Docker Networks Lab

What you'll build

A practical lab where you'll create Docker networks and see how containers communicate with each other.

You'll create an architecture with:

• frontend network for Nginx
• backend network for API and PostgreSQL
• API connected to both networks

Step 1: Clean existing containers

docker stop $(docker ps -aq) 2>/dev/null
docker rm $(docker ps -aq) 2>/dev/null

Step 2: Create the networks

# Network for frontend (public access)
docker network create frontend

# Network for backend (internal, no internet)
docker network create --internal backend

# Verify
docker network ls

Step 3: Create PostgreSQL (backend only)

docker run -d \
  --name db \
  --network backend \
  -e POSTGRES_PASSWORD=secret \
  -e POSTGRES_DB=app \
  postgres:16-alpine

Step 4: Create the API (both networks)

# First on backend
docker run -d \
  --name api \
  --network backend \
  -e DATABASE_URL=postgres://postgres:secret@db:5432/app \
  -p 3000:3000 \
  node:20-alpine sleep infinity

# Connect to frontend too
docker network connect frontend api

Step 5: Test communication

# API can see db
docker exec api ping -c 2 db
# ✓ Works

# Install psql on api to test connection
docker exec api apk add postgresql-client
docker exec api psql postgres://postgres:secret@db:5432/app -c "SELECT 1"
# ✓ Works

Step 6: Create Nginx (frontend only)

docker run -d \
  --name nginx \
  --network frontend \
  -p 80:80 \
  nginx:alpine

Step 7: Verify isolation

# Nginx CANNOT see db (different networks)
docker exec nginx ping -c 2 db
# ✗ ping: bad address 'db'

# Nginx CAN see api (same frontend network)
docker exec nginx ping -c 2 api
# ✓ Works

# db has NO internet access (--internal network)
docker exec db ping -c 2 google.com
# ✗ Doesn't work (this is good!)

Architecture diagram

┌─────────────────────────────────────────────────────┐
│                    INTERNET                          │
└───────────────────────┬─────────────────────────────┘
                        │ :80
┌───────────────────────▼─────────────────────────────┐
│              Network: frontend                       │
│  ┌─────────┐         ┌─────────┐                    │
│  │  nginx  │ ──────▶ │   api   │                    │
│  │  :80    │         │  :3000  │                    │
│  └─────────┘         └────┬────┘                    │
└───────────────────────────┼─────────────────────────┘
                            │
┌───────────────────────────▼─────────────────────────┐
│              Network: backend (internal)             │
│                      ┌─────────┐                    │
│  ┌─────────┐ ──────▶ │   db    │                    │
│  │   api   │         │  :5432  │                    │
│  └─────────┘         └─────────┘                    │
│                                                      │
│  ⛔ No internet access                              │
└─────────────────────────────────────────────────────┘

Step 8: Inspect the networks

# See containers in frontend
docker network inspect frontend --format '{{range .Containers}}{{.Name}} {{end}}'
# nginx api

# See containers in backend
docker network inspect backend --format '{{range .Containers}}{{.Name}} {{end}}'
# db api

# See IPs
docker inspect api --format '{{range .NetworkSettings.Networks}}{{.NetworkID}}: {{.IPAddress}}{{println}}{{end}}'

Cleanup

docker stop nginx api db
docker rm nginx api db
docker network rm frontend backend

Next step

→ Docker Volumes Backup