信息圖標
跳過到頁腳內容
  1. IronSecureDoc
  2. IronSecureDoc博客
  3. 使用 IronSecureDoc
  4. Docker Compose 網絡
使用 IRONSECUREDOC

Docker Compose 網絡(開發者如何工作)

Curtis Chau
Curtis Chau
更新日期:

What is Docker?

Docker is an open-source platform that uses container-based concepts to automate the deployment and scaling of applications inside lightweight, portable containers. In simple words, a Docker container puts all the application code and its dependencies together within one unit, consistent across environments—from a developer's laptop to the test server or production cloud servers.

Docker Compose Network (How it Works for Developers): Figure 1

Containers do not behave like traditional virtual machines (VMs) because they share a host system's operating system kernel. Therefore, containers are much more efficient and faster to start. Indeed, Docker containers guarantee consistent behavior across all stages of the development cycle.

In fact, Docker images are templates for descriptions of containers that hold the application environment. This set also includes toolkits for managing container life cycles. One example is Docker Compose, which you can use to orchestrate applications that consist of multiple containers. Then there's Docker Hub, a registry for sharing images.

What are Docker Compose Networks?

Docker Compose networks allow services running in a Docker Compose application to talk to each other within the same encapsulated environments. If you define more than one service in a docker-compose.yml file, Docker Compose creates a default network automatically, so that those services can communicate with each other using service names as hostnames. Essentially, it allows the user to define their own network and multiple services with the network created.

Default Bridge Network: If you define no network for your containers when you run docker-compose up, Docker automatically creates a bridge network. All containers can communicate with each other with their service name as hostname on this default driver network.

Custom Networks: With these options, users can define one or two custom networks and even more as user-defined networks. You can define custom networks within your container port and docker-compose.yml file. By assigning services to these networks, you control how containers may communicate:

  • Internal networks isolate services from others.
  • Multiple networks allow some services to communicate with one another while denying others such access.

Service Discovery: Every service gets a hostname equal to its name in the configuration. That is, you can refer to another service in one container by using the name of the other service. For example, in the web service, you would use db to refer to the IP of the database container.

Network Modes: You can also set network modes to use host, bridge, or none for services. The most commonly used is a bridge, which isolates container traffic.

What Are Docker Network Drivers?

Docker network drivers describe the connections and communication of the containers with one another and with other containers and systems. There are various use cases, and network drivers can be applied to these cases, each providing a different level of isolation, connectivity, and performance. We'll go through each network driver and explain their usage.

Types of Docker Network Drivers

Bridge (Default)

Internal docker networks allow a container to communicate with others based on a single host. If you launch containers without specifying a network, Docker uses the default bridge network.

# Create a custom bridge network
docker network create --driver bridge my_bridge_network

# Run containers and connect to the custom network
docker run -d --name container1 --network my_bridge_network busybox sleep 3600
docker run -d --name container2 --network my_bridge_network busybox sleep 3600
# Create a custom bridge network
docker network create --driver bridge my_bridge_network

# Run containers and connect to the custom network
docker run -d --name container1 --network my_bridge_network busybox sleep 3600
docker run -d --name container2 --network my_bridge_network busybox sleep 3600
SHELL

Here, the service names can be used to communicate, like ping container1 and container2.

Host

With the host driver, the container directly shares the host network stack, so a container does not get its own custom network isolation.

# Run a container using the host network
docker run -d --network host nginx
# Run a container using the host network
docker run -d --network host nginx
SHELL

The NGINX container now shares the host's IP and network interfaces, thus bypassing network isolation.

Overlay

It interconnects containers across several hosts and is used mainly in Docker Swarm or Kubernetes environments, connecting physical or virtual machines through containers to communicate securely using a virtual network.

# Create an overlay network for use in a Docker Swarm cluster
docker network create -d overlay my_overlay_network

# Deploy a service in the Swarm cluster
docker service create --name web --network my_overlay_network nginx
# Create an overlay network for use in a Docker Swarm cluster
docker network create -d overlay my_overlay_network

# Deploy a service in the Swarm cluster
docker service create --name web --network my_overlay_network nginx
SHELL

This creates a service in a Swarm cluster that can be stretched across multiple Docker hosts.

None

This none-driver disables networking for the container. This container is isolated from any kind of external network communication.

# Run a container with no network
docker run -d --network none busybox sleep 3600
# Run a container with no network
docker run -d --network none busybox sleep 3600
SHELL

The busybox container will not have access to the internet and will not be able to send out calls to other containers' own networks or the outside world.

Macvlan

The Macvlan driver enables containers to appear as physical devices in the network with their own MAC addresses, so they can directly access the physical network.

# Create a Macvlan network
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 macvlan_network

# Run a container on the Macvlan network
docker run -d --network macvlan_network busybox sleep 3600
# Create a Macvlan network
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 macvlan_network

# Run a container on the Macvlan network
docker run -d --network macvlan_network busybox sleep 3600
SHELL

IPvlan

The IPvlan driver is similar to Macvlan but focuses on assigning IP addresses instead of relying on Layer 2 (MAC addresses). It allows multiple containers to share the same network interface.

# Create an IPvlan network
docker network create -d ipvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 ipvlan_network

# Run a container on the IPvlan network
docker run -d --network ipvlan_network busybox sleep 3600
# Create an IPvlan network
docker network create -d ipvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 ipvlan_network

# Run a container on the IPvlan network
docker run -d --network ipvlan_network busybox sleep 3600
SHELL

It will share the host's Layer 2 Ethernet interface with the network but have a different IP address.

Custom Plugins

Docker's custom plugins are third-party or user-developed network drivers offering elaborate features on network capabilities that are more than what Docker may offer as a default. Third-party Docker plugins can integrate with external networking solution frameworks like Software-Defined Networking, thereby improving capabilities such as security, scalability, as well as multi-host networking. Docker provides developers and vendors with a versatile architecture for network plugins, allowing their installation and use in the same way as the native driver.

IronSecureDoc

IronSecureDoc for Docker makes it easy for developers to add secure document processing capabilities to their containerized applications. With Docker, you can encapsulate your ASP.NET Core application with IronSecureDoc in a uniform environment that eases deployment and scaling. To get it running, you build a Dockerfile that composes your ASP.NET Core application using the IronSecureDoc library and possibly other installation scripts or configurations necessary to get things working.

Docker Compose Network (How it Works for Developers): Figure 2 - IronSecureDoc

It also includes a docker-compose.yml file comprising service dependencies, environment variables, and mapped ports, thereby providing access to this. Therefore, the tasks involved with the security of documents make it easier to manage so that your web application will run efficiently and effectively outside the one used in development or production. Installing and configuring IronSecureDoc as it is in the case of Docker will be necessary to seize all the capabilities offered by encrypting the documents, redaction, etc.

Install and Running IronSecureDoc

Run the following command at the Command Prompt or in an open terminal window so the IronSecureDoc Docker image is fetched from the repository.

# Pull IronSecureDoc Docker image
docker pull ironsoftwareofficial/ironsecuredoc
# Pull IronSecureDoc Docker image
docker pull ironsoftwareofficial/ironsecuredoc
SHELL

Docker Compose Network (How it Works for Developers): Figure 3

After pulling the image from the Docker repository, you can use another command to start up IronSecureDoc as a running container.

# Run a container with network isolation and environment variables
docker container run --rm -p 8080:8080 \
  -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> \
  -e ENVIRONMENT=Development \
  -e HTTP_PORTS=8080 \
  ironsoftwareofficial/ironsecuredoc:latest
# Run a container with network isolation and environment variables
docker container run --rm -p 8080:8080 \
  -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> \
  -e ENVIRONMENT=Development \
  -e HTTP_PORTS=8080 \
  ironsoftwareofficial/ironsecuredoc:latest
SHELL

The Docker run command above will bring up a container instance of IronSecureDoc. The bridge network is assumed for network isolation. This also enables external access to services exposed inside the container through http://localhost:8080 by using the flag -p 8080:8080; this exposes the internal service, running on port 8080 of the container's network, to port 8080 of the host's network.

Containers, by default, run on Docker's bridge network, so they isolate themselves from other containers and the outside world unless you expose them via port mapping, which you do here. The environment variables being passed (IronSecureDoc_LicenseKey, ENVIRONMENT, HTTP_PORTS) configure the application's behavior in the container. The --rm flag causes the container to be removed when it stops.

This setup has the advantage that the bridge network isolates the container and connects services internally, whereas the port mapping bridges out external traffic from the host machine into the container's service, thus making access easy.

Docker Compose Network (How it Works for Developers): Figure 4

Using IronSecureDoc with Docker Network Port

IronSecureDoc's REST API allows users to redact, certify, and encrypt documents upon installation and launch in Docker. For more detailed steps, refer to the documentation here.

For example, to submit a document for encryption, you can perform a POST request to the IronSecureDoc API:

# POST a document for encryption using cURL
curl -X 'POST' \
  'http://localhost:8080/v1/document-services/pdfs/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'
# POST a document for encryption using cURL
curl -X 'POST' \
  'http://localhost:8080/v1/document-services/pdfs/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'
SHELL

This command will automatically send the document over to IronSecureDoc, where it will be encrypted appropriately.

Conclusion

Docker networking is crucial in controlling application interactions and their communication with other applications and the rest of the world through different drivers and configurations for diverse application needs. The default bridge network configuration allows basic isolation as services can be exposed to host systems through port mapping, as exemplified by the IronSecureDoc application. It facilitates easier management and configuration of containerized applications, enhancing the operational flexibility and scalability of the application.

IronSecureDoc, an advanced document processing tool, leverages Docker's capabilities in terms of containerization, allowing rapid and reliable application deployment. This ensures support for multiple environments while seamlessly integrating Docker networking with IronSecureDoc, making the integration of applications easy, accessible, and manageable.

Consequently, it streamlines workflows, improves efficiency, and enhances operations, especially when processing documents. This ultimately enriches both development and deployment experiences, making it a valuable solution for modern software applications. For more information on IronSecureDoc licensing, please follow this page. To learn more about many of the product offerings from Iron Software, follow this link.

常見問題解答

Docker Compose 網路如何促進服務間的溝通?

Docker Compose 網路允許 Docker Compose 應用程式中的服務使用服務名稱作為主機名來進行通訊,以實現同一封裝環境內的交互作用。

Docker Compose 中默認橋接網路的作用是什麼?

由 Docker 自動建立的默認橋接網路允許容器使用服務名稱作為主機名進行互通信如果未定義特定的網路。

自定義網路如何增強 Docker Compose 應用程式?

Docker Compose 中的自定義網路通過允許服務間的隔離和選擇性通訊來增強應用程式,這是在 docker-compose.yml 文件中定義的。

有哪些類型的 Docker 網路驅動程式以及它們的用途?

Docker 網路驅動程式如 bridge、host、overlay、none、macvlan 和 ipvlan 提供了不同層次的隔離、連接和性能,適合不同的應用程式需求。

overlay 網路驅動程式如何支持多主機通信?

overlay 網路驅動程式連接多個主機上的容器,通過虛擬網路提供安全通信,並常用於 Docker Swarm 或 Kubernetes 環境中。

為什麼在容器環境中安全文件處理是重要的?

在容器環境中使用如 IronSecureDoc 之類的工具進行安全文件處理是重要的,因為它允許應用程式通過 Docker 的網路功能進行高效封裝、部署和擴展。

我如何在 Docker 中設置安全文件處理?

您可以通過在容器中部署像 IronSecureDoc 這樣的工具,在 Docker 中設置安全文檔處理,通過 Dockerfile 和 docker-compose.yml 配置環境以實現網路隔離。

在 docker 中通過 REST API 加密文件需要哪些步驟?

要在 Docker 中通過 REST API 加密文件,請使用如 cURL 等工具在容器環境下發送包含文件和參數的 POST 請求到安全文件處理 API。

Docker 的網路功能如何提高應用程序的可擴展性?

Docker 的網路功能通過允許高效率管理服務間的交互和通信來增強應用程式的可擴展性,簡化工作流程和部署體驗。

將 IronSecureDoc 整合到現有 Docker 系統的過程是什麼?

使用 Docker 指令整合 IronSecureDoc 到現有 Docker 系統,利用端口映射和環境變數確保一致的部署和擴展。

Curtis Chau
Curtis Chau
  立即與工程團隊聊天
技術作家

Curtis Chau 擁有卡爾頓大學計算機科學學士學位,專注於前端開發,擅長於 Node.js、TypeScript、JavaScript 和 React。Curtis 熱衷於創建直觀且美觀的用戶界面,喜歡使用現代框架並打造結構良好、視覺吸引人的手冊。

除了開發之外,Curtis 對物聯網 (IoT) 有著濃厚的興趣,探索將硬體和軟體結合的創新方式。在閒暇時間,他喜愛遊戲並構建 Discord 機器人,結合科技與創意的樂趣。

相關文章

30 天試用→完整產品。無限制。無需信用卡。 開始免費試用