Docker and iptables
Docker installs two custom iptables chains named DOCKER-USER and DOCKER, and it ensures that incoming packets are always checked by these two chains first.
Use bridge networks
- bridge is the default network driver if does not specify other driver
- a bridge netwok allows containers connected to the same bridge network to commuicate with each other
- bridge networks only apply to containers running on the same Docker daemon host
- when start Docker, a default bridge network (also called bridge) is created automatically
- newly-started containers connect to the default network unless otherwise specified
connect from a container to a service on the host
In Docker Desktop for Mac, host.docker.internal is the special DNS name which resolves to the internal IP used by host.
Therefore, if want to connect to host, use DNS name host.docker.internal if you are using docker desktop for mac.
ports mapping
In Docker file, we can expose container on some port by
EXPOSE 8080To map to a host port, we can do the below. We assume tomcat container has exposed on port 8080
//-p is short cut for --publish (host port to container port)
docker run -d --name tweb -p 8090:8080 tomcat
//can check port map. tweb is container name
docker port tweb
Then we can access tomcat at: http://localhost:8090
No comments:
Post a Comment