Daemon provides local network
CIDR 172.16.0.0/12 (netmask 255.240.0.0)
172.16.0.0 - 172.31.255.255 (1.048.576 addresses)
Containers are assigned a local IP address
Outgoing traffic is translated (source NAT)
Containers are not reachable directly
Incoming traffic requires published port
Published ports are mapped from the host to the container
Only one container can use a published port
Find IP address of container:
$ docker inspect web
$ docker inspect -f '' web
172.17.0.2
Testing container ingress:
curl http://172.17.0.2
Publishing a port:
$ docker run -d --name web2 --publish 127.0.0.1:80:80 nginx
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
748a9b0cfb0a nginx "/docker-entrypoint.…" 28 seconds ago Up 26 seconds 127.0.0.1:80->80/tcp web2
c8e069e45dd5 nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp web
Testing the port publishing:
curl http://localhost