Skip to main content

Overview

Dokploy leverages Docker networking and Traefik to provide flexible, secure networking for your applications. Understanding networking is crucial for multi-container applications, microservices, and production deployments.

Automatic Routing

Traefik automatically routes traffic to your services

Service Discovery

DNS-based discovery for inter-service communication

Network Isolation

Isolated networks for security and organization

Network Types

Docker provides several network drivers:
Default network for standalone containers:
  • Isolated from host network
  • Containers can communicate by name
  • Suitable for single-host deployments
  • Port mapping required for external access
networks:
  default:
    driver: bridge

Dokploy Network Architecture

Dokploy creates these networks automatically:

dokploy-network

The main network for all Dokploy services: 
networks:
  dokploy-network:
    external: true
    name: dokploy-network
  • Traefik runs on this network
  • Applications attach to this network for routing
  • Enables communication between projects

Project Networks

Each project can have isolated networks: 
networks:
  project-network:
    driver: bridge
    internal: false

Service Communication

Internal Communication

Services in the same network communicate using service names:
docker-compose.yml
services:
  web:
    image: nginx
    networks:
      - app-network
  
  api:
    image: node:20
    environment:
      - API_URL=http://web  # DNS resolves to 'web' service
    networks:
      - app-network

networks:
  app-network:
    driver: bridge

Cross-Project Communication

Services in different projects can communicate if they share a network:
Project A
services:
  service-a:
    networks:
      - dokploy-network
      - default

networks:
  dokploy-network:
    external: true
Project B
services:
  service-b:
    environment:
      - API_URL=http://service-a  # Can reach service-a
    networks:
      - dokploy-network

networks:
  dokploy-network:
    external: true

Traefik Routing

Traefik is Dokploy’s built-in reverse proxy and load balancer.

Automatic Routing

Dokploy automatically configures Traefik labels: 
services:
  app:
    image: myapp:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`example.com`)"
      - "traefik.http.routers.app.entrypoints=websecure"
      - "traefik.http.routers.app.tls=true"
      - "traefik.http.routers.app.tls.certresolver=letsencrypt"
      - "traefik.http.services.app.loadbalancer.server.port=3000"

Custom Routing Rules

Advanced routing based on:
Route by domain:
- "traefik.http.routers.app.rule=Host(`example.com`)"

Multiple Domains

Route multiple domains to one service: 
labels:
  - "traefik.http.routers.app.rule=Host(`example.com`) || Host(`www.example.com`)"

Path-Based Routing

Route different paths to different services: 
services:
  frontend:
    labels:
      - "traefik.http.routers.frontend.rule=Host(`example.com`) && PathPrefix(`/`)"
      - "traefik.http.routers.frontend.priority=1"
  
  api:
    labels:
      - "traefik.http.routers.api.rule=Host(`example.com`) && PathPrefix(`/api`)"
      - "traefik.http.routers.api.priority=2"
Higher priority rules are evaluated first.

Network Security

Internal Networks

Create internal-only networks for sensitive services: 
networks:
  frontend:
    driver: bridge
    internal: false  # External access via Traefik
  
  backend:
    driver: bridge
    internal: true   # No external access

services:
  web:
    networks:
      - frontend
      - backend
  
  database:
    networks:
      - backend  # Only accessible from 'backend' network

Firewall Rules

Use Docker’s built-in firewall (iptables): 
# Allow only specific source IPs
docker run --add-host=api.internal:10.0.0.5 myapp

Network Policies

For advanced control, use Docker’s network policies: 
services:
  app:
    networks:
      app-network:
        ipv4_address: 172.28.0.10

networks:
  app-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/16
          gateway: 172.28.0.1

Load Balancing

Traefik provides automatic load balancing:

Round Robin (Default)

services:
  api:
    image: myapi:latest
    deploy:
      replicas: 3  # Traefik balances across 3 instances

Weighted Load Balancing

labels:
  - "traefik.http.services.app.loadbalancer.server.port=3000"
  - "traefik.http.services.app.loadbalancer.server.weight=10"

Sticky Sessions

Route users to the same backend: 
labels:
  - "traefik.http.services.app.loadbalancer.sticky.cookie=true"
  - "traefik.http.services.app.loadbalancer.sticky.cookie.name=lb"
  - "traefik.http.services.app.loadbalancer.sticky.cookie.secure=true"

Health Checks

Configure health checks for automatic recovery: 
services:
  api:
    image: myapi:latest
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    labels:
      - "traefik.http.services.api.loadbalancer.healthcheck.path=/health"
      - "traefik.http.services.api.loadbalancer.healthcheck.interval=10s"

Custom DNS

Add custom DNS entries: 
services:
  app:
    dns:
      - 8.8.8.8
      - 1.1.1.1
    dns_search:
      - example.com

IPv6 Support

Enable IPv6 in Docker daemon:
/etc/docker/daemon.json
{
  "ipv6": true,
  "fixed-cidr-v6": "2001:db8:1::/64"
}
Then in your compose file: 
networks:
  app-network:
    enable_ipv6: true
    ipam:
      config:
        - subnet: 2001:db8:1::/64

Debugging Network Issues

Inspect Networks

# List networks
docker network ls

# Inspect network
docker network inspect dokploy-network

# See which containers are on a network
docker network inspect dokploy-network | grep Name

Test Connectivity

# Enter container
docker exec -it container_name sh

# Test DNS resolution
nslookup service_name

# Test connectivity
ping service_name
telnet service_name 80
curl http://service_name

View Traefik Configuration

Access Traefik dashboard: 
services:
  traefik:
    command:
      - --api.dashboard=true
    labels:
      - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.dashboard.service=api@internal"

Performance Optimization

For latency-sensitive applications:
network_mode: host
Trade-offs: No isolation, port conflicts
Match your network’s MTU:
networks:
  app-network:
    driver_opts:
      com.docker.network.driver.mtu: 1500
Encrypt overlay network traffic:
networks:
  secure-network:
    driver: overlay
    driver_opts:
      encrypted: "true"
Use custom DNS servers:
services:
  app:
    dns:
      - 1.1.1.1  # Cloudflare
      - 8.8.8.8  # Google

Common Networking Patterns

Frontend-Backend Separation

services:
  frontend:
    networks:
      - public
  
  backend:
    networks:
      - public
      - private
  
  database:
    networks:
      - private

networks:
  public:
    driver: bridge
  private:
    driver: bridge
    internal: true

Service Mesh Pattern

services:
  service-a:
    networks:
      - mesh
  
  service-b:
    networks:
      - mesh
  
  service-c:
    networks:
      - mesh

networks:
  mesh:
    driver: overlay

Troubleshooting

  • Verify both containers are on the same network
  • Check network exists: docker network ls
  • Inspect network: docker network inspect network_name
  • Try using IP address instead of hostname
  • Check container’s DNS config: docker exec container cat /etc/resolv.conf
  • Verify service name is correct
  • Restart Docker daemon: systemctl restart docker
  • Check for DNS conflicts with host
  • Verify container has correct labels
  • Check Traefik logs: docker logs traefik
  • Ensure container is on dokploy-network
  • Verify domain DNS points to server
  • Check firewall rules allow ports 80/443
  • Check MTU settings
  • Monitor network usage: docker stats
  • Consider host network mode
  • Check for DNS resolution delays
  • Verify no packet loss: ping -c 100 service_name

Next Steps

Domains & Routing

Configure domain routing

Multi-Node

Deploy across multiple servers

Docker Swarm

Swarm networking configuration

Security

Network security best practices

Build docs developers (and LLMs) love

Get started for freeTalk to us