docker network ls
NETWORK ID NAME DRIVER SCOPE
f433177986a9 bridge bridge local
fabe1ed5913a host host local
0ec6bbe294fe none null local
**Mapeando a porta 80 do contêiner no host local**:
docker container run -d --name web --network bridge -p 80:80 nginx
docker container port web
80/tcp -> 0.0.0.0:80
80/tcp -> [::]:80
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a4415558550a nginx "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, :::80->80/tcp web
docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a4415558550a nginx "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, :::80->80/tcp web
curl 127.0.0.1
Welcome to nginx!
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
docker container rm -f web
web
**Mapeando uma porta de forma aleatória**:
docker container run -d --name web -P nginx
1167ea9a9a278dde7613a6fb590cb282eb2ec741ecafbbe4ef51b3bb18461588
docker container port web
80/tcp -> 0.0.0.0:32768
80/tcp -> [::]:32768
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
docker container rm -f web
web
==== Gerenciar links ====
**Execute um contêiner com o nome de server**:
docker container run -di --name=server -h server busybox
**Execute o segundo contêiner criando um link para o primeiro**:
docker container run --detach --interactive --name=client --link server:server --hostname client busybox
ebf775e910e3a5ca6047a53cc9c0cb8ff83ba878577c901d990c7890f7b7b2c6
FIXME O Link no Docker, permite que um contêiner se comunique com outros contêineres
pelo hostname.
**Verifique se no arquivo /etc/hosts do segundo contêiner consta o nome e IP do primeiro**:
docker container exec --interactive --tty client cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 server server
172.17.0.3 client
**Faça um teste de conectividade do cliente ao servidor**:
docker container exec --interactive --tty client ping -c3 server
PING server (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.272 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.118 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.116 ms
--- server ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.116/0.168/0.272 ms
docker container exec --interactive --tty client ping -c3 server
PING server (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.272 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.118 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.116 ms
--- server ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.116/0.168/0.272 ms
**Já o arquivo /etc/hosts do primeiro contêiner não consta o nome e IP do segundo**:
docker container exec -it server ping -c3 client
ping: bad address 'client'
docker container exec -it server cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 server
docker container rm -f server client
server
client
==== Gerenciar DNS ====
**Execute um contêiner com o nome de server apontando para um servidor de DNS público**:
docker container run --interactive --detach --name=server --hostname server --dns=1.1.1.1 busybox
ad59adca03b68d573e6f47715a3c636bb55a05220105073fa13c337545913647
docker container exec -it server cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.
nameserver 1.1.1.1
search .
# Based on host file: '/run/systemd/resolve/resolv.conf' (legacy)
# Overrides: [nameservers]
**Faça um teste no contêiner através do comando ''nslookup''**:
docker container exec -it server nslookup -querytype=A geanmartins.com.br
Server: 1.1.1.1
Address: 1.1.1.1:53
Non-authoritative answer:
Name: geanmartins.com.br
Address: 191.101.70.134
docker rm -f server
server
**Para fixar a configuração do servidor DNS no Docker, edite ou crie o arquivo //daemon.json//**:
sudo systemctl restart docker
**Execute novamente um contêiner sem apontar um servidor de DNS**:
docker exec -ti server nslookup -querytype=A geanmartins.com.br
Server: 1.1.1.1
Address: 1.1.1.1:53
Non-authoritative answer:
Name: geanmartins.com.br
Address: 191.101.70.134
docker rm -f server
server
==== Rede bridge ====
**Para executar um contêiner utilizando a rede bridge, execute o contêiner com a flag ''--network''**:
docker container run -d --name web --network bridge -p 80:80 nginx
b8803a34cef78c3232806e55c391e9a2f38b72f1987c8b51837cba396e8ef0de
sudo ss -nltp | grep 80
LISTEN 0 4096 0.0.0.0:80 0.0.0.0:* users:(("docker-proxy",pid=3609,fd=4))
LISTEN 0 4096 [::]:80 [::]:* users:(("docker-proxy",pid=3615,fd=4))
FIXME O Docker cria uma regra de Firewall que permite o acesso interno e externo da porta 80.
sudo iptables -nL --line-number | grep 80 -B2
Chain DOCKER (1 references)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:80
docker rm -f web
web
==== Rede host ====
**Para executar um contêiner utilizando a rede host, execute o contêiner com a flag ''--net''**:
docker container run -d --name server --net=host nginx
23cda1464463fc8861d8e29201a56f4cf8a938bbe5ad0dec82332d2159ab95f1
FIXME Veja se o contêiner não possui porta mapeada, pois o Nginx está utilizando a porta diretamente no host local:
docker container port server
sudo ss -nltp | grep 80
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=3921,fd=6),("nginx",pid=3920,fd=6),("nginx",pid=3884,fd=6))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=3921,fd=7),("nginx",pid=3920,fd=7),("nginx",pid=3884,fd=7))
FIXME Quando utilizamos a flag –net=host, estamos iniciando um contêiner que se liga
diretamente a porta no host do Docker. Do ponto de vista da rede, esse é o mesmo
nível de isolamento, como se o processo nginx estivesse sendo executado diretamente
no host do Docker e não em um contêiner.
No entanto, em todas as outras formas, como armazenamento, namespace de processo
e namespace de usuário, o processo nginx é isolado do host.
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
docker container rm -f server
===== Comandos de gerenciamento de redes no Docker =====
==== Utilizar Rede Padrão ====
**Opções do comando ''docker network''**:
docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
**Para exibir informações detalhadas sobre a rede bridge, execute o seguinte comando**:
docker network ls
NETWORK ID NAME DRIVER SCOPE
6a188ccecd57 bridge bridge local
fabe1ed5913a host host local
0ec6bbe294fe none null local
docker network inspect bridge
[
{
"Name": "bridge",
"Id": "6a188ccecd5730893b2664ac8d5d5fe139b673ab2c10180a45671db6f76aa055",
"Created": "2024-10-06T00:57:04.432027758Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
**Vamos testar o uso da rede padrão com dois contêineres**:
docker container run -di --name=c1 -h server busybox
f21bcd2cb75b4fa5579df2eaa9e515577d7bdc3f44129212e5c13617cebee375
docker container run -di --name=c2 -h client busybox
8f7c39b5ae7ee073ca60819a55bcbb210a11b26ab42d36483f5343af2a48b83f
**Verifique o endereço IP de cada contêiner**:
docker container exec c1 ip a
1: lo: mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
22: eth0@if23: mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
docker container exec c2 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:866 (866.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
**Teste de conectividade entre os contêineres**:
docker container exec c1 ping -c2 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=1.090 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.176 ms
--- 172.17.0.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.176/0.633/1.090 ms
docker container exec c2 ping -c2 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.041 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.106 ms
--- 172.17.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.041/0.073/0.106 ms
docker rm -f c1 c2
c1
c2
==== Criar Redes Personalizadas ====
**Ciando uma nova rede**:
docker network create --driver bridge --subnet 172.32.0.0/16 dca
a70591ccd650dd52481ac4898a00b6b72626d421bb583276a2e06ce1fbbd56fb
docker network ls
NETWORK ID NAME DRIVER SCOPE
6a188ccecd57 bridge bridge local
a70591ccd650 dca bridge local
fabe1ed5913a host host local
0ec6bbe294fe none null local
docker network ls
NETWORK ID NAME DRIVER SCOPE
6a188ccecd57 bridge bridge local
a70591ccd650 dca bridge local
fabe1ed5913a host host local
0ec6bbe294fe none null local
**Exibindo informações detalhadas sobre a rede dca**:
docker network inspect dca
[
{
"Name": "dca",
"Id": "a70591ccd650dd52481ac4898a00b6b72626d421bb583276a2e06ce1fbbd56fb",
"Created": "2024-10-06T12:27:06.95645443Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.32.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
**Utilizando IP Fixo:**
docker container run -di --name=c1 -h server --network dca --ip 172.32.0.100 --add-host=client:172.32.0.113 busybox
5e87f7778ae08afcb5eca8f5c86b20310120669c5f25a9a51658d274a0d37f95
docker container run -di --name=c1 -h server --network dca --ip 172.32.0.100 --add-host=client:docker container run -di --name=c2 --link c1:server -h client --net dca --ip 172.32.0.113 busybox
b6c8112cad38aaae3b84dcefdd7b24a53eaad24d8ead36507035a4740e7a7e6f
**Teste de conectividade**:
docker container exec -it c1 ping -c2 client
PING client (172.32.0.113): 56 data bytes
64 bytes from 172.32.0.113: seq=0 ttl=64 time=0.369 ms
64 bytes from 172.32.0.113: seq=1 ttl=64 time=0.190 ms
--- client ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.190/0.279/0.369 ms
docker container exec -it c1 ping -c2 172.32.0.113
PING 172.32.0.113 (172.32.0.113): 56 data bytes
64 bytes from 172.32.0.113: seq=0 ttl=64 time=0.147 ms
64 bytes from 172.32.0.113: seq=1 ttl=64 time=0.195 ms
--- 172.32.0.113 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.147/0.171/0.195 ms
docker container exec -ti c2 ping -c2 server
PING server (172.32.0.100): 56 data bytes
64 bytes from 172.32.0.100: seq=0 ttl=64 time=0.117 ms
64 bytes from 172.32.0.100: seq=1 ttl=64 time=0.151 ms
--- server ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.117/0.134/0.151 ms
docker container exec --tty --interactive c2 ping -c2 172.32.0.100
PING 172.32.0.100 (172.32.0.100): 56 data bytes
64 bytes from 172.32.0.100: seq=0 ttl=64 time=0.139 ms
64 bytes from 172.32.0.100: seq=1 ttl=64 time=0.146 ms
--- 172.32.0.100 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.139/0.142/0.146 ms
**Desconectar contêiner de uma rede**:
docker network disconnect dca c2
docker container exec -ti c1 ping -c2 client
PING client (172.32.0.113): 56 data bytes
^C
--- client ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
**Conectando um contêiner a uma rede**:
docker network connect --ip 172.32.0.113 dca c2
docker container exec -ti c1 ping -c2 client
PING client (172.32.0.113): 56 data bytes
64 bytes from 172.32.0.113: seq=0 ttl=64 time=0.208 ms
64 bytes from 172.32.0.113: seq=1 ttl=64 time=0.126 ms
--- client ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.126/0.167/0.208 ms
==== Remover Rede ====
docker container exec -ti c1 ping -c2 client
PING client (172.32.0.113): 56 data bytes
64 bytes from 172.32.0.113: seq=0 ttl=64 time=0.208 ms
64 bytes from 172.32.0.113: seq=1 ttl=64 time=0.126 ms
--- client ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.126/0.167/0.208 ms
gean@dca-manager:~$ docker container rm -f c1 c2
c1
c2
docker network rm dca
dca
docker network ls
NETWORK ID NAME DRIVER SCOPE
6a188ccecd57 bridge bridge local
fabe1ed5913a host host local
0ec6bbe294fe none null local
**Removendo redes que não estão sendo utilizadas**:
docker network prune
WARNING! This will remove all custom networks not used by at least one container.
Are you sure you want to continue? [y/N] y