Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Dokploy/dokploy/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Dokploy leverages Docker networking and Traefik to provide flexible, secure networking for your applications. Understanding networking is crucial for multi-container applications, microservices, and production deployments.

Automatic Routing

Traefik automatically routes traffic to your services

Service Discovery

DNS-based discovery for inter-service communication

Network Isolation

Isolated networks for security and organization

Network Types

Docker provides several network drivers:
Default network for standalone containers:
  • Isolated from host network
  • Containers can communicate by name
  • Suitable for single-host deployments
  • Port mapping required for external access
networks:
  default:
    driver: bridge

Dokploy Network Architecture

Dokploy creates these networks automatically:

dokploy-network

The main network for all Dokploy services: 
networks:
  dokploy-network:
    external: true
    name: dokploy-network
  • Traefik runs on this network
  • Applications attach to this network for routing
  • Enables communication between projects

Project Networks

Each project can have isolated networks: 
networks:
  project-network:
    driver: bridge
    internal: false

Service Communication

Internal Communication

Services in the same network communicate using service names:
docker-compose.yml
services:
  web:
    image: nginx
    networks:
      - app-network
  
  api:
    image: node:20
    environment:
      - API_URL=http://web  # DNS resolves to 'web' service
    networks:
      - app-network

networks:
  app-network:
    driver: bridge

Cross-Project Communication

Services in different projects can communicate if they share a network:
Project A
services:
  service-a:
    networks:
      - dokploy-network
      - default

networks:
  dokploy-network:
    external: true
Project B
services:
  service-b:
    environment:
      - API_URL=http://service-a  # Can reach service-a
    networks:
      - dokploy-network

networks:
  dokploy-network:
    external: true

Traefik Routing

Traefik is Dokploy’s built-in reverse proxy and load balancer.

Automatic Routing

Dokploy automatically configures Traefik labels: 
services:
  app:
    image: myapp:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`example.com`)"
      - "traefik.http.routers.app.entrypoints=websecure"
      - "traefik.http.routers.app.tls=true"
      - "traefik.http.routers.app.tls.certresolver=letsencrypt"
      - "traefik.http.services.app.loadbalancer.server.port=3000"

Custom Routing Rules

Advanced routing based on:
Route by domain:
- "traefik.http.routers.app.rule=Host(`example.com`)"

Multiple Domains

Route multiple domains to one service: 
labels:
  - "traefik.http.routers.app.rule=Host(`example.com`) || Host(`www.example.com`)"

Path-Based Routing

Route different paths to different services: 
services:
  frontend:
    labels:
      - "traefik.http.routers.frontend.rule=Host(`example.com`) && PathPrefix(`/`)"
      - "traefik.http.routers.frontend.priority=1"
  
  api:
    labels:
      - "traefik.http.routers.api.rule=Host(`example.com`) && PathPrefix(`/api`)"
      - "traefik.http.routers.api.priority=2"
Higher priority rules are evaluated first.

Network Security

Internal Networks

Create internal-only networks for sensitive services: 
networks:
  frontend:
    driver: bridge
    internal: false  # External access via Traefik
  
  backend:
    driver: bridge
    internal: true   # No external access

services:
  web:
    networks:
      - frontend
      - backend
  
  database:
    networks:
      - backend  # Only accessible from 'backend' network

Firewall Rules

Use Docker’s built-in firewall (iptables): 
# Allow only specific source IPs
docker run --add-host=api.internal:10.0.0.5 myapp

Network Policies

For advanced control, use Docker’s network policies: 
services:
  app:
    networks:
      app-network:
        ipv4_address: 172.28.0.10

networks:
  app-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/16
          gateway: 172.28.0.1

Load Balancing

Traefik provides automatic load balancing:

Round Robin (Default)

services:
  api:
    image: myapi:latest
    deploy:
      replicas: 3  # Traefik balances across 3 instances

Weighted Load Balancing

labels:
  - "traefik.http.services.app.loadbalancer.server.port=3000"
  - "traefik.http.services.app.loadbalancer.server.weight=10"

Sticky Sessions

Route users to the same backend: 
labels:
  - "traefik.http.services.app.loadbalancer.sticky.cookie=true"
  - "traefik.http.services.app.loadbalancer.sticky.cookie.name=lb"
  - "traefik.http.services.app.loadbalancer.sticky.cookie.secure=true"

Health Checks

Configure health checks for automatic recovery: 
services:
  api:
    image: myapi:latest
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    labels:
      - "traefik.http.services.api.loadbalancer.healthcheck.path=/health"
      - "traefik.http.services.api.loadbalancer.healthcheck.interval=10s"

Custom DNS

Add custom DNS entries: 
services:
  app:
    dns:
      - 8.8.8.8
      - 1.1.1.1
    dns_search:
      - example.com

IPv6 Support

Enable IPv6 in Docker daemon:
/etc/docker/daemon.json
{
  "ipv6": true,
  "fixed-cidr-v6": "2001:db8:1::/64"
}
Then in your compose file: 
networks:
  app-network:
    enable_ipv6: true
    ipam:
      config:
        - subnet: 2001:db8:1::/64

Debugging Network Issues

Inspect Networks

# List networks
docker network ls

# Inspect network
docker network inspect dokploy-network

# See which containers are on a network
docker network inspect dokploy-network | grep Name

Test Connectivity

# Enter container
docker exec -it container_name sh

# Test DNS resolution
nslookup service_name

# Test connectivity
ping service_name
telnet service_name 80
curl http://service_name

View Traefik Configuration

Access Traefik dashboard: 
services:
  traefik:
    command:
      - --api.dashboard=true
    labels:
      - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.dashboard.service=api@internal"

Performance Optimization

For latency-sensitive applications:
network_mode: host
Trade-offs: No isolation, port conflicts
Match your network’s MTU:
networks:
  app-network:
    driver_opts:
      com.docker.network.driver.mtu: 1500
Encrypt overlay network traffic:
networks:
  secure-network:
    driver: overlay
    driver_opts:
      encrypted: "true"
Use custom DNS servers:
services:
  app:
    dns:
      - 1.1.1.1  # Cloudflare
      - 8.8.8.8  # Google

Common Networking Patterns

Frontend-Backend Separation

services:
  frontend:
    networks:
      - public
  
  backend:
    networks:
      - public
      - private
  
  database:
    networks:
      - private

networks:
  public:
    driver: bridge
  private:
    driver: bridge
    internal: true

Service Mesh Pattern

services:
  service-a:
    networks:
      - mesh
  
  service-b:
    networks:
      - mesh
  
  service-c:
    networks:
      - mesh

networks:
  mesh:
    driver: overlay

Troubleshooting

  • Verify both containers are on the same network
  • Check network exists: docker network ls
  • Inspect network: docker network inspect network_name
  • Try using IP address instead of hostname
  • Check container’s DNS config: docker exec container cat /etc/resolv.conf
  • Verify service name is correct
  • Restart Docker daemon: systemctl restart docker
  • Check for DNS conflicts with host
  • Verify container has correct labels
  • Check Traefik logs: docker logs traefik
  • Ensure container is on dokploy-network
  • Verify domain DNS points to server
  • Check firewall rules allow ports 80/443
  • Check MTU settings
  • Monitor network usage: docker stats
  • Consider host network mode
  • Check for DNS resolution delays
  • Verify no packet loss: ping -c 100 service_name

Next Steps

Domains & Routing

Configure domain routing

Multi-Node

Deploy across multiple servers

Docker Swarm

Swarm networking configuration

Security

Network security best practices

Build docs developers (and LLMs) love

Get started for freeTalk to us