docker container network
Docker automatically provides three types of networks after installation, which can be viewed using the docker network ls command
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 9692fae45042 bridge bridge local cd5368439dc0 host host local c49a1db81682 none null local
Docker uses Linux bridging. A docker container bridge (docker0) is virtualized on the host. When docker starts a container, an IP address, called container IP, will be assigned to the container according to the network segment of the docker bridge. At the same time, the docker bridge is the default gateway of each container. Because the containers in the same host are connected to the same bridge, the containers can communicate directly through the container IP of the container.
Four network modes of docker
| Network mode | to configure | explain |
|---|---|---|
| host | –network host | The container and host share the Network namespace |
| container | –network container:NAME_OR_ID | The container shares the Network namespace with another container |
| none | –network none | The container has an independent Network namespace, but it does not have any network settings, such as assigning veth pair and bridge connection, configuring IP, etc |
| bridge | –network bridge | Default mode |
bridge mode
When the Docker process starts, a virtual bridge named docker0 will be created on the host, and the Docker container started on the host will be connected to this virtual bridge. The virtual bridge works similar to the physical switch, so that all containers on the host are connected to a layer-2 network through the switch.
Assign an IP to the container from the docker0 subnet, and set the IP address of docker0 as the default gateway of the container. Create a pair of virtual network card veth pair devices on the host. Docker places one end of the veth pair device in the newly created container and names it eth0 (container network card), and the other end in the host with a similar name like vethxxx, and adds this network device to the docker0 bridge. You can view it through the brctl show command.
Bridge mode is the default network mode of docker. If the - network parameter is not written, it is the bridge mode. When using docker run -p, docker actually makes DNAT rules in iptables to realize port forwarding function. You can use iptables -t nat -vnL to view.
The bridge mode is shown in the following figure:
Suppose an nginx is running in docker2 in the figure above, let's think about a few questions:
- Can the two containers communicate directly with the host? For example, can I directly access the nginx site of docker2 on docker1?
- Can I directly access the nginx site of docker2 on the host computer?
- How do I access the nginx site on node1 on another host? DNAT release?
Docker bridge is virtualized by the host, not a real network device. The external network cannot be addressed, which also means that the external network cannot access the container directly through container IP. If the container wants external access, it can be accessed by mapping the container port to the host host host (port mapping), that is, when docker run creates the container, it can be enabled through the - P or - P parameter, and when accessing the container, it can access the container through [host IP]: [container port].
container mode
This pattern specifies that the newly created container shares a Network Namespace with an existing container, rather than with the host. The newly created container will not create its own network card and configure its own IP, but share IP and port range with a specified container. Similarly, in addition to the network, the two containers are isolated from each other, such as file system and process list. The processes of the two containers can communicate through lo network card devices.
The container mode is shown in the following figure:
host mode
If the host mode is used when starting the container, the container will not obtain an independent Network Namespace, but share a Network Namespace with the host. The container will not virtualize its own network card, configure its own IP, etc., but use the IP and port of the host. However, other aspects of the container, such as file system, process list, etc., are still isolated from the host.
The container using the host mode can directly use the IP address of the host to communicate with the outside world. The service port inside the container can also use the port of the host without NAT. The biggest advantage of the host is that the network performance is relatively good, but the ports already used on the docker host can no longer be used, and the network isolation is not good.
The Host mode is shown in the following figure:
none mode
Using the none mode, the Docker container has its own Network Namespace, but no network configuration is performed for the Docker container. In other words, the Docker container has no network card, IP, routing and other information. We need to add network card and configure IP for Docker container.
In this network mode, the container has only lo loopback network and no other network card. The none mode can be specified through – network none when the container is created. This type of network has no way to network, and the closed network can well ensure the security of the container.
Application scenario:
- Start a container to process data, such as converting data formats
- Some background computing and processing tasks
The none mode is shown in the following figure:
docker network inspect bridge #View the detailed configuration of the bridge network
docker container lnmp
Start docker
systemctl start docker
View mirror
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE luojiatian1904/nginx v2 7693d5b0f248 23 hours ago 550MB # nginx mirroring is complete
start nginx
[root@localhost ~]# docker run -it luojiatian1904/nginx:v2 # see [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb..." 51 seconds ago Up 50 seconds vigilant_bardeen # Reopen a terminal to access the nginx default page [root@localhost ~]# curl 172.17.0.2 ........................ <h1>Welcome to nginx!</h1> ........................
Pull a centos image
[root@localhost ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos a1d0c7532777: Already exists Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177 Status: Downloaded newer image for centos:latest docker.io/library/centos:latest [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE luojiatian1904/nginx v2 7693d5b0f248 23 hours ago 550MB centos latest 5d0da3dc9764 2 months ago 231MB
Do mysql image and use container mode network
[root@localhost ~]# docker run -it --name mysql --network container:ecac8d503b87 centos:latest /bin/bash [root@ecac8d503b87 /]# # Start the local image centos and install MySQL -- Network Container: ecac8d503b87 (take the nginx container ID as the shared network)
Reopen a terminal to view
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f92580cb7790 centos:latest "/bin/bash" 54 seconds ago Up 53 seconds mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb..." 10 minutes ago Up 10 minutes vigilant_bardeen
Upload MySQL package locally to centos container
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f92580cb7790 centos:latest "/bin/bash" 54 seconds ago Up 53 seconds mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb..." 10 minutes ago Up 10 minutes vigilant_bardeen [root@localhost ~]# ls /usr/src/ debug kernels mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz [root@localhost ~]# docker cp /usr/src/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz f92580cb7790:/usr/src # cp to / usr/src under mysql01 container ID
View in MySQL container
[root@ecac8d503b87 /]# ls /usr/src/ debug kernels mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz # download [root@ecac8d503b87 /]# yum -y install which numactl-libs ncurses-compat-libs libaio.x86_64 libaio-devel.x86_64 # Create user [root@3367881fd446 src]# useradd -r -M -s /sbin/nologin mysql [root@3367881fd446 src]# id mysql uid=998(mysql) gid=996(mysql) groups=996(mysql) # Unzip MySQL package [root@ecac8d503b87 /]# tar xf /usr/src/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz -C /usr/local/ [root@ecac8d503b87 /]# cd /usr/local/ [root@ecac8d503b87 local]# ls bin games lib libexec sbin src etc include lib64 mysql-5.7.34-linux-glibc2.12-x86_64 share # Create a soft connection and modify the parent group [root@ecac8d503b87 local]# ln -sv mysql-5.7.34-linux-glibc2.12-x86_64 mysql 'mysql' -> 'mysql-5.7.34-linux-glibc2.12-x86_64' [root@ecac8d503b87 local]# chown -R mysql.mysql mysql* [root@ecac8d503b87 local]# ls -l total 0 drwxr-xr-x. 2 root root 6 Nov 3 2020 bin drwxr-xr-x. 2 root root 6 Nov 3 2020 etc drwxr-xr-x. 2 root root 6 Nov 3 2020 games drwxr-xr-x. 2 root root 6 Nov 3 2020 include drwxr-xr-x. 2 root root 6 Nov 3 2020 lib drwxr-xr-x. 3 root root 17 Sep 15 14:17 lib64 drwxr-xr-x. 2 root root 6 Nov 3 2020 libexec lrwxrwxrwx. 1 mysql mysql 35 Dec 3 12:52 mysql -> mysql-5.7.34-linux-glibc2.12-x86_64 drwxr-xr-x. 9 mysql mysql 129 Dec 3 12:52 mysql-5.7.34-linux-glibc2.12-x86_64 drwxr-xr-x. 2 root root 6 Nov 3 2020 sbin drwxr-xr-x. 5 root root 49 Sep 15 14:17 share drwxr-xr-x. 2 root root 6 Nov 3 2020 src # Add environment variable [root@ecac8d503b87 local]# echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh [root@ecac8d503b87 local]# bash [root@ecac8d503b87 local]# which mysql /usr/local/mysql/bin/mysql # Create data storage directory [root@ecac8d503b87 local]# mkdir /opt/data [root@ecac8d503b87 local]# chown -R mysql.mysql /opt/data [root@ecac8d503b87 local]# ls -l /opt/ total 0 drwxr-xr-x. 2 mysql mysql 6 Dec 3 12:54 data # No password for initial database [root@ecac8d503b87 ~]# /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data 2021-12-03T12:56:50.792679Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2021-12-03T12:56:51.508946Z 0 [Warning] InnoDB: New log files created, LSN=45790 2021-12-03T12:56:51.734379Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2021-12-03T12:56:51.787968Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 7c0ea73a-5438-11ec-9faf-0242ac110002. 2021-12-03T12:56:51.788823Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2021-12-03T12:56:52.757884Z 0 [Warning] CA certificate ca.pem is self signed. 2021-12-03T12:56:52.878626Z 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. # Generate profile [root@ecac8d503b87 ~]# vi /etc/my.cnf [mysqld] port = 3306 datadir = /opt/data basedir = /usr/local/mysql socket = /tmp/mysql.sock pid-file = /opt/data/mysql.pid log-error = /opt/data/mysql.err skip-name-resolve # Modify file [root@ecac8d503b87 ~]# vi /usr/local/mysql/support-files/mysql.server ........................ basedir=/usr/local/mysql datadir=/opt/data ........................ # start-up [root@ecac8d503b87 ~]# /usr/local/mysql/support-files/mysql.server start Starting MySQL.Logging to '/opt/data/mysql.err'. . SUCCESS! [root@ecac8d503b87 ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 80 *:3306 *:*
Commit MySQL as an image
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f92580cb7790 centos:latest "/bin/bash" 12 minutes ago Up 12 minutes mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb..." 22 minutes ago Up 22 minutes vigilant_bardeen [root@localhost ~]# docker commit -p mysql sha256:5c07c0cdf9a29d4ca80a15d7a324ec7851540d63456fbc2f82173abd5d620847 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> 5c07c0cdf9a2 35 seconds ago 3.74GB luojiatian1904/nginx v2 7693d5b0f248 23 hours ago 550MB centos latest 5d0da3dc9764 2 months ago 231MB [root@localhost ~]# docker tag 5c07c0cdf9a2 luojiatian1904/mysql:v1 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE luojiatian1904/mysql v1 5c07c0cdf9a2 About a minute ago 3.74GB luojiatian1904/nginx v2 7693d5b0f248 23 hours ago 550MB centos latest 5d0da3dc9764 2 months ago 231MB
Install php
# Run a php container and share the network with nginx [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f92580cb7790 centos:latest "/bin/bash" 15 minutes ago Up 15 minutes mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb..." 24 minutes ago Up 24 minutes vigilant_bardeen [root@localhost ~]# docker run -it --name php8 --network container:ecac8d503b87 centos:latest /bin/bash [root@ecac8d503b87 /]# # Reopen a terminal to view the running container [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 250940d3d136 centos:latest "/bin/bash" 21 seconds ago Up 20 seconds php8 f92580cb7790 centos:latest "/bin/bash" 15 minutes ago Up 15 minutes mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb..." 25 minutes ago Up 25 minutes vigilant_bardeen
Go back to the terminal started by php
[root@ecac8d503b87 /]# yum -y install epel-release # Download dependent packages [root@ecac8d503b87 /]# yum install sqlite-devel libzip-devel libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg-turbo libjpeg-turbo-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel gcc gcc-c++ make --allowerasing [root@ecac8d503b87 /]# yum -y install http://mirror.centos.org/centos/8/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm # Open another terminal and upload the php package to the container [root@localhost ~]# ls /usr/src/ debug kernels mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz php-8.0.10.tar.gz [root@localhost ~]# docker cp /usr/src/php-8.0.10.tar.gz 250940d3d136:/usr/src # Go back to the container terminal to view and unzip [root@ecac8d503b87 /]# cd /usr/src/ [root@ecac8d503b87 src]# ls debug kernels php-8.0.10.tar.gz [root@ecac8d503b87 src]# tar xf php-8.0.10.tar.gz -C /usr/local/ [root@ecac8d503b87 src]# cd /usr/local/ [root@ecac8d503b87 local]# ls bin etc games include lib lib64 libexec php-8.0.10 sbin share src # Compile and install [root@3367881fd446 ]# cd php-8.0.10/ [root@ecac8d503b87 php-8.0.10]# ./configure --prefix=/usr/local/php8 \ --with-config-file-path=/etc \ --enable-fpm \ --disable-debug \ --disable-rpath \ --enable-shared \ --enable-soap \ --with-openssl \ --enable-bcmath \ --with-iconv \ --with-bz2 \ --enable-calendar \ --with-curl \ --enable-exif \ --enable-ftp \ --enable-gd \ --with-jpeg \ --with-zlib-dir \ --with-freetype \ --with-gettext \ --enable-mbstring \ --enable-pdo \ --with-mysqli=mysqlnd \ --with-pdo-mysql=mysqlnd \ --with-readline \ --enable-shmop \ --enable-simplexml \ --enable-sockets \ --with-zip \ --enable-mysqlnd-compression-support \ --with-pear \ --enable-pcntl \ --enable-posix ....... # install [root@ecac8d503b87 php-8.0.10]# make && make install ...... # Add environment variable [root@ecac8d503b87 php-8.0.10]# echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php.sh [root@ecac8d503b87 php-8.0.10]# bash # Configure PHP FPM [root@ecac8d503b87 php-8.0.10]# cp php.ini-production /etc/php.ini [root@ecac8d503b87 php-8.0.10]# cd sapi/fpm/ [root@ecac8d503b87 fpm]# ls config.m4 init.d.php-fpm.in php-fpm.8 php-fpm.service tests CREDITS LICENSE php-fpm.8.in php-fpm.service.in www.conf fpm Makefile.frag php-fpm.conf status.html www.conf.in init.d.php-fpm php-fpm php-fpm.conf.in status.html.in [root@ecac8d503b87 fpm]# cp init.d.php-fpm /etc/init.d/php-fpm [root@ecac8d503b87 fpm]# chmod +x /etc/init.d/php-fpm [root@ecac8d503b87 fpm]# cd /usr/local/php8/etc/ [root@ecac8d503b87 etc]# cp php-fpm.conf.default php-fpm.conf [root@ecac8d503b87 etc]# cd php-fpm.d/ [root@ecac8d503b87 php-fpm.d]# cp www.conf.default www.conf # Start php [root@3367881fd446 php-fpm.d]# /usr/local/php8/sbin/php-fpm -c /usr/local/php8/etc/php-fpm.conf [root@ecac8d503b87 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 127.0.0.1:9000 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 80 *:3306 *:*
to configure
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
250940d3d136 centos:latest "/bin/bash" 26 minutes ago Up 26 minutes php8
f92580cb7790 centos:latest "/bin/bash" 41 minutes ago Up 41 minutes mysql
ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb..." 51 minutes ago Up 51 minutes vigilant_bardeen
[root@localhost ~]# docker exec -it ecac8d503b87 /bin/bash
[root@ecac8d503b87 /]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
[root@ecac8d503b87 /]# vi /usr/local/nginx/conf/nginx.conf
..........
location / {
root html;
index index.php index.html index.htm; # Add index.php
}
.........
location ~ \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $Document_root$fastcgi_script_name; # modify
include fastcgi_params;
}
........
[root@ecac8d503b87 /]# mkdir -p /var/www/html
[root@ecac8d503b87 /]# cat > /var/www/html/index.php <<EOF
> <?php
> phpinfo();
> ?>
> EOF
[root@ecac8d503b87 /]# cat /var/www/html/index.php
<?php
phpinfo();
?>
change php configuration file
[root@ecac8d503b87 ~]# vi /usr/local/php8/etc/php-fpm.conf
.......
daemonize = yes
.......