We've reached so far, brick by brick, laying a strong and stimulating foundation on the fast-evolving Docker technology. We talked about the important building blocks of the highly usable and reusable Docker images. Further on, you can read the easy-to-employ techniques and tips on how to store and share Docker images through a well-designed storage framework. As usual, images will have to go through a series of verifications, validations, and refinements constantly in order to make them more right and relevant for the aspiring development community. In this chapter, we are going to take our learning to the next level by describing the steps towards creating a small web server, run the same inside a container, and connect to the web server from the external world.
In this chapter, we will cover the following topics:
Like any computing node, the Docker containers need to be networked, in order to be found and accessible by other containers and clients. In a network, generally, any node is being identified through its IP address. Besides, the IP address is a unique mechanism for any client to reach out to the services offered by any server node. Docker internally uses Linux capabilities to provide network connectivity to containers. In this section, we are going to learn about the container's IP address assignment and the procedure to retrieve the container's IP address.
The Docker engine seamlessly selects and assigns an IP address to a container with no intervention from the user, when it gets launched. Well, you might be puzzled on how Docker selects an IP address for a container, and this puzzle is answered in two parts, which is as follows:
docker0
on the Docker host. It also selects a private IP address range, and assigns an address from the selected range to the docker0
virtual interface. This selected IP address is always outside the range of the Docker host IP address in order to avoid an IP address conflict.docker0
virtual interface. Then, the engine assigns this IP address to the freshly spun container.Docker, by default, selects the IP address 172.17.42.1/16
, or one of the IP addresses that is within the range 172.17.0.0
to 172.17.255.255
. Docker will select a different private IP address range if there is a direct conflict with the 172.17.x.x
addresses. Perhaps, the good old ifconfig
(the command to display the details of the network interfaces) comes in handy here to find out the IP address assigned to the virtual interface. Let's just run ifconfig
with docker0
as an argument, as follows:
$ ifconfig docker0
The second line of the output will show the assigned IP address and its netmask:
inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
Apparently, from the preceding text, 172.17.42.1
is the IP address assigned to the docker0
virtual interface. The IP address 172.17.42.1
is one of the addresses in the private IP address range from 172.17.0.0
to 172.17.255.255
.
It's now imperative that we learn how to find the IP address assigned to a container. The container should be launched in an interactive mode using the -i
option. Of course, we can easily find the IP by running the ifconfig
command within the container, as shown here:
$ sudo docker run -i -t ubuntu:14.04 /bin/bash root@4b0b567b6019:/# ifconfig
The ifconfig
command will display the details of all the interfaces in the Docker container, as follows:
eth0 Link encap:Ethernet HWaddr e6:38:dd:23:aa:3f inet addr:172.17.0.12 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::e438:ddff:fe23:aa3f/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:6 errors:0 dropped:2 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:488 (488.0 B) TX bytes:578 (578.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Evidently, the preceding output of the ifconfig
command shows that the Docker engine has virtualized two network interfaces for the container, which are as follows:
eth0
(Ethernet) interface for which the Docker engine assigned the IP address 172.17.0.12
. Obviously, this address also falls within the same IP address range of the docker0
virtual interface. Besides, the address assigned to the eth0
interface is used for intra-container communication and host-to-container communication.lo
(Loopback) interface for which the Docker engine assigned the loopback address 127.0.0.1
. The loopback interface is used for local communication within a container.Easy, isn't it? However, the retrieval of an IP address gets complicated when the container is launched in the detached mode, using the -d
option in the docker run
subcommand. The primary reason for this complication in the detached mode is that there is no shell prompt to run the ifconfig
command. Fortunately, Docker provides a docker inspect
subcommand, which is as handy as a Swiss army knife, and allow us to dive deep into the low-level details of the Docker container or image. The docker inspect
subcommand generates the requested details in the JSON array format.
Here is a sample run of the docker inspect
subcommand on the interactive container that we previously launched. The 4b0b567b6019
container ID is taken from the prompt of the container:
$ sudo docker inspect 4b0b567b6019
This command generates quite a lot of information about the container. Here, we show some excerpts of the container's network configuration from the output of the docker inspect
subcommand:
"NetworkSettings": { "Bridge": "docker0", "Gateway": "172.17.42.1", "IPAddress": "172.17.0.12", "IPPrefixLen": 16, "PortMapping": null, "Ports": {} },
Here, the network configuration lists out the following details:
There is no doubt that the docker inspect
subcommand is quite convenient for finding the minute details of a container or an image. However, it's a tiresome job to go through the intimidating details and to find the right information that we are keenly looking for. Perhaps, you can narrow it down to the right information, using the grep
command. Or even better, the docker inspect
subcommand, which helps you pick the right field from the JSON array using the --format
option of the docker inspect
subcommand.
Notably, in the following example, we use the --format
option of the docker inspect
subcommand to retrieve just the IP address of the container. The IP address is accessible through the .NetworkSettings.IPAddress
field of the JSON array:
$ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' 4b0b567b6019 172.17.0.12