docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/desktop/linux/networking.md

151 lines
4.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
description: Networking
keywords: linux, networking
title: Networking features in Docker Desktop for Linux
---
{% assign Arch = 'Linux' %}
Docker Desktop for {{Arch}} provides several networking features to make it
easier to use.
## Features
### VPN Passthrough
Docker Desktop for {{Arch}}'s networking can work when attached to a VPN. To do this,
Docker Desktop for {{Arch}} intercepts traffic from the containers and injects it into
{{Arch}} as if it originated from the Docker application.
### Port Mapping
When you run a container with the `-p` argument, for example:
```console
$ docker run -p 80:80 -d nginx
```
Docker Desktop for {{Arch}} makes whatever is running on port 80 in the container (in
this case, `nginx`) available on port 80 of `localhost`. In this example, the
host and container ports are the same. What if you need to specify a different
host port? If, for example, you already have something running on port 80 of
your host machine, you can connect the container to a different port:
```console
$ docker run -p 8000:80 -d nginx
```
Now, connections to `localhost:8000` are sent to port 80 in the container. The
syntax for `-p` is `HOST_PORT:CLIENT_PORT`.
### HTTP/HTTPS Proxy Support
See [Proxies](index.md#proxies).
### SSH agent forwarding
Docker Desktop for Linux allows you to use the hosts SSH agent inside a container. To do this:
1. Bind mount the SSH agent socket by adding the following parameter to your `docker run` command:
`--mount type=bind,src=/run/host-services/ssh-auth.sock,target=/run/host-services/ssh-auth.sock`
1. Add the `SSH_AUTH_SOCK` environment variable in your container:
`-e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock"`
To enable the SSH agent in Docker Compose, add the following flags to your service:
```yaml
services:
web:
image: nginx:alpine
volumes:
- type: bind
source: /run/host-services/ssh-auth.sock
target: /run/host-services/ssh-auth.sock
environment:
- SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock
```
## Known limitations, use cases, and workarounds
Below is a summary of the current limitations on the Docker Desktop for {{Arch}}
networking stack, along with some ideas for workarounds.
### Changing internal IP addresses
The internal IP addresses used by Docker can be changed from the **Settings** panel.
After changing IPs, you need to reset the Kubernetes cluster and leave any active Swarm.
### I cannot ping my containers
Docker Desktop for Linux can't route traffic to containers.
### Per-container IP addressing is not possible
The docker bridge network is not reachable from the Linux host.
### Use cases and workarounds
There are two scenarios that the above limitations affect:
#### I want to connect from a container to a service on the host
The host has a changing IP address (or none if you have no network access). We recommend that you connect to the special DNS name
`host.docker.internal` which resolves to the internal IP address used by the
host. This is for development purposes and will not work in a production environment outside of Docker Desktop for Linux.
You can also reach the gateway using `gateway.docker.internal`.
If you have installed Python on your machine, use the following instructions as an example to connect from a container to a service on the host:
1. Run the following command to start a simple HTTP server on port 8000.
`python -m http.server 8000`
If you have installed Python 2.x, run `python -m SimpleHTTPServer 8000`.
2. Now, run a container, install `curl`, and try to connect to the host using the following commands:
```console
$ docker run --rm -it alpine sh
# apk add curl
# curl http://host.docker.internal:8000
# exit
```
#### I want to connect to a container from the Linux host
Port forwarding works for `localhost`; `--publish`, `-p`, or `-P` all work.
Ports exposed from the Linux VM are forwarded to the host.
Our current recommendation is to publish a port, or to connect from another
container. This is what you need to do even on Linux if the container is on an
overlay network, not a bridge network, as these are not routed.
For example, to run an `nginx` webserver:
```console
$ docker run -d -p 80:80 --name webserver nginx
```
To clarify the syntax, the following two commands both expose port `80` on the
container to port `8000` on the host:
```console
$ docker run --publish 8000:80 --name webserver nginx
$ docker run -p 8000:80 --name webserver nginx
```
To expose all ports, use the `-P` flag. For example, the following command
starts a container (in detached mode) and the `-P` exposes all ports on the
container to random ports on the host.
```console
$ docker run -d -P --name webserver nginx
```
See the [run command](../../engine/reference/commandline/run.md) for more details on
publish options used with `docker run`.
Reference in New Issue View Git Blame Copy Permalink