0

I have a docker-compose file which is globally like this.

version '2'

services:
  app:
    image: myimage
    ports:
      - "80:80"
    networks:
      mynet:
        ipv4_adress: 192.168.22.22

  db:
    image: postgres:9.5
    ports: 
      - "6432:5432"
    networks:
      mynet:
        ipv4_adress: 192.168.22.23

...


networks:
  mynet:
    driver: bridge
    ipam:
      driver: default
      config:
      - subnet: 192.168.22.0/24

I want to put my postgresql and application in subnetworks to avoid the ports to be exposed outside my computer/server.

From within the app container, I can't connect to 192.168.22.23, I installed net-tools to use ifconfig/netstat, and it doesn't seem the containers are able to communicate.

I assume I have this problem because I'm using subnetworks with static ipv4 adresses.

I can access both static IPs from the host (connect to postgres and access the application)

Do you have any piece of advice, the goal is to access the ports of another container to communicate with him, without removing the use of static ips (on app at least). Here, to connect to postgresql from the app container.

Improve this question
6
  • you do not set your network mynet in networks section Commented Jul 29, 2019 at 12:04
  • I don't have the dockerfile with me right now, was a typo. thanks Commented Jul 29, 2019 at 12:06
  • Delete all of this networks: manual configuration. If you don’t set ports: then the containers still won’t be reachable from off-host. Use the service block names like db as host names to communicated between containers. Never think about the container-internal IP addresses. Commented Jul 29, 2019 at 13:06
  • @DavidMaze forgot to rewrite the ports rules on 'db' and 'app'. How am I supposed to write my nginx proxy_pass rule from host if I don't use static ips to identify my containers ? Commented Jul 29, 2019 at 13:10
  • 1
    With the host’s IP address and ports:. On many platforms (including Docker for Mac and anything that uses Docker Toolbox) you cannot use the container-internal IP address at all. You can specify ports: [‘127.0.0.1:8080:8080’] to make something reachable from processes on the host, but not off-host. Commented Jul 29, 2019 at 13:35

1 Answer 1

Reset to default
2

The docker run -p option and Docker Compose ports: option take a bind address as an optional parameter. You can use this to make a service accessible from the same host, but not from other hosts:

services:
  db:
    ports:
      - '127.0.0.1:6432:5432'

(The other good use of this setting is if you have a gateway machine with both a public and private network interface, and you want a service to only be accessible from the private network.)

Once you have this, you can dispense with all of the manual networks: setup. Non-Docker services on the same host can reach the service via the special host name localhost and the published port number. Docker services can use inter-container networking; within the same docker-compose.yml file you can use the service name as a host name, and the internal port number.

host$ PGHOST=localhost PGPORT=6432 psql

services:
  app:
    environment:
      - PGHOST=db
      - PGPORT=5432

You should remove all of the manual networks: setup, and in general try not to think about the Docker-internal IP addresses at all. If your Docker is Docker for Mac or Docker Toolbox, you cannot reach the internal IP addresses at all. In a multi-host environment they will be similarly unreachable from hosts other than where the container itself is running.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

using ports with 127.0.0.1:portHost:portContainer works perfectly, removed all my networks. thanks !

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.