Networking using the host network

Estimated reading time: 2 minutes

This series of tutorials deals with networking standalone containers which bind directly to the Docker host’s network, with no network isolation. For other networking topics, see the overview.

Goal

The goal of this tutorial is to start a nginx container which binds directly to port 80 on the Docker host. From a networking point of view, this is the same level of isolation as if the nginx process were running directly on the Docker host and not in a container. However, in all other ways, such as storage, process namespace, and user namespace, the nginx process is isolated from the host.

Prerequisites

  • This procedure requires port 80 to be available on the Docker host. To make Nginx listen on a different port, see the documentation for the nginx image

  • The host networking driver only works on Linux hosts, and is not supported on Docker for Mac, Docker for Windows, or Docker EE for Windows Server.

Procedure

  1. Create and start the container as a detached process.

    docker run --rm -dit --network host --name my_nginx nginx
    
  2. Access Nginx by browsing to http://localhost:80/.

  3. Examine your network stack using the following commands:

    • Examine all network interfaces and verify that a new one was not created.

      ip addr show
      
    • Verify which process is bound to port 80, using the netstat command. You need to use sudo because the process is owned by the Docker daemon user and you otherwise won’t be able to see its name or PID.

      sudo netstat -tulpn | grep :80
      
  4. Stop the container.

    docker container stop my_nginx
    docker container rm my_nginx
    

Other networking tutorials

Now that you have completed the networking tutorials for standalone containers, you might want to run through these other networking tutorials:

networking, host, standalone