Docker usage guide (3) - network configuration

This experiment environment: Tencent Cloud Server CentOS 6.7 x86_64

The steps for Docker to configure a container are:
1. Create a pair of virtual interfaces
2. Give it a unique name inside the main Docker host, such as veth65f9, bind it to docker0 or whatever bridge Docker uses
3. Make other interfaces Go over the wall and enter the new container (the lo interface has been provided), in the container's independent and unique network interface namespace, rename it to a more beautiful name eth0, the name should not conflict with other physical interfaces
4. On the bridge In the network address access, give the container's eth0 a new IP address and set its default route to the IP address the Docker host has on the bridge.

Immediately after these steps, the container will have an eth0 (virtual) network card and will find itself able to communicate with other containers and the internet.
You can use the --net= option to execute docker run to start a container. This option has the following optional parameters.

--net=bridge—The default option, use a bridge to connect to docker containers.
--net=host — docker skips configuring the container's independent network stack.
--net=container:NAME_or_ID — Tell docker to make this new container use the network configuration of the existing container.
--net=none- tells docker to create a network stack for the newly created container, but does not configure any network stack, so it can only access the local network, not the external network.

1. Bridge Mode

This is the default network mode of docker, and the Docker daemon will create docker0, a virtual ethernet bridge that automatically forwards packets between any network interface connected to it. In bridge mode, containers connected to the same bridge can communicate with each other.

[root@sta2 docker]# docker run -it -P --name mynginx nginx #为容器做端口映射

When using bridge mode, docker will create a docker0 bridge and add this network device to the docker0 bridge, which can be viewed through the brctl show command.

[root@sta2 ~]#  brctl show
bridge name bridge id       STP enabled interfaces
docker0     8000.3e2d35d38bae   no      vethab6aea2

Allocate an IP from the docker0 subnet for the container to use, and set the IP address of docker0 as the container's default gateway.

Network configuration in container:

View the mapped port configuration:

[root@sta2 docker]# docker ps -l

Or use the following method:

[root@sta2 docker]# docker port mynginx 443/tcp -> 0.0.0.0:32774 80/tcp -> 0.0.0.0:32775

When the -P flag is used, Docker will randomly map a port 49000~49900 to the open network port of the internal container, and the ports mapped by nginx are fixed at 32774 and 32775.

View access log:
[root@sta2 docker]# docker logs -f mynginx

Use -p (lowercase) to specify the port to be mapped, and only one container can be bound to a specified port. The -p flag can be used multiple times to bind multiple ports. The supported formats are ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort .

All interface addresses can be mapped using hostPort:containerPort:

# docker run -d -p 5000:5000 --name mydocker nginx

In this case, all addresses on all local interfaces will be bound by default.
You can use the ip:hostPort:containerPort format to specify that the mapping uses a specific address and maps to the specified port of the specified address

# docker run -d -p 127.0.0.1:5000:5000 --name mydocker nginx

Use ip::containerPort to bind any port of localhost to port 5000 of the container, and the localhost will automatically assign a port. Any port mapped to the specified address:

# docker run -d -p 127.0.0.1::5000 --name mydocker nginx
When docker does port mapping, iptables rules will be generated. The iptables rules before port mapping: