Networks - how they work in Docker and how to work with them

Docker - Overview and how to use it

3 min read

Published Jul 13 2025

12
0
0
0
CLIContainersDevOpsDockerImagesNetworksVolumes

In Docker, networks allow containers to communicate with each other and with the outside world. By default, every container is isolated and only has access to the network it is connected to. Networks provide a secure, controlled way to handle this communication.

Docker provides a few different types of networks, each designed for different use cases.


Bridge (default)

  • This is the default network for containers started without specifying a network.
  • It creates a private internal network on the host.
  • Containers on the same bridge can talk to each other using IP or container names.
  • Useful for standalone containers.

Example:

docker run -d --name web1 nginx
docker run -d --name web2 nginx

Both containers are placed in the bridge network and can ping each other via container names.




Host

  • Removes network isolation between the container and the Docker host.
  • The container uses the host’s network stack directly.
  • No port mapping is needed.
  • Only available on Linux.

Example:

docker run --network host nginx

Warning: Can cause port conflicts and reduces container isolation.




None

  • The container has no network access.
  • Useful for security or testing.

Example:

docker run --network none alpine ping google.com

This will fail due to no network access.




User-defined bridge networks

Instead of using the default bridge, you can create your own:

docker network create my-bridge

Then, connect containers to it:

docker run -d --name db --network my-bridge postgres
docker run -d --name app --network my-bridge myapp

Benefits:

  • Containers can resolve each other by name.
  • You can define custom subnets, gateways, etc.
  • Better for multi-container applications.



Docker compose and networks

Docker Compose makes networking between services very easy. By default:

  • It creates a dedicated network for your Compose project.
  • All services are automatically attached to this network.
  • Services can talk to each other using the service name as the hostname.

Example docker-compose.yml:

version: "3.9"
services:
  db:
    image: postgres
  web:
    image: nginx
    depends_on:
      - db

The web service can talk to db using the hostname db.


You can also define and attach custom networks in compose files:

version: "3.9"
services:
  app:
    image: myapp
    networks:
      - frontend
  db:
    image: postgres
    networks:
      - backend
  proxy:
    image: nginx
    networks:
      - frontend
      - backend

networks:
  frontend:
  backend:

Here:

  • app and proxy can talk on frontend.
  • proxy and db can talk on backend.
  • But app and db cannot talk directly.



Inspecting Docker networks

List all networks:

docker network ls

Inspect a network:

docker network inspect my-bridge

This will show:

  • Containers attached to the network
  • IP address ranges
  • Subnet information
  • Gateway



Connecting & disconnecting containers to networks

You can manually connect or disconnect containers to/from networks.

Connect:

docker network connect my-bridge container_name

Disconnect:

docker network disconnect my-bridge container_name




Network isolation and security

  • Containers on different user-defined bridge networks cannot communicate with each other unless explicitly connected.
  • This allows you to enforce separation between environments (e.g., staging vs. production).
  • You can use firewalls and iptables rules for tighter control if needed (advanced usage).



Publishing Ports to Host

Even if containers can communicate internally, external access to a container (like visiting in a browser) requires exposing ports:

docker run -d -p 8080:80 nginx

This maps host port 8080 to container port 80.


With Docker Compose:

services:
  web:
    image: nginx
    ports:
      - "8080:80"


Example: Connecting a Frontend, Backend, and Database:

version: "3.9"
services:
  frontend:
    image: my-frontend
    depends_on:
      - backend
    ports:
      - "3000:3000"
    networks:
      - appnet

  backend:
    image: my-backend
    depends_on:
      - db
    networks:
      - appnet

  db:
    image: postgres
    networks:
      - appnet

networks:
  appnet:
    driver: bridge

All three services are on the same network and can communicate using names like db or backend.




Cleaning up networks

List all networks:

docker network ls

Remove unused networks:

docker network prune

Remove a specific one:

docker network rm my-bridge

Products from our shop

Docker Cheat Sheet - Print at Home Designs

Docker Cheat Sheet - Print at Home Designs

Docker Cheat Sheet Mouse Mat

Docker Cheat Sheet Mouse Mat

Docker Cheat Sheet Travel Mug

Docker Cheat Sheet Travel Mug

Docker Cheat Sheet Mug

Docker Cheat Sheet Mug

Vim Cheat Sheet - Print at Home Designs

Vim Cheat Sheet - Print at Home Designs

Vim Cheat Sheet Mouse Mat

Vim Cheat Sheet Mouse Mat

Vim Cheat Sheet Travel Mug

Vim Cheat Sheet Travel Mug

Vim Cheat Sheet Mug

Vim Cheat Sheet Mug

SimpleSteps.guide branded Travel Mug

SimpleSteps.guide branded Travel Mug

Developer Excuse Javascript - Travel Mug

Developer Excuse Javascript - Travel Mug

Developer Excuse Javascript Embroidered T-Shirt - Dark

Developer Excuse Javascript Embroidered T-Shirt - Dark

Developer Excuse Javascript Embroidered T-Shirt - Light

Developer Excuse Javascript Embroidered T-Shirt - Light

Developer Excuse Javascript Mug - White

Developer Excuse Javascript Mug - White

Developer Excuse Javascript Mug - Black

Developer Excuse Javascript Mug - Black

SimpleSteps.guide branded stainless steel water bottle

SimpleSteps.guide branded stainless steel water bottle

Developer Excuse Javascript Hoodie - Light

Developer Excuse Javascript Hoodie - Light

Developer Excuse Javascript Hoodie - Dark

Developer Excuse Javascript Hoodie - Dark

© 2025 SimpleSteps.guide
AboutFAQPoliciesContact