mirror of https://github.com/docker/docs.git
113 lines
3.4 KiB
Markdown
113 lines
3.4 KiB
Markdown
---
|
|
description: Networking
|
|
keywords: mac, networking
|
|
redirect_from:
|
|
- /mackit/networking/
|
|
title: Networking features in Docker for Mac
|
|
---
|
|
{% assign Arch = 'Mac' %}
|
|
|
|
Docker for {{Arch}} provides several networking features to make it
|
|
easier to use.
|
|
|
|
## Features
|
|
|
|
### VPN Passthrough
|
|
|
|
Docker for {{Arch}}'s networking can work when attached to a VPN. To do this,
|
|
Docker for {{Arch}} intercepts traffic from the containers and injects it into
|
|
{{Arch}} as if it originated from the Docker application.
|
|
|
|
### Port Mapping
|
|
|
|
When you run a container with the `-p` argument, for example:
|
|
|
|
```
|
|
$ docker run -p 80:80 -d nginx
|
|
```
|
|
|
|
Docker for {{Arch}} makes whatever is running on port 80 in the container (in
|
|
this case, `nginx`) available on port 80 of `localhost`. In this example, the
|
|
host and container ports are the same. What if you need to specify a different
|
|
host port? If, for example, you already have something running on port 80 of
|
|
your host machine, you can connect the container to a different port:
|
|
|
|
```
|
|
$ docker run -p 8000:80 -d nginx
|
|
```
|
|
|
|
Now, connections to `localhost:8000` are sent to port 80 in the container. The
|
|
syntax for `-p` is `HOST_PORT:CLIENT_PORT`.
|
|
|
|
### HTTP/HTTPS Proxy Support
|
|
|
|
See [Proxies](index#proxies).
|
|
|
|
## Known limitations, use cases, and workarounds
|
|
|
|
Following is a summary of current limitations on the Docker for {{Arch}}
|
|
networking stack, along with some ideas for workarounds.
|
|
|
|
### There is no docker0 bridge on macOS
|
|
|
|
Because of the way networking is implemented in Docker for Mac, you cannot see a
|
|
`docker0` interface on the host. This interface is actually within the virtual
|
|
machine.
|
|
|
|
### I cannot ping my containers
|
|
|
|
Docker for Mac can't route traffic to containers.
|
|
|
|
### Per-container IP addressing is not possible
|
|
|
|
The docker (Linux) bridge network is not reachable from the macOS host.
|
|
|
|
### Use cases and workarounds
|
|
|
|
There are two scenarios that the above limitations affect:
|
|
|
|
#### I want to connect from a container to a service on the host
|
|
|
|
The host has a changing IP address (or none if you have no network access). From
|
|
18.03 onwards our recommendation is to connect to the special DNS name
|
|
`host.docker.internal`, which resolves to the internal IP address used by the
|
|
host.
|
|
|
|
The gateway is also reachable as `gateway.docker.internal`.
|
|
|
|
#### I want to connect to a container from the Mac
|
|
|
|
Port forwarding works for `localhost`; `--publish`, `-p`, or `-P` all work.
|
|
Ports exposed from Linux are forwarded to the host.
|
|
|
|
Our current recommendation is to publish a port, or to connect from another
|
|
container. This is what you need to do even on Linux if the container is on an
|
|
overlay network, not a bridge network, as these are not routed.
|
|
|
|
The command to run the `nginx` webserver shown in [Getting Started](index#explore-the-application-and-run-examples)
|
|
is an example of this.
|
|
|
|
```bash
|
|
$ docker run -d -p 80:80 --name webserver nginx
|
|
```
|
|
|
|
To clarify the syntax, the following two commands both expose port `80` on the
|
|
container to port `8000` on the host:
|
|
|
|
```bash
|
|
$ docker run --publish 8000:80 --name webserver nginx
|
|
|
|
$ docker run -p 8000:80 --name webserver nginx
|
|
```
|
|
|
|
To expose all ports, use the `-P` flag. For example, the following command
|
|
starts a container (in detached mode) and the `-P` exposes all ports on the
|
|
container to random ports on the host.
|
|
|
|
```bash
|
|
$ docker run -d -P --name webserver nginx
|
|
```
|
|
|
|
See the [run command](/engine/reference/commandline/run.md) for more details on
|
|
publish options used with `docker run`.
|