🔌 How to Bridge Networks in Docker Compose (`docker-compose.yml`)

🔌 How to Bridge Networks in Docker Compose (docker-compose.yml)

Docker Compose makes it super easy to define and run multi-container applications. But when it comes to networking, things can get a bit confusing — especially if you want your containers to talk across different custom networks.

In this guide, we'll dive into bridging networks in Docker Compose — what it means, how to do it, and some real-world tips.

---

🧠 What Does "Bridging Networks" Mean?

In Docker, each container is attached to a network. By default, Docker Compose creates a network for each Compose project. Sometimes, though, you want containers to talk across different networks — maybe even across different Compose files or services in isolated environments.

Bridging networks means:

• Creating multiple custom networks
• Attaching a container to more than one network
• Allowing selective cross-communication between services

---

🏗️ Example: Bridge Two Services Across Networks

Let’s say you have a web service and a db service, and you want to isolate them in different networks but still allow controlled communication.

📄 docker-compose.yml

version: '3.9'

services:
  web:
    image: nginx
    networks:
      - frontnet
      - backnet  # 👈 This allows it to talk to the db

  db:
    image: mysql
    environment:
      MYSQL_ROOT_PASSWORD: example
    networks:
      - backnet

networks:
  frontnet:
    driver: bridge
  backnet:
    driver: bridge

---

🧪 What Just Happened?

• web is attached to both frontnet and backnet
• db is attached only to backnet
• This allows the web container to:
  • Communicate with other front-facing containers via frontnet
  • Access the database via backnet
• The db container cannot reach services on frontnet, which is great for security.

---

📌 Use Case: Multi-Compose Setup

Let’s say you have multiple Docker Compose files:

• frontend/docker-compose.yml
• backend/docker-compose.yml

You want the frontend to talk to the backend over a shared network.

Step 1: Create a shared network manually

docker network create sharednet

Step 2: In both Compose files, use external: true

networks:
  sharednet:
    external: true

Then attach services to sharednet in both Compose files:

services:
  frontend-app:
    networks:
      - sharednet

services:
  backend-api:
    networks:
      - sharednet

Now both services, managed separately, can talk to each other over the shared network.

---

🔒 Security Tips

• Use multiple networks to segment services (e.g., frontend/backend/db).
• Avoid exposing sensitive services (like db or redis) to the public or shared networks.
• Use aliases to control how services are addressed.

networks:
  backnet:
    aliases:
      - internal-db

---

👀 Debugging Tips

• Use docker network inspect <network_name> to see what's connected.
• docker exec -it <container> sh into containers to ping or curl test others.
• Try using hostnames instead of IPs (e.g., http://db:3306).

---

🧰 Tools & Tricks

• netshoot: A Docker image with networking tools.

docker run -it --rm --network=backnet nicolaka/netshoot

• dig, nslookup, traceroute and ip a will become your best friends.

---

🚀 Summary

✅ You can bridge Docker networks in Compose by:

• Attaching services to multiple networks
• Creating shared external networks
• Managing cross-service communication precisely

---

🤔 TL;DR

Concept	What it Does
networks:	Defines custom Docker networks
external: true	Use an existing network created outside Compose
Multi-networking	Allows containers to act as bridges across layers
Network segmentation	Helps isolate services for security

---

“With great networks comes great responsibility.”

— Uncle Compose 🧓🐳

Now go forth and connect your containers like a pro!