Daemon provides local network
CIDR 172.16.0.0/12 (netmask 255.240.0.0)
172.16.0.0 - 172.31.255.255 (1.048.576 addresses)
Containers are assigned a local IP address
Outgoing traffic is translated (source NAT)
–
Containers are not reachable directly
Incoming traffic requires published port
Published ports are mapped from the host to the container
Only one container can use a published port
–
Find IP address of container:
$ docker inspect web
$ docker inspect -f '' web
172.17.0.2
Testing container ingress:
curl http://172.17.0.2
Publishing a port:
$ docker run -d --name web2 --publish 127.0.0.1:80:80 nginx
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
748a9b0cfb0a nginx "/docker-entrypoint.…" 28 seconds ago Up 26 seconds 127.0.0.1:80->80/tcp web2
c8e069e45dd5 nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp web
Testing the port publishing:
curl http://localhost