Docker vs. Docker Compose using the example of Portainer with networks

Expected Reading Time: 6 minutes

Docker has revolutionized the way developers develop, test and deploy software. In this article, we compare two basic tools that are used when using Docker: Docker Run and Docker Compose. We use Portainer and Docker Networks as examples to illustrate their use and discuss the benefits of Docker Compose, especially with regard to Infrastructure as Code.

What is Docker Run?

Docker Run is a command that is used to start a Docker container from a Docker image. It is the most direct way to start and manage a container. For example:

docker run -d -p 80:80 docker/getting-started

This command starts a container in the background and opens port 80 on the host to access the app.

What is Docker Compose?

Docker Compose is a tool that facilitates the definition and operation of multi-container Docker applications. Using a YAML file, you can configure services, networks and volumes and then start all services with a single command:

version: '3.8'
services:
  web:
    image: nginx
    ports:
     - "80:80"

Docker Run vs. Docker Compose: Why Docker Compose is the better choice

Docker Compose offers several advantages compared to Docker Run:

• Simplified configuration: Docker Compose allows you to define your entire application structure in a single file, which minimizes errors and increases reusability.
• Simple scaling: With Docker Compose, you can easily increase or decrease the number of containers for each service.
• Developer friendliness: Developers can start up and shut down entire environments with a single command, which speeds up the development process.

Intel Mini PC NUC 11 Essentiall with 11th Gen N5105 up to 2.9 GHz 4 Cores 4 Threads Mini Desktop Computer 16GB RAM 512GB SSD Windows 11 Pro Desktop Computer Dual 4K UHD HDMI WiFi Bluetooth v5.1*

by Intel

Price: € 294.00 Buy now on Amazon* Price incl. VAT, Excl. shipping

Amazon

Intel Mini PC, Intel NUC 11 Essential, 11th Gen Intel Celeron N5105 Mini Computer, 16GB DDR4 & 512GB PCIe SSD, Windows 11 Pro Desktop Computer Support for 4K UHD/WiFi/HDMI/Bluetooth 5.1*

by geeknuc

Price: € 269.00 Buy now on Amazon* Price incl. VAT, Excl. shipping

Amazon

Intel NUC 11 Mini PC Core i7-1165G7|4 Cores 8 Threads Desktop Computer|28W Iris XE Graphics|32GB RAM 1TB SSD|Windows 11 Pro Computer|Bluetooth 5.2|WiFi|Thunderbolt 3, Black*

by Intel

Price: € 559.00 Buy now on Amazon* Price incl. VAT, Excl. shipping

Amazon

Last updated on 16. May 2024 at 18:20 - Image source: Amazon Affiliate Program. All statements without guarantee.

Application example: Setting up Portainer with Docker Compose

Portainer is a lightweight management UI that allows you to easily manage your Docker environments. Here's a step-by-step guide on how to set up Portainer with Docker Compose:

Create a docker-compose.yml file:

version: '3'
services:
  portainer:
    image: portainer/portainer-ce
    ports:
      - "9000:9000"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "portainer_data:/data"
volumes:
  portainer_data:

Starting Portainer:

docker-compose up -d

After starting, you can access Portainer via http://:9000 and start managing your Docker containers. You can find out more about setting up Portainer in the previous article Set up Portainer easily: Mastering Docker & Kubernetes.

Docker networks and their advantages

What are Docker networks?

Before you deal with external and internal networks, you should understand what Docker networks actually are. A Docker network allows containers to communicate with each other and with the host. Docker manages these networks and offers you various network drivers that provide specific isolation and network properties.

Internal networks: security and isolation

Create internal networks if your containers need to communicate with each other without being reached by the outside world. This is particularly useful if you process sensitive data or operate services that should not be publicly exposed.

In your docker-compose.yml you define an internal network simply by adding the key internal: true under the network specification. Here is an example:

version: '3'
services:
  portainer:
    image: portainer/portainer-ce
    networks:
      - backend

networks:
  backend:
    internal: true

Without the indication of internal: true it is also an internal network, which is based on the folder in which the docker-compose.yml is located. In this setup, the service portainer exclusively on the internal network backend access. No external communication is possible. Other containers that are also in the network can access the container and vice versa.

External networks: connection to the outside world

Sometimes your containers need to communicate with external networks or services. Perhaps your application accesses an external database or needs to reach services on the Internet. You set up an external network for this. This is preferable in a home server setup, as maintainability and configuration are much simpler if all containers know each other and can access each other.

An external network in Docker Compose is not created directly in the compose file. Instead, you define it in advance with Docker CLI and then reference it in your compose file:

docker network create unraid-ext

And in your docker-compose.yml:

version: '3'
services:
  portainer:
    image: portainer
    networks:
      - unraid-ext

networks:
  unraid-ext:
    external: true

With this configuration, the portainer Service via the external network unraid-ext which enables connections outside your Docker host.

Best practices for networks in Docker Compose

• Isolate production environments: Use internal networks to isolate and protect your production environments.
• Avoid network conflicts: Make sure to choose names of external networks clearly to avoid conflicts.
• Monitor your networks: Monitor network traffic to quickly detect unusual activity.

By understanding and correctly using internal and external networks in Docker Compose, you can significantly improve the security and efficiency of your container applications. Use these tools wisely to make your developments secure and effective!

YouTube video implementation

Conclusion

Let's summarize how Docker has changed software development and why Docker Compose is often the better choice over Docker Run, especially if you want to manage complex applications efficiently. Docker Compose not only makes your life easier by simplifying the configuration of your services in a single YAML file, but also increases the scalability and developer-friendliness of your projects. You can spin up and shut down environments with a single command, speeding up development and ensuring consistency.

Use Docker networks strategically to optimize the communication of your containers. Internal networks protect sensitive data and provide a secure environment, while external networks allow your applications to connect to the outside world. Remember to plan and monitor the networks carefully to minimize conflicts and security risks. An external network is often sufficient for a home network.

Overall, Docker offers a robust platform for managing your applications, especially through Docker Compose. Take full advantage of the possibilities of Docker Compose to optimize your development processes or to run your applications efficiently and securely.

Interested, but lack time or knowledge?

No problem. Contact me and we will discuss your requirements. No matter if business or private.