Docker is one of the most popular containerization platforms currently, which can greatly simplify the deployment and management of applications. One of the most important features is Docker virtual network, which helps users create multiple containers on a separate physical machine and work collaboratively while providing good network isolation and security.
In this article, we will introduce how to use docker virtual network to build communication and network interoperability between containers, and also introduce the importance of network isolation and security.
First, we need to create a docker virtual network. You can use the following command to create a virtual network named "my-network":
docker network create my-network
After creating the network, you can use the following command to list the current docker virtual network:
docker network ls
The running results are as follows :
NETWORK ID NAME DRIVER SCOPE 6e8c0391c9ac bridge bridge local a8a551c45849 host host local d6a050011a56 my-network bridge local 69f86bb8f6bc none null local
Now that we have created a virtual network called "my-network", we can use it to create containers and communicate.
Next, we will create two containers and connect them to the "my-network" virtual network we just created . We use the --network
parameter to connect the container to the virtual network.
Use the following command to start a container named "webserver" and connect it to the virtual network:
docker run --name webserver --network my-network -p 8080:80 -d nginx
In the above command, we used the "nginx" image to create our container. The -p
parameter maps the docker container's port "80" to the physical machine's port "8080".
We can also use a similar method to create a second container and connect it to the virtual network:
docker run --name database --network my-network -e MYSQL_ROOT_PASSWORD=password -d mysql
In the above command, we use the "mysql" image to create our container , and set a MySQL root password.
Now, we have created two containers and connected them to the virtual network we created.
To test that our containers are communicating successfully, we can use a simple HTML page in the "webserver".
First, we enter the "webserver" container and install the text editor nano using the following command:
docker exec -it webserver apt-get update docker exec -it webserver apt-get install nano
Then, we create a simple index.html page using the nano text editor:
docker exec -it webserver nano /usr/share/nginx/html/index.html
In the page, we add the following content:
<!DOCTYPE html> <html> <head> <title>Welcome to my website</title> </head> <body> <p>Hello from webserver!</p> <?php $servername = "database"; $username = "root"; $password = "password"; // Create connection $conn = new mysqli($servername, $username, $password); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } echo "Connected successfully to database"; ?> </body> </html>
In the above code, we add a text message to the page, and a PHP script to connect to the MySQL database in the "database" container.
Now, we can just use the following URL on the physical machine's web browser to open the page:
http://127.0.0.1:8080
The page will display "Hello from webserver!" and a successful connection message.
Meanwhile, if we run the "docker logs database" command on the "database" container, we will see the following output:
... Version: '5.7.22' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server (GPL) 2019-05-22T20:02:24.809716Z 0 [Note] Event Scheduler: Loaded 0 events Connected successfully to database
This indicates that the communication between the two containers is normal , and our test page can successfully connect to the MySQL database on the "database" container.
Another important role of docker virtual network is to provide network isolation and security between different containers. For example, if we run a malicious code in the "webserver" container, it will not be able to access and affect other containers.
In addition, we can also use docker virtual network to restrict container access to external networks. For example, we can increase the security of our application by creating a virtual network and ensuring that containers can only communicate with other containers in that network and cannot access other containers on the Internet.
In this article, we introduced how to use docker virtual network to connect different containers and enable communication between containers. We also learned how docker virtual networks provide network isolation and security.
Virtual network is a very important feature in docker, which can be used to build powerful containerized applications and provide good security. If you are building an application using docker, be sure to consider using virtual networks to improve your application security and efficiency.
The above is the detailed content of How to use docker virtual network. For more information, please follow other related articles on the PHP Chinese website!