Volumes & Networks
Comprehensive guide to Docker volume management and network configuration for data persistence and container communication.
Volume Management
Volume Types
# Named volumes (recommended for production)
docker volume create myvolume
docker run -v myvolume:/data myapp
# Host bind mounts (good for development)
docker run -v /host/path:/container/path myapp
docker run -v $(pwd):/app myapp
# Anonymous volumes (temporary data)
docker run -v /container/path myapp
# Read-only volumes
docker run -v /host/path:/container/path:ro myapp
# Tmpfs mounts (in-memory storage)
docker run --tmpfs /tmp:rw,noexec,nosuid,size=100m myapp
Volume Commands
# Create volume
docker volume create myvolume
# Create volume with specific driver
docker volume create --driver local myvolume
# Create volume with options
docker volume create --driver local \
--opt type=nfs \
--opt o=addr=192.168.1.1,rw \
--opt device=:/path/to/dir \
myvolume
# List volumes
docker volume ls
# Inspect volume
docker volume inspect myvolume
# Remove volume
docker volume rm myvolume
# Remove unused volumes
docker volume prune
# Remove all volumes (careful!)
docker volume prune -a
Volume Drivers
# Local driver (default)
docker volume create --driver local myvolume
# NFS volume
docker volume create --driver local \
--opt type=nfs \
--opt o=addr=10.0.0.1,rw \
--opt device=:/exports/data \
nfs-volume
# CIFS/SMB volume
docker volume create --driver local \
--opt type=cifs \
--opt o=addr=10.0.0.1,username=user,password=pass \
--opt device=//10.0.0.1/share \
cifs-volume
# Block device volume
docker volume create --driver local \
--opt type=ext4 \
--opt device=/dev/sdb1 \
block-volume
Advanced Volume Operations
# Copy data between volumes
docker run --rm -v source_vol:/from -v dest_vol:/to alpine sh -c "cp -av /from/* /to/"
# Backup volume to tar
docker run --rm -v myvolume:/data -v $(pwd):/backup alpine tar czf /backup/backup.tar.gz -C /data .
# Restore volume from tar
docker run --rm -v myvolume:/data -v $(pwd):/backup alpine tar xzf /backup/backup.tar.gz -C /data
# Inspect volume usage
docker system df -v
# Find containers using a volume
docker ps -a --filter volume=myvolume
Volume Best Practices
# In Dockerfile
VOLUME ["/data", "/logs"]
# Use specific mount targets
VOLUME /var/lib/mysql
VOLUME /var/log/nginx
# Avoid anonymous volumes in production
# ✗ Bad
VOLUME /data
# ✓ Good - use named volumes
# docker run -v data_volume:/data myapp
Network Management
Network Types
# Bridge network (default)
docker network create mynetwork
# Host network (share host networking)
docker run --network host myapp
# None network (no networking)
docker run --network none myapp
# Overlay network (for swarm)
docker network create -d overlay overlay-network
# Macvlan network (VM-like networking)
docker network create -d macvlan \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 \
-o parent=eth0 \
macvlan-network
Network Commands
# Create network
docker network create mynetwork
# Create network with specific subnet
docker network create --subnet=172.20.0.0/16 mynetwork
# Create network with custom settings
docker network create \
--driver bridge \
--subnet=172.30.0.0/24 \
--ip-range=172.30.0.0/28 \
--gateway=172.30.0.1 \
--aux-address="host1=172.30.0.5" \
mynetwork
# List networks
docker network ls
# Inspect network
docker network inspect mynetwork
# Connect container to network
docker network connect mynetwork container_name
# Connect with specific IP
docker network connect --ip 172.20.0.100 mynetwork container_name
# Disconnect from network
docker network disconnect mynetwork container_name
# Remove network
docker network rm mynetwork
# Remove unused networks
docker network prune
Container Network Configuration
# Run with specific network
docker run --network mynetwork nginx
# Run with multiple networks
docker run --network net1 nginx
docker network connect net2 container_name
# Set container hostname
docker run --hostname web-server nginx
# Set DNS servers
docker run --dns 8.8.8.8 --dns 8.8.4.4 nginx
# Set DNS search domains
docker run --dns-search example.com nginx
# Add entries to /etc/hosts
docker run --add-host hostname:IP nginx
# Publish ports
docker run -p 8080:80 nginx # Host port 8080 -> Container port 80
docker run -p 127.0.0.1:8080:80 nginx # Bind to localhost only
docker run -p 8080:80/tcp -p 8080:80/udp nginx # Both TCP and UDP
Network Inspection
# Show container IP address
docker inspect -f '{{.NetworkSettings.IPAddress}}' container_name
# Show all network settings
docker inspect -f '{{json .NetworkSettings}}' container_name | jq
# Show networks a container is connected to
docker inspect -f '{{json .NetworkSettings.Networks}}' container_name
# List containers in a network
docker network inspect mynetwork
# Test connectivity between containers
docker exec container1 ping container2
docker exec container1 nc -zv container2 80
Network Drivers
Bridge Driver
# Default bridge network
docker network create --driver bridge mybridge
# Custom bridge with options
docker network create \
--driver bridge \
--subnet=172.25.0.0/16 \
--ip-range=172.25.240.0/20 \
--gateway=172.25.0.1 \
--opt com.docker.network.bridge.name=docker1 \
--opt com.docker.network.bridge.enable_ip_masquerade=true \
custom-bridge
Overlay Driver (Swarm)
# Create overlay network
docker network create \
--driver overlay \
--subnet=10.10.0.0/16 \
--gateway=10.10.0.1 \
overlay-network
# Overlay with encryption
docker network create \
--driver overlay \
--opt encrypted=true \
encrypted-overlay
Macvlan Driver
# Create macvlan network
docker network create -d macvlan \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 \
-o parent=eth0 \
macvlan-net
# Run container with macvlan
docker run -d --network macvlan-net --ip=192.168.1.100 nginx
Docker Compose Networking
Basic Network Configuration
version: '3.8'
services:
web:
image: nginx
networks:
- frontend
api:
image: node:alpine
networks:
- frontend
- backend
db:
image: postgres
networks:
- backend
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true # No external access
Advanced Network Configuration
version: '3.8'
services:
web:
image: nginx
networks:
frontend:
ipv4_address: 172.20.0.100
aliases:
- webserver
- nginx-server
networks:
frontend:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.20.0.0/24
gateway: 172.20.0.1
driver_opts:
com.docker.network.bridge.name: 'docker_frontend'
com.docker.network.bridge.enable_icc: 'true'
External Networks
version: '3.8'
services:
web:
image: nginx
networks:
- default
- external-network
networks:
external-network:
external: true
name: production-network
Volume & Network Security
Volume Security
# Read-only volumes
docker run -v /host/data:/data:ro myapp
# Specific mount options
docker run -v /host/data:/data:rw,Z myapp # SELinux label
# Tmpfs with security options
docker run --tmpfs /tmp:rw,noexec,nosuid,size=100m myapp
# Volume with specific permissions
docker run -v myvolume:/data myapp
docker exec container chown -R user:group /data
docker exec container chmod 750 /data
Network Security
# Internal network (no external access)
docker network create --internal internal-net
# Disable inter-container communication
docker network create --opt com.docker.network.bridge.enable_icc=false isolated-net
# Network with custom iptables rules
docker network create \
--opt com.docker.network.bridge.enable_iptables=true \
secure-net
Troubleshooting
Volume Issues
# Check volume mounts
docker inspect -f '{{json .Mounts}}' container_name | jq
# Check volume permissions
docker exec container ls -la /mount/point
# Check disk space
docker exec container df -h
# Find which containers use a volume
docker ps -a --filter volume=myvolume
# Check volume driver status
docker volume inspect myvolume
Network Issues
# Test DNS resolution
docker exec container nslookup hostname
# Test connectivity
docker exec container ping target_container
docker exec container nc -zv hostname 80
# Check routing table
docker exec container ip route
# Check network interfaces
docker exec container ip addr show
# Inspect network configuration
docker network inspect network_name
# Check iptables rules
sudo iptables -L DOCKER
Common Solutions
# Reset network to defaults
docker network prune
docker system prune
# Recreate default bridge
sudo service docker restart
# Fix permission issues
docker exec container chown -R user:group /data
docker exec container chmod -R 755 /data
# Clear volume data
docker volume rm volume_name
docker volume create volume_name
Quick Reference
Volume Commands
docker volume create name- Create named volumedocker volume ls- List volumesdocker volume inspect name- Inspect volumedocker volume rm name- Remove volumedocker volume prune- Remove unused volumes
Network Commands
docker network create name- Create networkdocker network ls- List networksdocker network inspect name- Inspect networkdocker network connect net container- Connect containerdocker network rm name- Remove network
Best Practices
- Use named volumes for persistent data
- Use bind mounts for development
- Create custom networks for multi-container apps
- Use internal networks for backend services
- Implement proper backup strategies for volumes
- Monitor volume and network usage regularly
- Use read-only mounts when possible
- Secure networks with proper isolation