Message icon
フッターコンテンツにスキップ
  1. IronSecureDoc
  2. IronSecureDocブログ
  3. IronSecureDocを使用する
  4. Docker Compose ネットワーク
IRONSECUREDOCを使用する

Docker Composeネットワーク(開発者向けの仕組み)

Curtis Chau
Curtis Chau
更新日:

What is Docker?

Docker is an open-source platform that uses container-based concepts to automate the deployment and scaling of applications inside lightweight, portable containers. In simple words, a Docker container puts all the application code and its dependencies together within one unit, consistent across environments—from a developer's laptop to the test server or production cloud servers.

Docker Compose Network (How it Works for Developers): Figure 1

Containers do not behave like traditional virtual machines (VMs) because they share a host system's operating system kernel. Therefore, containers are much more efficient and faster to start. Indeed, Docker containers guarantee consistent behavior across all stages of the development cycle.

In fact, Docker images are templates for descriptions of containers that hold the application environment. This set also includes toolkits for managing container life cycles. One example is Docker Compose, which you can use to orchestrate applications that consist of multiple containers. Then there's Docker Hub, a registry for sharing images.

What are Docker Compose Networks?

Docker Compose networks allow services running in a Docker Compose application to talk to each other within the same encapsulated environments. If you define more than one service in a docker-compose.yml file, Docker Compose creates a default network automatically, so that those services can communicate with each other using service names as hostnames. Essentially, it allows the user to define their own network and multiple services with the network created.

Default Bridge Network: If you define no network for your containers when you run docker-compose up, Docker automatically creates a bridge network. All containers can communicate with each other with their service name as hostname on this default driver network.

Custom Networks: With these options, users can define one or two custom networks and even more as user-defined networks. You can define custom networks within your container port and docker-compose.yml file. By assigning services to these networks, you control how containers may communicate:

  • Internal networks isolate services from others.
  • Multiple networks allow some services to communicate with one another while denying others such access.

Service Discovery: Every service gets a hostname equal to its name in the configuration. That is, you can refer to another service in one container by using the name of the other service. For example, in the web service, you would use db to refer to the IP of the database container.

Network Modes: You can also set network modes to use host, bridge, or none for services. The most commonly used is a bridge, which isolates container traffic.

What Are Docker Network Drivers?

Docker network drivers describe the connections and communication of the containers with one another and with other containers and systems. There are various use cases, and network drivers can be applied to these cases, each providing a different level of isolation, connectivity, and performance. We'll go through each network driver and explain their usage.

Types of Docker Network Drivers

Bridge (Default)

Internal docker networks allow a container to communicate with others based on a single host. If you launch containers without specifying a network, Docker uses the default bridge network.

# Create a custom bridge network
docker network create --driver bridge my_bridge_network

# Run containers and connect to the custom network
docker run -d --name container1 --network my_bridge_network busybox sleep 3600
docker run -d --name container2 --network my_bridge_network busybox sleep 3600
# Create a custom bridge network
docker network create --driver bridge my_bridge_network

# Run containers and connect to the custom network
docker run -d --name container1 --network my_bridge_network busybox sleep 3600
docker run -d --name container2 --network my_bridge_network busybox sleep 3600
SHELL

Here, the service names can be used to communicate, like ping container1 and container2.

Host

With the host driver, the container directly shares the host network stack, so a container does not get its own custom network isolation.

# Run a container using the host network
docker run -d --network host nginx
# Run a container using the host network
docker run -d --network host nginx
SHELL

The NGINX container now shares the host's IP and network interfaces, thus bypassing network isolation.

Overlay

It interconnects containers across several hosts and is used mainly in Docker Swarm or Kubernetes environments, connecting physical or virtual machines through containers to communicate securely using a virtual network.

# Create an overlay network for use in a Docker Swarm cluster
docker network create -d overlay my_overlay_network

# Deploy a service in the Swarm cluster
docker service create --name web --network my_overlay_network nginx
# Create an overlay network for use in a Docker Swarm cluster
docker network create -d overlay my_overlay_network

# Deploy a service in the Swarm cluster
docker service create --name web --network my_overlay_network nginx
SHELL

This creates a service in a Swarm cluster that can be stretched across multiple Docker hosts.

None

This none-driver disables networking for the container. This container is isolated from any kind of external network communication.

# Run a container with no network
docker run -d --network none busybox sleep 3600
# Run a container with no network
docker run -d --network none busybox sleep 3600
SHELL

The busybox container will not have access to the internet and will not be able to send out calls to other containers' own networks or the outside world.

Macvlan

The Macvlan driver enables containers to appear as physical devices in the network with their own MAC addresses, so they can directly access the physical network.

# Create a Macvlan network
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 macvlan_network

# Run a container on the Macvlan network
docker run -d --network macvlan_network busybox sleep 3600
# Create a Macvlan network
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 macvlan_network

# Run a container on the Macvlan network
docker run -d --network macvlan_network busybox sleep 3600
SHELL

IPvlan

The IPvlan driver is similar to Macvlan but focuses on assigning IP addresses instead of relying on Layer 2 (MAC addresses). It allows multiple containers to share the same network interface.

# Create an IPvlan network
docker network create -d ipvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 ipvlan_network

# Run a container on the IPvlan network
docker run -d --network ipvlan_network busybox sleep 3600
# Create an IPvlan network
docker network create -d ipvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 ipvlan_network

# Run a container on the IPvlan network
docker run -d --network ipvlan_network busybox sleep 3600
SHELL

It will share the host's Layer 2 Ethernet interface with the network but have a different IP address.

Custom Plugins

Docker's custom plugins are third-party or user-developed network drivers offering elaborate features on network capabilities that are more than what Docker may offer as a default. Third-party Docker plugins can integrate with external networking solution frameworks like Software-Defined Networking, thereby improving capabilities such as security, scalability, as well as multi-host networking. Docker provides developers and vendors with a versatile architecture for network plugins, allowing their installation and use in the same way as the native driver.

IronSecureDoc

IronSecureDoc for Docker makes it easy for developers to add secure document processing capabilities to their containerized applications. With Docker, you can encapsulate your ASP.NET Core application with IronSecureDoc in a uniform environment that eases deployment and scaling. To get it running, you build a Dockerfile that composes your ASP.NET Core application using the IronSecureDoc library and possibly other installation scripts or configurations necessary to get things working.

Docker Compose Network (How it Works for Developers): Figure 2 - IronSecureDoc

It also includes a docker-compose.yml file comprising service dependencies, environment variables, and mapped ports, thereby providing access to this. Therefore, the tasks involved with the security of documents make it easier to manage so that your web application will run efficiently and effectively outside the one used in development or production. Installing and configuring IronSecureDoc as it is in the case of Docker will be necessary to seize all the capabilities offered by encrypting the documents, redaction, etc.

Install and Running IronSecureDoc

Run the following command at the Command Prompt or in an open terminal window so the IronSecureDoc Docker image is fetched from the repository.

# Pull IronSecureDoc Docker image
docker pull ironsoftwareofficial/ironsecuredoc
# Pull IronSecureDoc Docker image
docker pull ironsoftwareofficial/ironsecuredoc
SHELL

Docker Compose Network (How it Works for Developers): Figure 3

After pulling the image from the Docker repository, you can use another command to start up IronSecureDoc as a running container.

# Run a container with network isolation and environment variables
docker container run --rm -p 8080:8080 \
  -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> \
  -e ENVIRONMENT=Development \
  -e HTTP_PORTS=8080 \
  ironsoftwareofficial/ironsecuredoc:latest
# Run a container with network isolation and environment variables
docker container run --rm -p 8080:8080 \
  -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> \
  -e ENVIRONMENT=Development \
  -e HTTP_PORTS=8080 \
  ironsoftwareofficial/ironsecuredoc:latest
SHELL

The Docker run command above will bring up a container instance of IronSecureDoc. The bridge network is assumed for network isolation. This also enables external access to services exposed inside the container through http://localhost:8080 by using the flag -p 8080:8080; this exposes the internal service, running on port 8080 of the container's network, to port 8080 of the host's network.

Containers, by default, run on Docker's bridge network, so they isolate themselves from other containers and the outside world unless you expose them via port mapping, which you do here. The environment variables being passed (IronSecureDoc_LicenseKey, ENVIRONMENT, HTTP_PORTS) configure the application's behavior in the container. The --rm flag causes the container to be removed when it stops.

This setup has the advantage that the bridge network isolates the container and connects services internally, whereas the port mapping bridges out external traffic from the host machine into the container's service, thus making access easy.

Docker Compose Network (How it Works for Developers): Figure 4

Using IronSecureDoc with Docker Network Port

IronSecureDoc's REST API allows users to redact, certify, and encrypt documents upon installation and launch in Docker. For more detailed steps, refer to the documentation here.

For example, to submit a document for encryption, you can perform a POST request to the IronSecureDoc API:

# POST a document for encryption using cURL
curl -X 'POST' \
  'http://localhost:8080/v1/document-services/pdfs/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'
# POST a document for encryption using cURL
curl -X 'POST' \
  'http://localhost:8080/v1/document-services/pdfs/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'
SHELL

This command will automatically send the document over to IronSecureDoc, where it will be encrypted appropriately.

Conclusion

Docker networking is crucial in controlling application interactions and their communication with other applications and the rest of the world through different drivers and configurations for diverse application needs. The default bridge network configuration allows basic isolation as services can be exposed to host systems through port mapping, as exemplified by the IronSecureDoc application. It facilitates easier management and configuration of containerized applications, enhancing the operational flexibility and scalability of the application.

IronSecureDoc, an advanced document processing tool, leverages Docker's capabilities in terms of containerization, allowing rapid and reliable application deployment. This ensures support for multiple environments while seamlessly integrating Docker networking with IronSecureDoc, making the integration of applications easy, accessible, and manageable.

Consequently, it streamlines workflows, improves efficiency, and enhances operations, especially when processing documents. This ultimately enriches both development and deployment experiences, making it a valuable solution for modern software applications. For more information on IronSecureDoc licensing, please follow this page. To learn more about many of the product offerings from Iron Software, follow this link.

よくある質問

Docker Compose ネットワークはどのようにサービスの通信を促進するか?

Docker Compose ネットワークは Docker Compose アプリケーション内のサービスがホスト名としてサービス名を使用して通信できるようにし、同じ閉じ込められた環境内での相互作用を可能にする。

Docker Compose におけるデフォルトブリッジネットワークの役割は何か?

Docker によって自動的に作成されるデフォルトのブリッジネットワークは、特定のネットワークが定義されていない場合でも、コンテナがサービス名をホスト名として使用して互いに通信することを可能にする。

カスタムネットワークは Docker Compose アプリケーションをどのように強化できるか?

Docker Compose のカスタムネットワークは、隔離や選択的なサービス間の通信を可能にし、docker-compose.yml ファイル内で定義されることでアプリケーションを強化する。

Docker ネットワークドライバーにはどのような種類があり、それらの用途は何か?

ブリッジ、ホスト、オーバーレイ、なし、Macvlan、Ipvlan などの Docker ネットワークドライバーは、隔離、接続性、パフォーマンスの異なるレベルを提供し、さまざまなアプリケーションのニーズに適している。

オーバーレイネットワークドライバーはどのようにマルチホスト通信をサポートするか?

オーバーレイネットワークドライバーは、複数のホストにわたってコンテナを接続し、仮想ネットワークを通じてセキュアな通信を提供し、主に Docker Swarm や Kubernetes 環境で使用される。

コンテナ環境でのセキュアなドキュメント処理はなぜ重要か?

IronSecureDoc を使用したようなセキュアなドキュメント処理は、Docker のネットワーキング機能を活用して、効率的なアプリケーションのカプセル化、デプロイ、スケーリングを可能にするため、コンテナ環境で重要である。

Docker を使用してセキュアなドキュメント処理をどのようにセットアップできるか?

コンテナ内の IronSecureDoc などのツールをデプロイし、Dockerfile や docker-compose.yml を通じてネットワーク隔離のための環境を設定することにより、Docker でセキュアなドキュメント処理をセットアップできる。

Docker 内で REST API を使用してドキュメントを暗号化するためにはどのような手順が必要か?

コンテナ化されたセットアップを使用して、cURL などのツールを使用し、ドキュメントとパラメーターをセキュアなドキュメント処理 API に POST リクエストを送信することにより、Docker 内で REST API を介してドキュメントを暗号化する。

Docker のネットワーキング機能はアプリケーションのスケーラビリティをどのように向上させるか?

Docker のネットワーキング機能は、サービス間の相互作用と通信の効率的な管理を可能にし、ワークフローやデプロイ体験を合理化することでアプリケーションのスケーラビリティを向上させる。

既存の Docker システムに IronSecureDoc を統合するプロセスは何か?

Docker コマンドを使用してセットアップを行い、ポートマッピングや環境変数を利用して一貫したデプロイとスケーリングを確保することにより、既存の Docker システムに IronSecureDoc を統合する。

Curtis Chau
Curtis Chau
  今すぐエンジニアリングチームとチャット
テクニカルライター

Curtis Chauは、カールトン大学でコンピュータサイエンスの学士号を取得し、Node.js、TypeScript、JavaScript、およびReactに精通したフロントエンド開発を専門としています。直感的で美しいユーザーインターフェースを作成することに情熱を持ち、Curtisは現代のフレームワークを用いた開発や、構造の良い視覚的に魅力的なマニュアルの作成を楽しんでいます。

開発以外にも、CurtisはIoT(Internet of Things)への強い関心を持ち、ハードウェアとソフトウェアの統合方法を模索しています。余暇には、ゲームをしたりDiscordボットを作成したりして、技術に対する愛情と創造性を組み合わせています。

関連する記事

30日間の無料体験 → 完全な製品。制限なし。クレジットカード不要。 無料トライアルを開始