Answer a question

i have the following topology

and i tried with the following docker compose file :

version: "3.8"
services:
  db:
    image: postgres:13.1-alpine
    environment:
      - POSTGRES_USER=$DB_USER
      - POSTGRES_PASSWORD=$DB_PASSWORD
    container_name: "glass-radar-database"
    ports:
      - $DB_PORT:$DB_PORT
    networks:
      host: {}
    volumes:
      - ./db/data:/var/lib/postgresql/data
    restart: always
    command: -p $DB_PORT
  api:
    depends_on:
      - db
    container_name: "glass-radar-api"
    build:
      context: ./api
      dockerfile: Dockerfile.prod
    networks:
      host: {}
      industrial: {}
      #industrial:
      #  ipv4_address: 192.168.10.244
    environment:
      - NODE_ENV=$API_NODE_ENV
      - PORT=$API_PORT
      - PGHOST=db
      - PGPORT=$DB_PORT
      - PGUSER=$DB_USER
      - PGPASSWORD=$DB_PASSWORD
      - PGDATABASE=$DB_NAME
    ports:
      - $API_PORT:$API_PORT
    volumes:
      - /app/node_modules
  ui_build:
    build:
      context: ./ui
      dockerfile: Dockerfile.prod
    container_name: "glass-radar-builder"
    networks:
      host: {}
    environment:
      - NODE_ENV
      - REACT_APP_API_HOST
    volumes:
      - ./ui/build:/app/build
      - /app/node_modules
  ui_server:
    image: nginx:1.19.4-alpine
    container_name: "glass-radar-ui"
    networks:
      host: {}
    ports:
      - 80:80
    volumes:
      - ./ui/build:/usr/share/nginx/html
networks:
  industrial:
    external: true
    name: host
    # config:
    #- subnet: 172.28.0.0/16
  host:
    driver: bridge
    name: bridge

but i still have this error which i didn't understand :

Error response from daemon: failed to add interface vethc7c566b to sandbox: error setting interface "vethc7c566b" IP to 172.23.0.5/16: cannot program address 172.23.0.5/16 in sandbox interface because it conflicts with existing route {Ifindex: 21 Dst: 172.23.0.0/16 Src: 172.23.0.1 Gw: Flags: [] Table: 254}

is the way i connect "api" container is correct ?

Answers

Without some very unusual setup you can't directly connect to the container-private IP addresses from outside the host (and in many common cases you can't connect to them from the same host). Instead, you'd connect to the host's IP address and one of the published ports:. From off-box you can't tell whether a server is running in a container or if it's an ordinary process.

The flip side of this is that the Compose ports: option (and also docker run -p) takes an optional IP-address parameter saying which host interface to bind to. By default this is the 0.0.0.0 "all interfaces" address, but you can set this to a specific address if you know the host setup.

So in your case, let's say the "network 1" is an external network with IP address 10.10.0.2, and the "network 2" is a management network with IP address 192.168.0.2. You want to make the reverse proxy container visible to both networks, but the database and back-end service only to the management network. You could set this up as:

services:
  db:
    ports:
      - '192.168.0.2:$DB_PORT:5432'
  api:
    ports:
      - '192.168.0.2:$API_PORT:3000'
  ui_server:
    ports:
      - '10.10.0.2:80:80'
      - '192.168.0.2:8080:80'

Note that I've used the "normal" ports for the internal ports for these containers (5432 for the database, 3000 for the Node application) and remapped them at the Docker layer.

You do not need Compose networks: here. These only affect connections between containers and not how they're published outside of Docker space. If you have no networks: blocks anywhere in the file at all, Compose creates a network named default and attaches all of the containers to it, and this is correct behavior for most common setups.

Of particular note, your setup here creates a network named host, but it is a bridge-type network and is different from "the host network". You don't usually want host networking, since it disables all of Docker's network functionality. In this case it would force each container to individually deal with your multiple-network setup, and that configuration will be different for PostgreSQL, Nginx, and your custom Node application. With standard Docker networking each of these can listen on 0.0.0.0 (probably their default setting) and Docker can worry about the external port and interface mapping.