Prerequisites

• A fresh Webdock cloud Ubuntu instance (18.04 or later)
• You have shell (SSH) access to your VPS
• Docker installed on your Ubuntu instance

Disclaimer

Docker under-the-hood manages iptables based on the ports published during the creation of containers. Do not expose ports on all interfaces if you do not want to expose a port publicly, instead use something like a "-p 127.0.0.1:80:80" to expose the port only on localhost (in this case the port is 80. For simplicity sake, you want to publish on all interfaces but block public access, you need to explicity block the port using a firewall like UFW.

This guide on UFW might help.

Different network drivers

There are different types of docker network drivers for different purposes. Following is the list of docker network drivers with use cases.

• bridge: used to enable communication between docker containers on the same host internally.
• host: uses host system ports for communication.
• null: disables communication between docker containers.
• overlay: used to enable communication between docker containers on different hosts (swarm nodes).
• macvlan: this allows containers to grab a unique IP address from the physical LAN network with DHCP.

Create docker network

Docker network can be created by using the following command.

$ docker network create eth0

The above command will create an eth0 network with a default bridge network driver.

Specify a network driver while creating a docker network using the --driver option.

Note: For the overlay network to work, the host should be a swarm manager in a swarm network.

$ docker network create --driver overlay eth1

It will create a docker network eth1 with an overlay network driver.

When a network is created, the docker engine creates a new subnet for the network. The --subnet option is used to specify the custom subnet range. Additionally, the --ip-range option can be used to assign an IP range from the subnet to the network, and the --gateway option will define the gateway of the network.

$ docker network create --driver=bridge --subnet=10.0.0.0/16 --ip-range=10.0.0.0/24 --gateway=10.0.0.1 eth2

List and inspect docker networks

Use the following command to list all the available docker networks.

$ docker network ls

It will list all the networks along with their ID, name, scope, and driver. In order to get detailed information on a docker network, use the following command.

$ docker network inspect [network-name]

It will display a JSON output like this.

                        ...snip...

                        "Created": "2021-11-14T09:29:01.823932382+05:00",

                        "Scope": "local",

                        "Driver": "bridge",

                        "EnableIPv6": false,

                        ...snip...

Connect and disconnect a docker container from the network

A running docker container can be attached and detached from a docker network. Use the following command to connect a running docker container with a docker network.

$ docker network connect [network-name] [container-name]

Similarly, the following command will disconnect the docker container from a network.

$ docker network disconnect [network-name] [container-name]

Also, while creating a new docker container, it can be attached to an existing network using the --network option.

$ docker run -itd --network=[network-name] busybox

Remove docker network

Use the following command to remove an unused docker network.

$ docker network rm [network-name]

If a docker container is connected to the network, the network can not be removed. So, the container has to be removed first before removing the network.

In order to remove all the unused docker networks, use the following command.

$ docker network prune

Create docker volumes

To create a docker volume, simply use the following command.

$ docker volume create

It will create a docker volume without a name. Docker volume name can be specified in the command to create a docker volume with a name.

$ docker volume create vol-1

It will create a docker volume named vol-1.

Connect a docker volume to a container

After creating a docker volume, it can be attached to the docker container. Use the --volume option while creating a new docker container to attach the docker volume.

$ docker run -itd --volume=[volume-name]:/world busybox

The above command will create a docker container and mount the docker volume to the /world directory of the container.

List and inspect docker volumes

In order to list all the available docker volumes, use the following command.

$ docker volume ls

It will display all the docker volumes along with their name and driver.

To display the detailed information about docker volume, use the following command.

$ docker volume inspect [volume-name]

It will return a JSON output like this.

                        ...snip...

                        "CreatedAt": "2021-11-14T10:50:06+05:00",

                        "Driver": "local",

                        "Labels": {},

                        "Mountpoint": "/var/lib/docker/volumes/vol-1/_data",

                        ...snip...

Remove docker volumes

Stopping or deleting a docker container does not remove the docker volume. In order to remove the docker volumes, use the following command.

$ docker volume rm [volume-name]

In order to remove all the unused docker volumes, use the following command.

$ docker volume prune

NOTE: Removing the docker volume will erase all the data stored in the volume. Keep a backup of the data before removing docker volumes.

Conclusion

Docker volumes and networks are the tools used to persist data and establish connectivity between the docker containers. This guide explained how we can create and manage docker volumes and networks.