Internal network between container Docker Compose with outgoing connection

docker docker-compose networking
15,874

Internal Docker networks mean there is no gateway configured to reach the outside internet, you can only reach other containers from that network. In your scenario, none of your networks should have this definition.

Without setting the internal network flag, containers can reach out of the docker host, potentially to the internet if the host has that access. This is one-way access, containers can access the external network, but that external network cannot access the containers.

To access a container from outside of the Docker host, you need to publish the port on the host mapping into the desired container (or service). Publishing ports with the ports section in the docker-compose.yml file is only needed to provide external access, not access between containers. Applications inside containers need to listen on all interfaces (0.0.0.0) for both publishing ports on the host and for container to container communication. However, you can publish ports on a specific interface on the host, e.g.:

ports:
  - '127.0.0.1:8825:8825'
  - '127.0.0.1:8835:8835'

For container to container communication, it is not necessary to expose or publish the port. All that is needed is a user defined network (which you have) in common between the containers. Then the containers can communicate using Docker's built-in DNS to resolve the service name (e.g. consul and mongo) and the application port inside that container (e.g. consul:8300). To avoid the external network from accessing these containers, do not publish any ports from them.

Side note: from your docker-compose.yml, you should also consider removing container_name, depends_on, and build since they won't work if you try to transition to swarm mode.

Share:
15,874

Related videos on Youtube

solderingiron
Author by

solderingiron

Updated on September 18, 2022

Comments

  • solderingiron
    solderingiron over 1 year

    I am a newbie to Docker. I am trying to run my application containing from multiple containers

    Here is my docker-compose.yml file

    version: '3.3'
services:
  php-service:
    container_name: 'php-service'
    build: './php-service'
    networks:
      - backend
    ports:
      - '8666:8666'
  go-service:
    container_name: 'go-service'
    build: './go-service'
    ports:
      - '8825:8825'
      - '8835:8835'
    volumes:
      - './go-service:/go/src/go-service'
    networks:
      - frontend
      - backend
    depends_on:
      - 'mongo'
      - 'consul'
  consul:
    image: 'consul:latest'
    networks:
      - backend
    ports:
      - "8300:8300"
      - "8400:8400"
      - "8500:8500"
      - "8600:53/udp"
  mongo:
    image: 'mongo:latest'
    container_name: 'mongo'
    networks:
      - backend
    ports:
      - '27100:27017'

networks:
  frontend:
    internal: false
  backend:
    internal: true

    What I want to achieve.

    The Outside World - is a network space of a hosting machine where the Docker daemon is running.

    1. Go-Service, PHP-Service, Consul and Mongo Db communicate over internal network not exposed to the outer world. Let's call this network backend.

    2. I want services inside backend network to be able to send outgoing requests to outer world

    3. Another network is for the outside world, I need to expose only specific ports. In my case I want to expose 8825 and 8835 only. So that ports will be exposed as localhost:8825 and localhost:8835 on the hosting machine

    Is it possible to get the desired configuration?

    Or maybe I am doing something wrong, please suggest any other good way to achieve this.

    Thank you so much

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Docker container cannot connect to host machine: No route to host
docker-compose resolve hostname in url
Using the host network with docker-compose
Using iptables rules aren't working with Docker container
Why should you do port mapping for docker containers?
How to connect from docker-compose to Host PostgreSQL?
How to expose a Docker network to the host machine?
Create networks automatically in Docker Compose
Docker-compose container using host DNS server
How to use the host network, and any other user-defined network together in Docker-Compose?