Consider I have docker-subdomain.mydomain.com pointing to a website in a Docker container, and host-subdomain.mydomain.com pointing to a website in the Host itself. Both these websites are in the same Host and IP address.
When the PHP code of the docker-subdomain.mydomain.com inside Docker makes a curl call to host-subdomain.mydomain.com, and that host-subdomain.mydomain.com logs the IP address of the caller, it appears to be an IP address starting with "172.", which means it's the private IP address of the docker container.
I'm wondering how is the private IP address used, if the DNS of host-subdomain.mydomain.com is the public IP, so I'd think it would use the external interface to connect? (like it happens when a PHP script executes curl in the host itself, outside Docker)
How does Docker know that host-subdomain.mydomain.com points to the same host?
--
Note: I'm not asking how to bypass/change this behavior - I'm just curious, as it's doing exactly what I wanted it to do, but I don't understand why.
You're looking at the ip address of the client, not the ip address to which
curlis connecting. The process looks something like:Your PHP code calls something like
curl host-subdomain.mydomain.comcurllooks up the namehost-subdomain.mydomain.comcurlfind the address (e.g.) 100.64.0.100curlopens a connection to 100.64.0.100The kernel looks for a route to that address
Inside the container, the routing table looks something like:
Because the container doesn't have a direct route to 100.64.0.100, it uses the default route, which corresponds to the docker bridge on your host.
Your application on the host sees a connection originating from the docker bridge with the ip address of the container.
In all of these steps, the connection is from the container ip address to the resolved address of
host-subdomain.mydomain.com.You have this:
Your container (
172.20.0.2) has route to the host address ("100.64.0.100" in this example) via its default route (172.20.0.1). Your host has a route to the container (via thebr-1234interface).