Practical Networking and Storage Applications

This section demonstrates real-world Docker networking and storage scenarios, from microservices architectures to high-availability deployments and enterprise storage solutions.

Microservices Network Architecture

Complete E-Commerce Platform

# docker-compose.microservices.yml
version: '3.8'

services:
  # API Gateway
  api-gateway:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
    networks:
      - frontend
      - monitoring
    depends_on:
      - user-service
      - product-service
      - order-service

  # User Service
  user-service:
    build: ./services/user
    networks:
      - frontend
      - backend
      - user-db-net
    volumes:
      - user-logs:/app/logs
    environment:
      - DATABASE_URL=postgresql://user:pass@user-db:5432/users
      - REDIS_URL=redis://redis-cluster:6379/0
    depends_on:
      - user-db
      - redis-cluster

  user-db:
    image: postgres:13
    networks:
      - user-db-net
    volumes:
      - user-db-data:/var/lib/postgresql/data
      - user-db-config:/etc/postgresql
    environment:
      - POSTGRES_DB=users
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD=pass

  # Product Service
  product-service:
    build: ./services/product
    networks:
      - frontend
      - backend
      - product-db-net
    volumes:
      - product-logs:/app/logs
      - product-images:/app/images
    environment:
      - DATABASE_URL=postgresql://product:pass@product-db:5432/products
      - ELASTICSEARCH_URL=http://elasticsearch:9200
    depends_on:
      - product-db
      - elasticsearch

  product-db:
    image: postgres:13
    networks:
      - product-db-net
    volumes:
      - product-db-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=products
      - POSTGRES_USER=product
      - POSTGRES_PASSWORD=pass

  # Order Service
  order-service:
    build: ./services/order
    networks:
      - frontend
      - backend
      - order-db-net
    volumes:
      - order-logs:/app/logs
    environment:
      - DATABASE_URL=postgresql://order:pass@order-db:5432/orders
      - RABBITMQ_URL=amqp://guest:guest@rabbitmq:5672/
    depends_on:
      - order-db
      - rabbitmq

  order-db:
    image: postgres:13
    networks:
      - order-db-net
    volumes:
      - order-db-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=orders
      - POSTGRES_USER=order
      - POSTGRES_PASSWORD=pass

  # Shared Services
  redis-cluster:
    image: redis:7-alpine
    networks:
      - backend
    volumes:
      - redis-data:/data
    command: |
      redis-server
      --cluster-enabled yes
      --cluster-config-file nodes.conf
      --cluster-node-timeout 5000
      --appendonly yes

  elasticsearch:
    image: elasticsearch:7.17.0
    networks:
      - backend
    volumes:
      - elasticsearch-data:/usr/share/elasticsearch/data
    environment:
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"

  rabbitmq:
    image: rabbitmq:3-management
    networks:
      - backend
    volumes:
      - rabbitmq-data:/var/lib/rabbitmq
    environment:
      - RABBITMQ_DEFAULT_USER=guest
      - RABBITMQ_DEFAULT_PASS=guest

  # Monitoring
  prometheus:
    image: prom/prometheus
    networks:
      - monitoring
    volumes:
      - prometheus-data:/prometheus
      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro

networks:
  frontend:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/24
  backend:
    driver: bridge
    internal: true
    ipam:
      config:
        - subnet: 172.21.0.0/24
  user-db-net:
    driver: bridge
    internal: true
  product-db-net:
    driver: bridge
    internal: true
  order-db-net:
    driver: bridge
    internal: true
  monitoring:
    driver: bridge

volumes:
  user-db-data:
  product-db-data:
  order-db-data:
  user-db-config:
  redis-data:
  elasticsearch-data:
  rabbitmq-data:
  prometheus-data:
  user-logs:
  product-logs:
  order-logs:
  product-images:

High-Availability Storage Setup

Database Cluster with Replication

# docker-compose.ha-database.yml
version: '3.8'

services:
  # PostgreSQL Master
  postgres-master:
    image: postgres:13
    networks:
      - db-cluster
    volumes:
      - postgres-master-data:/var/lib/postgresql/data
      - postgres-master-config:/etc/postgresql
      - ./postgres/master.conf:/etc/postgresql/postgresql.conf:ro
      - ./postgres/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
    environment:
      - POSTGRES_DB=myapp
      - POSTGRES_USER=app
      - POSTGRES_PASSWORD=password
      - POSTGRES_REPLICATION_MODE=master
      - POSTGRES_REPLICATION_USER=replicator
      - POSTGRES_REPLICATION_PASSWORD=repl_password
    command: |
      postgres
      -c config_file=/etc/postgresql/postgresql.conf
      -c hba_file=/etc/postgresql/pg_hba.conf

  # PostgreSQL Slave 1
  postgres-slave1:
    image: postgres:13
    networks:
      - db-cluster
    volumes:
      - postgres-slave1-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_REPLICATION_MODE=slave
      - POSTGRES_MASTER_HOST=postgres-master
      - POSTGRES_REPLICATION_USER=replicator
      - POSTGRES_REPLICATION_PASSWORD=repl_password
    depends_on:
      - postgres-master

  # PostgreSQL Slave 2
  postgres-slave2:
    image: postgres:13
    networks:
      - db-cluster
    volumes:
      - postgres-slave2-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_REPLICATION_MODE=slave
      - POSTGRES_MASTER_HOST=postgres-master
      - POSTGRES_REPLICATION_USER=replicator
      - POSTGRES_REPLICATION_PASSWORD=repl_password
    depends_on:
      - postgres-master

  # PgBouncer Connection Pooler
  pgbouncer:
    image: pgbouncer/pgbouncer
    networks:
      - db-cluster
      - app-network
    volumes:
      - ./pgbouncer/pgbouncer.ini:/etc/pgbouncer/pgbouncer.ini:ro
      - ./pgbouncer/userlist.txt:/etc/pgbouncer/userlist.txt:ro
    environment:
      - DATABASES_HOST=postgres-master
      - DATABASES_PORT=5432
      - DATABASES_USER=app
      - DATABASES_PASSWORD=password
      - DATABASES_DBNAME=myapp
    depends_on:
      - postgres-master

  # HAProxy for Load Balancing
  haproxy:
    image: haproxy:2.6
    networks:
      - db-cluster
      - app-network
    volumes:
      - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
    ports:
      - "5432:5432"  # PostgreSQL
      - "8404:8404"  # Stats
    depends_on:
      - postgres-master
      - postgres-slave1
      - postgres-slave2

networks:
  db-cluster:
    driver: bridge
    internal: true
  app-network:
    driver: bridge

volumes:
  postgres-master-data:
    driver: local
    driver_opts:
      type: ext4
      o: noatime
  postgres-slave1-data:
    driver: local
  postgres-slave2-data:
    driver: local
  postgres-master-config:
    driver: local

Distributed Storage Solutions

GlusterFS Distributed Storage

# docker-compose.glusterfs.yml
version: '3.8'

services:
  # GlusterFS Node 1
  gluster1:
    image: gluster/gluster-centos
    privileged: true
    networks:
      storage-network:
        ipv4_address: 172.25.0.10
    volumes:
      - gluster1-data:/data
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    hostname: gluster1

  # GlusterFS Node 2
  gluster2:
    image: gluster/gluster-centos
    privileged: true
    networks:
      storage-network:
        ipv4_address: 172.25.0.11
    volumes:
      - gluster2-data:/data
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    hostname: gluster2

  # GlusterFS Node 3
  gluster3:
    image: gluster/gluster-centos
    privileged: true
    networks:
      storage-network:
        ipv4_address: 172.25.0.12
    volumes:
      - gluster3-data:/data
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    hostname: gluster3

  # Application using GlusterFS
  app:
    image: myapp
    networks:
      - storage-network
      - app-network
    volumes:
      - type: volume
        source: distributed-storage
        target: /app/data
        volume:
          driver: local
          driver_opts:
            type: glusterfs
            o: "addr=172.25.0.10:172.25.0.11:172.25.0.12"
            device: "gv0"
    depends_on:
      - gluster1
      - gluster2
      - gluster3

networks:
  storage-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.25.0.0/24
  app-network:
    driver: bridge

volumes:
  gluster1-data:
  gluster2-data:
  gluster3-data:
  distributed-storage:
    external: true

Ceph Storage Cluster

# docker-compose.ceph.yml
version: '3.8'

services:
  # Ceph Monitor
  ceph-mon:
    image: ceph/ceph:latest
    networks:
      - ceph-network
    volumes:
      - ceph-mon-data:/var/lib/ceph/mon
      - ceph-config:/etc/ceph
    environment:
      - MON_IP=172.26.0.10
      - CEPH_PUBLIC_NETWORK=172.26.0.0/24
    command: mon

  # Ceph OSD 1
  ceph-osd1:
    image: ceph/ceph:latest
    privileged: true
    networks:
      - ceph-network
    volumes:
      - ceph-osd1-data:/var/lib/ceph/osd
      - ceph-config:/etc/ceph
    environment:
      - OSD_DEVICE=/dev/loop0
      - OSD_TYPE=directory
    depends_on:
      - ceph-mon
    command: osd

  # Ceph OSD 2
  ceph-osd2:
    image: ceph/ceph:latest
    privileged: true
    networks:
      - ceph-network
    volumes:
      - ceph-osd2-data:/var/lib/ceph/osd
      - ceph-config:/etc/ceph
    environment:
      - OSD_DEVICE=/dev/loop1
      - OSD_TYPE=directory
    depends_on:
      - ceph-mon
    command: osd

  # Ceph MDS (Metadata Server)
  ceph-mds:
    image: ceph/ceph:latest
    networks:
      - ceph-network
    volumes:
      - ceph-mds-data:/var/lib/ceph/mds
      - ceph-config:/etc/ceph
    depends_on:
      - ceph-mon
    command: mds

networks:
  ceph-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.26.0.0/24

volumes:
  ceph-mon-data:
  ceph-osd1-data:
  ceph-osd2-data:
  ceph-mds-data:
  ceph-config:

Network Security Implementations

Zero-Trust Network Architecture

# docker-compose.zero-trust.yml
version: '3.8'

services:
  # Istio Proxy (Envoy)
  istio-proxy:
    image: istio/proxyv2:latest
    networks:
      - service-mesh
    volumes:
      - ./istio/envoy.yaml:/etc/envoy/envoy.yaml:ro
      - istio-certs:/etc/ssl/certs
    command: |
      /usr/local/bin/envoy
      -c /etc/envoy/envoy.yaml
      --service-cluster proxy

  # Application with mTLS
  secure-app:
    build: ./secure-app
    networks:
      - service-mesh
    volumes:
      - app-certs:/app/certs:ro
    environment:
      - TLS_CERT_FILE=/app/certs/app.crt
      - TLS_KEY_FILE=/app/certs/app.key
      - CA_CERT_FILE=/app/certs/ca.crt

  # Certificate Authority
  cert-manager:
    image: jetstack/cert-manager-controller:latest
    networks:
      - service-mesh
    volumes:
      - ca-data:/var/lib/cert-manager
      - ./cert-manager/config.yaml:/etc/cert-manager/config.yaml:ro

  # Network Policy Controller
  network-policy:
    image: calico/kube-controllers:latest
    networks:
      - service-mesh
    volumes:
      - ./network-policies:/etc/calico/policies:ro
    environment:
      - ENABLED_CONTROLLERS=policy

networks:
  service-mesh:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.enable_icc: "false"
    ipam:
      config:
        - subnet: 172.27.0.0/24

volumes:
  istio-certs:
  app-certs:
  ca-data:

Performance Optimization Examples

High-Performance Web Stack

# docker-compose.performance.yml
version: '3.8'

services:
  # Nginx with optimized configuration
  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    networks:
      - frontend
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - nginx-cache:/var/cache/nginx
      - type: tmpfs
        target: /tmp
        tmpfs:
          size: 512M
    sysctls:
      - net.core.somaxconn=65535
      - net.ipv4.tcp_max_syn_backlog=65535
    ulimits:
      nofile:
        soft: 65535
        hard: 65535

  # Application with performance tuning
  app:
    build: ./app
    networks:
      - frontend
      - backend
    volumes:
      - app-data:/app/data
      - type: tmpfs
        target: /app/tmp
        tmpfs:
          size: 1G
    environment:
      - NODE_ENV=production
      - UV_THREADPOOL_SIZE=128
    sysctls:
      - net.core.rmem_max=134217728
      - net.core.wmem_max=134217728
    deploy:
      resources:
        limits:
          cpus: '2.0'
          memory: 4G
        reservations:
          cpus: '1.0'
          memory: 2G

  # Redis with performance optimization
  redis:
    image: redis:7-alpine
    networks:
      - backend
    volumes:
      - redis-data:/data
    command: |
      redis-server
      --maxmemory 2gb
      --maxmemory-policy allkeys-lru
      --tcp-backlog 511
      --tcp-keepalive 300
      --save 900 1
      --save 300 10
      --save 60 10000
    sysctls:
      - net.core.somaxconn=65535

  # PostgreSQL with performance tuning
  postgres:
    image: postgres:13
    networks:
      - backend
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - postgres-wal:/var/lib/postgresql/wal
      - type: tmpfs
        target: /tmp
        tmpfs:
          size: 2G
    environment:
      - POSTGRES_INITDB_WALDIR=/var/lib/postgresql/wal
    command: |
      postgres
      -c shared_buffers=1GB
      -c effective_cache_size=3GB
      -c maintenance_work_mem=256MB
      -c checkpoint_completion_target=0.9
      -c wal_buffers=16MB
      -c default_statistics_target=100
      -c random_page_cost=1.1
      -c effective_io_concurrency=200
      -c work_mem=4MB
      -c min_wal_size=1GB
      -c max_wal_size=4GB

networks:
  frontend:
    driver: bridge
  backend:
    driver: bridge
    internal: true

volumes:
  nginx-cache:
  app-data:
  redis-data:
  postgres-data:
    driver: local
    driver_opts:
      type: ext4
      o: noatime,nodiratime
  postgres-wal:
    driver: local
    driver_opts:
      type: ext4
      o: noatime,nodiratime,sync

Summary

This section demonstrated practical networking and storage applications:

Microservices Architecture

  • Service Isolation: Network segmentation for different service tiers
  • Database Separation: Isolated networks for each service’s database
  • Shared Services: Common infrastructure like Redis and message queues

High Availability

  • Database Clustering: Master-slave replication with connection pooling
  • Load Balancing: HAProxy for database and application load distribution
  • Distributed Storage: GlusterFS and Ceph for scalable storage solutions

Security Implementation

  • Zero-Trust Networks: mTLS and certificate management
  • Network Policies: Traffic control and access restrictions
  • Encryption: TLS termination and secure communications

Performance Optimization

  • Resource Tuning: Kernel parameters and system limits
  • Storage Optimization: Separate volumes for different data types
  • Caching Strategies: Multiple caching layers for improved performance

Next Steps: Part 4 covers advanced techniques including custom network plugins, storage drivers, and enterprise-grade networking solutions.

Continue Your Learning

This is part 3 of 5 in the comprehensive guide.

← Previous Core Concepts and Fundamentals Guide Overview See all 5 parts Next → Advanced Techniques and Patterns