The PDF Security & Compliance Server
Docker is an open-source platform that uses container-based concepts to automate the deployment and scaling of applications inside lightweight, portable containers. In simple words, a Docker container puts all the application code and its dependencies together within one unit, consistent across environments—from a developer's laptop to the test server or production cloud servers.
Containers do not behave like traditional virtual machines (VMs) because they share a host system's operating system kernel. Therefore, containers are much more efficient and faster to start. Indeed, Docker containers guarantee consistent behavior across all stages of the development cycle.
In fact, Docker images are templates for descriptions of containers that hold the application environment. This set also includes toolkits for managing container life cycles. One example is Docker Compose, which you can use to orchestrate applications that consist of multiple containers. Then there's Docker Hub, a registry for sharing images.
Docker Compose networks allow services running in a Docker Compose application to talk to each other within the same encapsulated environments. If you define more than one service in a docker-compose.yml file, Docker Compose creates a default network automatically, so that those services can communicate with each other using service names as hostnames. Essentially, it allows the user to define their own network and multiple services with the network created.
Default Bridge Network: If you define no network for your containers when you run docker-compose up, Docker automatically creates a bridge network. All containers can communicate with each other with their service name as hostname on this default driver network.
Custom Networks: With these options, users can define one or two custom networks and even more as user-defined networks. You can define custom networks within your container port and docker-compose.yml file. By assigning services to these networks, you control how containers may communicate:
Service Discovery: Every service gets a hostname equal to its name in the configuration. That is, you can refer to another service in one container by using the name of the other service. For example, in the web service, you would use db to refer to the IP of the database container.
Network Modes: You can also set network modes to use host, bridge, or none for services. The most commonly used is a bridge, which isolates container traffic.
Docker network drivers describe the connections and communication of the containers with one another and with other containers and systems. There are various use cases, and network drivers can be applied to these cases, each providing a different level of isolation, connectivity, and performance. We'll go through each network driver and explain their usage.
Internal docker networks allow a container to communicate with others based on a single host. If you launch containers without specifying a network, Docker uses the default bridge network.
# Create a custom bridge network
docker network create --driver bridge my_bridge_network
# Run containers and connect to the custom network
docker run -d --name container1 --network my_bridge_network busybox sleep 3600
docker run -d --name container2 --network my_bridge_network busybox sleep 3600# Create a custom bridge network
docker network create --driver bridge my_bridge_network
# Run containers and connect to the custom network
docker run -d --name container1 --network my_bridge_network busybox sleep 3600
docker run -d --name container2 --network my_bridge_network busybox sleep 3600Here, the service names can be used to communicate, like ping container1 and container2.
With the host driver, the container directly shares the host network stack, so a container does not get its own custom network isolation.
# Run a container using the host network
docker run -d --network host nginx# Run a container using the host network
docker run -d --network host nginxThe NGINX container now shares the host's IP and network interfaces, thus bypassing network isolation.
It interconnects containers across several hosts and is used mainly in Docker Swarm or Kubernetes environments, connecting physical or virtual machines through containers to communicate securely using a virtual network.
# Create an overlay network for use in a Docker Swarm cluster
docker network create -d overlay my_overlay_network
# Deploy a service in the Swarm cluster
docker service create --name web --network my_overlay_network nginx# Create an overlay network for use in a Docker Swarm cluster
docker network create -d overlay my_overlay_network
# Deploy a service in the Swarm cluster
docker service create --name web --network my_overlay_network nginxThis creates a service in a Swarm cluster that can be stretched across multiple Docker hosts.
This none-driver disables networking for the container. This container is isolated from any kind of external network communication.
# Run a container with no network
docker run -d --network none busybox sleep 3600# Run a container with no network
docker run -d --network none busybox sleep 3600The busybox container will not have access to the internet and will not be able to send out calls to other containers' own networks or the outside world.
The Macvlan driver enables containers to appear as physical devices in the network with their own MAC addresses, so they can directly access the physical network.
# Create a Macvlan network
docker network create -d macvlan \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 \
-o parent=eth0 macvlan_network
# Run a container on the Macvlan network
docker run -d --network macvlan_network busybox sleep 3600# Create a Macvlan network
docker network create -d macvlan \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 \
-o parent=eth0 macvlan_network
# Run a container on the Macvlan network
docker run -d --network macvlan_network busybox sleep 3600The IPvlan driver is similar to Macvlan but focuses on assigning IP addresses instead of relying on Layer 2 (MAC addresses). It allows multiple containers to share the same network interface.
# Create an IPvlan network
docker network create -d ipvlan \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 ipvlan_network
# Run a container on the IPvlan network
docker run -d --network ipvlan_network busybox sleep 3600# Create an IPvlan network
docker network create -d ipvlan \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 ipvlan_network
# Run a container on the IPvlan network
docker run -d --network ipvlan_network busybox sleep 3600It will share the host's Layer 2 Ethernet interface with the network but have a different IP address.
Docker's custom plugins are third-party or user-developed network drivers offering elaborate features on network capabilities that are more than what Docker may offer as a default. Third-party Docker plugins can integrate with external networking solution frameworks like Software-Defined Networking, thereby improving capabilities such as security, scalability, as well as multi-host networking. Docker provides developers and vendors with a versatile architecture for network plugins, allowing their installation and use in the same way as the native driver.
IronSecureDoc for Docker makes it easy for developers to add secure document processing capabilities to their containerized applications. With Docker, you can encapsulate your ASP.NET Core application with IronSecureDoc in a uniform environment that eases deployment and scaling. To get it running, you build a Dockerfile that composes your ASP.NET Core application using the IronSecureDoc library and possibly other installation scripts or configurations necessary to get things working.
It also includes a docker-compose.yml file comprising service dependencies, environment variables, and mapped ports, thereby providing access to this. Therefore, the tasks involved with the security of documents make it easier to manage so that your web application will run efficiently and effectively outside the one used in development or production. Installing and configuring IronSecureDoc as it is in the case of Docker will be necessary to seize all the capabilities offered by encrypting the documents, redaction, etc.
Run the following command at the Command Prompt or in an open terminal window so the IronSecureDoc Docker image is fetched from the repository.
# Pull IronSecureDoc Docker image
docker pull ironsoftwareofficial/ironsecuredoc# Pull IronSecureDoc Docker image
docker pull ironsoftwareofficial/ironsecuredoc
After pulling the image from the Docker repository, you can use another command to start up IronSecureDoc as a running container.
# Run a container with network isolation and environment variables
docker container run --rm -p 8080:8080 \
-e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> \
-e ENVIRONMENT=Development \
-e HTTP_PORTS=8080 \
ironsoftwareofficial/ironsecuredoc:latest# Run a container with network isolation and environment variables
docker container run --rm -p 8080:8080 \
-e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> \
-e ENVIRONMENT=Development \
-e HTTP_PORTS=8080 \
ironsoftwareofficial/ironsecuredoc:latestThe Docker run command above will bring up a container instance of IronSecureDoc. The bridge network is assumed for network isolation. This also enables external access to services exposed inside the container through http://localhost:8080 by using the flag -p 8080:8080; this exposes the internal service, running on port 8080 of the container's network, to port 8080 of the host's network.
Containers, by default, run on Docker's bridge network, so they isolate themselves from other containers and the outside world unless you expose them via port mapping, which you do here. The environment variables being passed (IronSecureDoc_LicenseKey, ENVIRONMENT, HTTP_PORTS) configure the application's behavior in the container. The --rm flag causes the container to be removed when it stops.
This setup has the advantage that the bridge network isolates the container and connects services internally, whereas the port mapping bridges out external traffic from the host machine into the container's service, thus making access easy.
IronSecureDoc's REST API allows users to redact, certify, and encrypt documents upon installation and launch in Docker. For more detailed steps, refer to the documentation here.
For example, to submit a document for encryption, you can perform a POST request to the IronSecureDoc API:
# POST a document for encryption using cURL
curl -X 'POST' \
'http://localhost:8080/v1/document-services/pdfs/encrypt?user_password=demo' \
-H 'accept: */*' \
-H 'Content-Type: multipart/form-data' \
-F 'pdf_file=@test.pdf;type=application/pdf'# POST a document for encryption using cURL
curl -X 'POST' \
'http://localhost:8080/v1/document-services/pdfs/encrypt?user_password=demo' \
-H 'accept: */*' \
-H 'Content-Type: multipart/form-data' \
-F 'pdf_file=@test.pdf;type=application/pdf'This command will automatically send the document over to IronSecureDoc, where it will be encrypted appropriately.
Docker networking is crucial in controlling application interactions and their communication with other applications and the rest of the world through different drivers and configurations for diverse application needs. The default bridge network configuration allows basic isolation as services can be exposed to host systems through port mapping, as exemplified by the IronSecureDoc application. It facilitates easier management and configuration of containerized applications, enhancing the operational flexibility and scalability of the application.
IronSecureDoc, an advanced document processing tool, leverages Docker's capabilities in terms of containerization, allowing rapid and reliable application deployment. This ensures support for multiple environments while seamlessly integrating Docker networking with IronSecureDoc, making the integration of applications easy, accessible, and manageable.
Consequently, it streamlines workflows, improves efficiency, and enhances operations, especially when processing documents. This ultimately enriches both development and deployment experiences, making it a valuable solution for modern software applications. For more information on IronSecureDoc licensing, please follow this page. To learn more about many of the product offerings from Iron Software, follow this link.
Docker is an open-source platform that uses container-based concepts to automate the deployment and scaling of applications inside lightweight, portable containers, ensuring consistent behavior across all stages of the development cycle.
Docker Compose networks allow services running in a Docker Compose application to talk to each other within the same encapsulated environments. They enable service communication using service names as hostnames and support the creation of custom networks.
The default bridge network is automatically created by Docker if no specific network is defined. It allows all containers to communicate with each other using their service name as hostname.
Custom networks in Docker Compose can be defined within the container port and docker-compose.yml file. They allow for isolation of services from others and enable selective communication between services.
Docker network drivers describe connections and communications between containers. They provide various levels of isolation, connectivity, and performance and include types like bridge, host, overlay, none, Macvlan, and IPvlan.
The bridge network driver allows containers to communicate with one another on a single host. It is the default network driver and is used when no specific network is specified for launching containers.
The overlay network driver connects containers across multiple hosts, commonly used in Docker Swarm or Kubernetes environments, providing secure communication through a virtual network.
Using secure document processing tools like IronSecureDoc within Docker containers allows developers to encapsulate applications for deployment and scaling efficiently, taking advantage of Docker's networking capabilities.
Secure document processing can be integrated in Docker by deploying tools like IronSecureDoc within containers, using Dockerfile and docker-compose.yml for environment configuration and network isolation.
Documents can be encrypted by sending a POST request to the secure document processing API with the document file and necessary parameters, using tools like cURL for submission within a containerized setup.
docker pull ironsoftwareofficial/ironsecuredoc
docker pull ironsoftwareofficial/ironsecuredoc:latest
docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=-e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsecuredoc:latest
No credit card required
Your trial key should be in the email.
The trial form was submitted
successfully.
If it is not, please contact
support@ironsoftware.com
No credit card required
Get started for FREE
No credit card required
Test in production without watermarks.
Works wherever you need it to.
Get 30 days of fully functional product.
Have it up and running in minutes.
Full access to our support engineering team during your product trial
No credit card or account creation required
Your trial key should be in the email.
If it is not, please contact
support@ironsoftware.com
Get started for FREE
No credit card required
Test in production without watermarks.
Works wherever you need it to.
Get 30 days of fully functional product.
Have it up and running in minutes.
Full access to our support engineering team during your product trial
Licenses from $749. Have a question? Get in touch.
Book a 30-minute, personal demo.
No contract, no card details, no commitments.
10 .NET API products for your office documents
