Networking using the host network
This series of tutorials deals with networking standalone containers which bind directly to the Docker host’s network, with no network isolation. For other networking topics, see the overview.
The goal of this tutorial is to start a
nginx container which binds directly
to port 80 on the Docker host. From a networking point of view, this is the
same level of isolation as if the
nginx process were running directly on the
Docker host and not in a container. However, in all other ways, such as storage,
process namespace, and user namespace, the
nginx process is isolated from the
This procedure requires port 80 to be available on the Docker host. To make Nginx listen on a different port, see the documentation for the
hostnetworking driver only works on Linux hosts, and is not supported on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server.
Create and start the container as a detached process. The
--rmoption means to remove the container once it exits/stops. The
-dflag means to start the container detached (in the background).
$ docker run --rm -d --network host --name my_nginx nginx
Access Nginx by browsing to http://localhost:80/.
Examine your network stack using the following commands:
Examine all network interfaces and verify that a new one was not created.
$ ip addr show
Verify which process is bound to port 80, using the
netstatcommand. You need to use
sudobecause the process is owned by the Docker daemon user and you otherwise won’t be able to see its name or PID.
$ sudo netstat -tulpn | grep :80
Stop the container. It will be removed automatically as it was started using the
docker container stop my_nginx
Other networking tutorials
Now that you have completed the networking tutorials for standalone containers, you might want to run through these other networking tutorials: