消息图标
跳至页脚内容
  1. IronSecureDoc
  2. IronSecureDoc 博客
  3. 使用 IronSecureDoc
  4. Docker Compose 网络
使用 IRONSECUREDOC

Docker Compose 网络(开发者工具如何工作)

Curtis Chau
Curtis Chau
已更新:

What is Docker?

Docker is an open-source platform that uses container-based concepts to automate the deployment and scaling of applications inside lightweight, portable containers. In simple words, a Docker container puts all the application code and its dependencies together within one unit, consistent across environments—from a developer's laptop to the test server or production cloud servers.

Docker Compose Network (How it Works for Developers): Figure 1

Containers do not behave like traditional virtual machines (VMs) because they share a host system's operating system kernel. Therefore, containers are much more efficient and faster to start. Indeed, Docker containers guarantee consistent behavior across all stages of the development cycle.

In fact, Docker images are templates for descriptions of containers that hold the application environment. This set also includes toolkits for managing container life cycles. One example is Docker Compose, which you can use to orchestrate applications that consist of multiple containers. Then there's Docker Hub, a registry for sharing images.

What are Docker Compose Networks?

Docker Compose networks allow services running in a Docker Compose application to talk to each other within the same encapsulated environments. If you define more than one service in a docker-compose.yml file, Docker Compose creates a default network automatically, so that those services can communicate with each other using service names as hostnames. Essentially, it allows the user to define their own network and multiple services with the network created.

Default Bridge Network: If you define no network for your containers when you run docker-compose up, Docker automatically creates a bridge network. All containers can communicate with each other with their service name as hostname on this default driver network.

Custom Networks: With these options, users can define one or two custom networks and even more as user-defined networks. You can define custom networks within your container port and docker-compose.yml file. By assigning services to these networks, you control how containers may communicate:

  • Internal networks isolate services from others.
  • Multiple networks allow some services to communicate with one another while denying others such access.

Service Discovery: Every service gets a hostname equal to its name in the configuration. That is, you can refer to another service in one container by using the name of the other service. For example, in the web service, you would use db to refer to the IP of the database container.

Network Modes: You can also set network modes to use host, bridge, or none for services. The most commonly used is a bridge, which isolates container traffic.

What Are Docker Network Drivers?

Docker network drivers describe the connections and communication of the containers with one another and with other containers and systems. There are various use cases, and network drivers can be applied to these cases, each providing a different level of isolation, connectivity, and performance. We'll go through each network driver and explain their usage.

Types of Docker Network Drivers

Bridge (Default)

Internal docker networks allow a container to communicate with others based on a single host. If you launch containers without specifying a network, Docker uses the default bridge network.

# Create a custom bridge network
docker network create --driver bridge my_bridge_network

# Run containers and connect to the custom network
docker run -d --name container1 --network my_bridge_network busybox sleep 3600
docker run -d --name container2 --network my_bridge_network busybox sleep 3600
# Create a custom bridge network
docker network create --driver bridge my_bridge_network

# Run containers and connect to the custom network
docker run -d --name container1 --network my_bridge_network busybox sleep 3600
docker run -d --name container2 --network my_bridge_network busybox sleep 3600
SHELL

Here, the service names can be used to communicate, like ping container1 and container2.

Host

With the host driver, the container directly shares the host network stack, so a container does not get its own custom network isolation.

# Run a container using the host network
docker run -d --network host nginx
# Run a container using the host network
docker run -d --network host nginx
SHELL

The NGINX container now shares the host's IP and network interfaces, thus bypassing network isolation.

Overlay

It interconnects containers across several hosts and is used mainly in Docker Swarm or Kubernetes environments, connecting physical or virtual machines through containers to communicate securely using a virtual network.

# Create an overlay network for use in a Docker Swarm cluster
docker network create -d overlay my_overlay_network

# Deploy a service in the Swarm cluster
docker service create --name web --network my_overlay_network nginx
# Create an overlay network for use in a Docker Swarm cluster
docker network create -d overlay my_overlay_network

# Deploy a service in the Swarm cluster
docker service create --name web --network my_overlay_network nginx
SHELL

This creates a service in a Swarm cluster that can be stretched across multiple Docker hosts.

None

This none-driver disables networking for the container. This container is isolated from any kind of external network communication.

# Run a container with no network
docker run -d --network none busybox sleep 3600
# Run a container with no network
docker run -d --network none busybox sleep 3600
SHELL

The busybox container will not have access to the internet and will not be able to send out calls to other containers' own networks or the outside world.

Macvlan

The Macvlan driver enables containers to appear as physical devices in the network with their own MAC addresses, so they can directly access the physical network.

# Create a Macvlan network
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 macvlan_network

# Run a container on the Macvlan network
docker run -d --network macvlan_network busybox sleep 3600
# Create a Macvlan network
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 macvlan_network

# Run a container on the Macvlan network
docker run -d --network macvlan_network busybox sleep 3600
SHELL

IPvlan

The IPvlan driver is similar to Macvlan but focuses on assigning IP addresses instead of relying on Layer 2 (MAC addresses). It allows multiple containers to share the same network interface.

# Create an IPvlan network
docker network create -d ipvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 ipvlan_network

# Run a container on the IPvlan network
docker run -d --network ipvlan_network busybox sleep 3600
# Create an IPvlan network
docker network create -d ipvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 ipvlan_network

# Run a container on the IPvlan network
docker run -d --network ipvlan_network busybox sleep 3600
SHELL

It will share the host's Layer 2 Ethernet interface with the network but have a different IP address.

Custom Plugins

Docker's custom plugins are third-party or user-developed network drivers offering elaborate features on network capabilities that are more than what Docker may offer as a default. Third-party Docker plugins can integrate with external networking solution frameworks like Software-Defined Networking, thereby improving capabilities such as security, scalability, as well as multi-host networking. Docker provides developers and vendors with a versatile architecture for network plugins, allowing their installation and use in the same way as the native driver.

IronSecureDoc

IronSecureDoc for Docker makes it easy for developers to add secure document processing capabilities to their containerized applications. With Docker, you can encapsulate your ASP.NET Core application with IronSecureDoc in a uniform environment that eases deployment and scaling. To get it running, you build a Dockerfile that composes your ASP.NET Core application using the IronSecureDoc library and possibly other installation scripts or configurations necessary to get things working.

Docker Compose Network (How it Works for Developers): Figure 2 - IronSecureDoc

It also includes a docker-compose.yml file comprising service dependencies, environment variables, and mapped ports, thereby providing access to this. Therefore, the tasks involved with the security of documents make it easier to manage so that your web application will run efficiently and effectively outside the one used in development or production. Installing and configuring IronSecureDoc as it is in the case of Docker will be necessary to seize all the capabilities offered by encrypting the documents, redaction, etc.

Install and Running IronSecureDoc

Run the following command at the Command Prompt or in an open terminal window so the IronSecureDoc Docker image is fetched from the repository.

# Pull IronSecureDoc Docker image
docker pull ironsoftwareofficial/ironsecuredoc
# Pull IronSecureDoc Docker image
docker pull ironsoftwareofficial/ironsecuredoc
SHELL

Docker Compose Network (How it Works for Developers): Figure 3

After pulling the image from the Docker repository, you can use another command to start up IronSecureDoc as a running container.

# Run a container with network isolation and environment variables
docker container run --rm -p 8080:8080 \
  -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> \
  -e ENVIRONMENT=Development \
  -e HTTP_PORTS=8080 \
  ironsoftwareofficial/ironsecuredoc:latest
# Run a container with network isolation and environment variables
docker container run --rm -p 8080:8080 \
  -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> \
  -e ENVIRONMENT=Development \
  -e HTTP_PORTS=8080 \
  ironsoftwareofficial/ironsecuredoc:latest
SHELL

The Docker run command above will bring up a container instance of IronSecureDoc. The bridge network is assumed for network isolation. This also enables external access to services exposed inside the container through http://localhost:8080 by using the flag -p 8080:8080; this exposes the internal service, running on port 8080 of the container's network, to port 8080 of the host's network.

Containers, by default, run on Docker's bridge network, so they isolate themselves from other containers and the outside world unless you expose them via port mapping, which you do here. The environment variables being passed (IronSecureDoc_LicenseKey, ENVIRONMENT, HTTP_PORTS) configure the application's behavior in the container. The --rm flag causes the container to be removed when it stops.

This setup has the advantage that the bridge network isolates the container and connects services internally, whereas the port mapping bridges out external traffic from the host machine into the container's service, thus making access easy.

Docker Compose Network (How it Works for Developers): Figure 4

Using IronSecureDoc with Docker Network Port

IronSecureDoc's REST API allows users to redact, certify, and encrypt documents upon installation and launch in Docker. For more detailed steps, refer to the documentation here.

For example, to submit a document for encryption, you can perform a POST request to the IronSecureDoc API:

# POST a document for encryption using cURL
curl -X 'POST' \
  'http://localhost:8080/v1/document-services/pdfs/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'
# POST a document for encryption using cURL
curl -X 'POST' \
  'http://localhost:8080/v1/document-services/pdfs/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'
SHELL

This command will automatically send the document over to IronSecureDoc, where it will be encrypted appropriately.

Conclusion

Docker networking is crucial in controlling application interactions and their communication with other applications and the rest of the world through different drivers and configurations for diverse application needs. The default bridge network configuration allows basic isolation as services can be exposed to host systems through port mapping, as exemplified by the IronSecureDoc application. It facilitates easier management and configuration of containerized applications, enhancing the operational flexibility and scalability of the application.

IronSecureDoc, an advanced document processing tool, leverages Docker's capabilities in terms of containerization, allowing rapid and reliable application deployment. This ensures support for multiple environments while seamlessly integrating Docker networking with IronSecureDoc, making the integration of applications easy, accessible, and manageable.

Consequently, it streamlines workflows, improves efficiency, and enhances operations, especially when processing documents. This ultimately enriches both development and deployment experiences, making it a valuable solution for modern software applications. For more information on IronSecureDoc licensing, please follow this page. To learn more about many of the product offerings from Iron Software, follow this link.

常见问题解答

Docker Compose 网络如何促进服务通信?

Docker Compose 网络允许 Docker Compose 应用程序内的服务使用服务名称作为主机名进行通信,实现同一封装环境内的交互。

默认桥接网络在 Docker Compose 中的作用是什么?

Docker 自动创建的默认桥接网络允许容器在未定义特定网络时使用其服务名称作为主机名进行通信。

自定义网络如何增强 Docker Compose 应用程序?

Docker Compose 中的自定义网络通过允许在服务之间定义隔离和选择性通信来增强应用程序,这是在 docker-compose.yml 文件中定义的。

有哪些类型的 Docker 网络驱动程序及其用途是什么?

Docker 网络驱动程序如桥接、主机、覆盖、无、Macvlan 和 IPvlan 提供不同程度的隔离、连接性和性能,适用于不同的应用需求。

覆盖网络驱动程序如何支持多主机通信?

覆盖网络驱动程序通过虚拟网络连接多个主机上的容器,提供安全通信,常用于 Docker Swarm 或 Kubernetes 环境。

为什么在容器环境中安全的文件处理很重要?

使用 IronSecureDoc 等安全的文件处理在容器环境中很重要,因为它允许通过 Docker 的网络功能高效封装、部署和扩展应用。

如何在 Docker 中设置安全的文件处理?

您可以通过将 IronSecureDoc 等工具部署在容器内,通过 Dockerfile 和 docker-compose.yml 配置环境进行网络隔离,从而在 Docker 中设置安全的文件处理。

在 Docker 中通过 REST API 加密文件需要哪些步骤?

要在 Docker 中通过 REST API 加密文件,使用 cURL 等工具在容器化设置中发送包含文件和参数的 POST 请求至安全文件处理 API。

Docker 的网络功能如何提高应用程序的可扩展性?

Docker 的网络功能通过允许高效管理服务之间的交互和通信,简化工作流程和部署体验,从而提高应用程序的可扩展性。

将 IronSecureDoc 集成到现有 Docker 系统的过程是什么?

通过使用 Docker 命令进行设置,利用端口映射和环境变量确保一致的部署和扩展,将 IronSecureDoc 集成到现有 Docker 系统中。

Curtis Chau
Curtis Chau
  立即与工程团队聊天
技术作家

Curtis Chau 拥有卡尔顿大学的计算机科学学士学位,专注于前端开发,精通 Node.js、TypeScript、JavaScript 和 React。他热衷于打造直观且美观的用户界面,喜欢使用现代框架并创建结构良好、视觉吸引力强的手册。

除了开发之外,Curtis 对物联网 (IoT) 有浓厚的兴趣,探索将硬件和软件集成的新方法。在空闲时间,他喜欢玩游戏和构建 Discord 机器人,将他对技术的热爱与创造力相结合。

相关文章

30天试用 → 完整产品。无限制。无卡。 免费试用