the db container:

[root@gavin ~]# sudo docker run -d -P --name web --link db:db tomcat:latest

　　At this point, db container and web container creation of Internet relationships.
　　--link format parameter is --link name: alias, where name is the name of the container to be linked, alias is an alias for this connection.
　　Use docker ps view of the container connection:

[root@gavin ~]# sudo docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                      NAMES
ea74df6bc843        tomcat:latest       "catalina.sh run"        2 minutes ago       Up 2 minutes        0.0.0.0:32774->8080/tcp                                    web
44c6d026afe2        postgres            "docker-entrypoint.s…"   3 minutes ago       Up 3 minutes        5432/tcp                                                   db

　　Go to the web container ping db container:

[root@gavin ~]# sudo docker exec -ti web /bin/bash
root@ea74df6bc843:/usr/local/tomcat# ping db
PING db (172.17.0.7) 56(84) bytes of data.
64 bytes from db (172.17.0.7): icmp_seq=1 ttl=64 time=0.299 ms
64 bytes from db (172.17.0.7): icmp_seq=2 ttl=64 time=0.105 ms
64 bytes from db (172.17.0.7): icmp_seq=3 ttl=64 time=0.067 ms

　　You can see the web container has access to db container.
　　Docker between two interconnected container creates a secure tunnel, and do not map them to the host port of the host. -P is not used at boot time and -P labeled db container, thus avoiding exposure to the database on the external network port.
　　See Publication Docker connection information environment variable, using the env command to view the web container environment variables:

[root@gavin ~]# sudo docker run --name web2 --link db:db tomcat:latest env
...
DB_PORT=tcp://172.17.0.7:5432
DB_PORT_5432_TCP=tcp://172.17.0.7:5432
DB_PORT_5432_TCP_ADDR=172.17.0.7
DB_PORT_5432_TCP_PORT=5432
DB_PORT_5432_TCP_PROTO=tcp
DB_NAME=/web2/db
DB_ENV_GOSU_VERSION=1.11
DB_ENV_LANG=en_US.utf8
DB_ENV_PG_MAJOR=11
DB_ENV_PG_VERSION=11.5-1.pgdg90+1
DB_ENV_PGDATA=/var/lib/postgresql/data
...

　　Wherein the beginning of the environment variable DB is connected to a container for web db containers prefix uppercase connection alias.
　　Users can link a plurality of sub-containers to the parent vessel, such as may be linked to a plurality of web db container.

This article is my record Docker learning, content reference from "Docker technology introduction and practical"