Networking using the host network
This series of tutorials deals with networking standalone containers which bind directly to the Docker host's network, with no network isolation. For other networking topics, see the overview.
Goal
The goal of this tutorial is to start a nginx container which binds directly
to port 80 on the Docker host. From a networking point of view, this is the
same level of isolation as if the nginx process were running directly on the
Docker host and not in a container. However, in all other ways, such as storage,
process namespace, and user namespace, the nginx process is isolated from the
host.
Prerequisites
This procedure requires port 80 to be available on the Docker host. To make Nginx listen on a different port, see the documentation for the
nginximageThe
hostnetworking driver only works on Linux hosts, but is availabe as a beta feature on Docker Desktop version 4.29 and later for Mac, Windows, and Linux. To enable this feature, navigate to the Features in development tab in Settings, and then select Enable host networking.
Procedure
Create and start the container as a detached process. The
--rmoption means to remove the container once it exits/stops. The-dflag means to start the container detached (in the background).$ docker run --rm -d --network host --name my_nginx nginxAccess Nginx by browsing to http://localhost:80/.
Examine your network stack using the following commands:
Examine all network interfaces and verify that a new one was not created.
$ ip addr showVerify which process is bound to port 80, using the
netstatcommand. You need to usesudobecause the process is owned by the Docker daemon user and you otherwise won't be able to see its name or PID.$ sudo netstat -tulpn | grep :80
Stop the container. It will be removed automatically as it was started using the
--rmoption.docker container stop my_nginx