How to connect two Docker containers on the same network? (Bridge networking)

A custom bridge network (such as mynet) must be used to implement container name resolution. Docker's built-in DNS supports automatic IP update; disable --link and host port mapping, and containers communicate directly with container names.

Use docker network create to create a custom bridge network between containers

The default bridge network does not support container name resolution, and ping container_name directly will fail. You must build a user-defined bridge network yourself so that Docker will automatically enable the DNS service so that containers can discover each other by name.

• Run docker network create mynet , don’t use the default bridge
• Explicitly specify the network when starting the container: docker run --network mynet --name db ... and docker run --network mynet --name app ...
• The two containers must be in the same custom network. Cross-networks (even if they are bridged) are not accessible by default.

Use the container name as the host name to access the container, not the IP address

In a custom network, Docker's built-in DNS will map the container name to the corresponding IP and support automatic updates - for example, if the IP changes after restarting the container, the name will still be available. Hard-writing IP addresses such as 172.18.0.2 is an anti-pattern and is prone to disconnection.

• When the application connects to the database, the address is db:5432 , not 172.18.0.2:5432
• Use ping db or nslookup db to verify whether the parsing is successful in the app container.
• If nslookup db returns server can't find db: NXDOMAIN , it means that it is not on the same network or the container has not started.

--link is obsolete, don't use it again

Docker 1.13 starts marking --link as an obsolete function. It only does one-way environment variable injection and /etc/hosts modification. It does not resolve DNS, does not support dynamic IP, is not compatible with Swarm, and cannot be linked across networks.

• Writing docker run --link db:db ... is an outdated practice and is now completely redundant.
• Even if --link is added, if the two containers are not in the same custom network, ping will still fail.
• If you see --link in a new project, you should delete it and replace it with --network container name for direct connection.

The port does not need to be exposed to the host, and internal communication goes through the Docker intranet.

Inter-container calls do not require -p 5432:5432 port mapping. Host port mapping only affects external access, but increases the attack surface, wastes port resources, and may also cause startup failure due to port conflicts.

• The database container only needs to listen to 0.0.0.0:5432 (or 127.0.0.1:5432 ) without adding -p
• The application container is directly connected using db:5432 , and the traffic goes through the Docker virtual bridge and does not go through the host iptables.
• Adding -p may also trigger firewall rules or SELinux restrictions, which will increase the cost of troubleshooting.

The most commonly overlooked point in Docker bridge networks is that the container name is a DNS name, not an alias or a temporary label; it is bound to the network life cycle, not the container life cycle - delete and re-create a container with the same name, and the DNS records will be automatically refreshed, but only if they are always in the same custom network.

The above is the detailed content of How to connect two Docker containers on the same network? (Bridge networking). For more information, please follow other related articles on the PHP Chinese website!