refactor(networking): streamline external access documentation and enhance internal communication examples

Cinzya · Cinzya · commit 661408212eb5 · 2025-07-01T23:17:48.000+02:00
diff --git a/docs/knowledge-base/destinations/networking.md b/docs/knowledge-base/destinations/networking.md
@@ -2,148 +2,81 @@
 
 Understanding how networking works in Coolify destinations and how to configure network settings for your deployments.
 
-## Network Architecture
+## External Access
 
-### Docker Networks
-Each destination creates and manages a Docker network:
-- **Network Type**: Bridge (Standalone) or Overlay (Swarm)
-- **Network Name**: Unique identifier per destination
-- **Isolation**: Resources in different destinations are network-isolated
-- **Proxy Integration**: Automatic proxy connection for external access
-
-### Network Flow
-```
-Internet → Proxy (Traefik/Caddy) → Destination Network → Application Container
-```
-
-## Network Types
-
-### Standalone Docker Networks
-
-#### Default Bridge Network
-- **Type**: Docker bridge network
-- **Scope**: Single server
-- **Communication**: Containers can communicate within the network
-- **External Access**: Through proxy only
-
-#### Custom Bridge Networks
-- **Creation**: Automatically created by Coolify
-- **Naming**: Uses destination network identifier
-- **Configuration**: Managed by Coolify
-- **Connectivity**: Proxy automatically connected
-
-### Docker Swarm Networks
-
-#### Overlay Networks
-- **Type**: Docker overlay network
-- **Scope**: Across swarm cluster
-- **Multi-Host**: Containers communicate across nodes
-- **Encryption**: Built-in overlay network encryption
-
-## Proxy Integration
-
-### Automatic Proxy Connection
-When a destination is created, Coolify automatically:
+#### Through Proxy
 
-1. **Creates the Docker network**
-2. **Connects the proxy** to the network
-3. **Configures routing** for applications
-4. **Manages SSL certificates** for domains
+All external traffic goes through the proxy:
 
-### Proxy Network Commands
-Coolify runs these commands automatically:
-```bash
-# Create network
-docker network create --driver bridge destination-network-name
+- **Domain Routing**: Proxy routes based on domain/subdomain
+- **SSL Termination**: Proxy handles SSL certificates
+- **Load Balancing**: Proxy can load balance to multiple containers
 
-# Connect proxy to network  
-docker network connect destination-network-name coolify-proxy
-```
+#### Direct Port Access (Advanced)
 
-## Network Configuration
+To bypass the proxy, you can expose ports directly:
 
-### Application Networking
+- **Published Ports**: Map container ports to host ports by either adding them into the `Mapped Ports` field in Coolify or defining them in your `docker-compose.y[a]ml` file.
+  Example:
 
-#### Internal Communication
-Applications within the same destination can communicate:
 ```yaml
-# docker-compose.yml example
 services:
   app:
-    image: myapp:latest
-    networks:
-      - coolify-network
-  
-  database:
-    image: postgres:15
-    networks:
-      - coolify-network
-    environment:
-      - DATABASE_URL=postgresql://user:pass@database:5432/db
+    image: nginx:latest
+    ports:
+      - 8080:80
 ```
 
-#### Service Discovery
-- **Container Names**: Use container names for internal communication
-- **DNS Resolution**: Docker provides automatic DNS resolution
-- **Port Access**: Use internal ports (not published ports)
-
-### External Access
+::: warning CAUTION
+The first number represents the host port while the second number is the container port. Make sure to use unique host ports for each service to avoid conflicts.
+:::
 
-#### Through Proxy
-All external traffic goes through the proxy:
-- **Domain Routing**: Proxy routes based on domain/subdomain
-- **SSL Termination**: Proxy handles SSL certificates
-- **Load Balancing**: Proxy can load balance to multiple containers
-
-#### Direct Port Access (Advanced)
-For non-HTTP services, you can expose ports directly:
-- **Published Ports**: Map container ports to host ports
 - **Firewall Rules**: Configure server firewall accordingly
 - **Security**: Consider security implications
 
 <ZoomableImage src="/images/destinations/network-architecture.webp" />
 
-## Network Security
+## Internal Communication
 
-### Isolation Between Destinations
-- **Default Behavior**: Destinations cannot communicate with each other
-- **Network Separation**: Each destination has its own Docker network
-- **Container Isolation**: Containers in different destinations are isolated
+Resources within the same destination can communicate over the internal Docker network using the **Container Names**, **Network Alias** and **internal Ports** of your Resources.
 
-### Inter-Destination Communication
-To enable communication between destinations:
+### Example: Connection String Between Apps
 
-#### Option 1: Shared Network
-Create a shared network and connect multiple destinations:
-```bash
-# Create shared network
-docker network create shared-network
+Consider a Next.js and Express API deployed to the same destination. To connect Next.js to the Express API, we follow these steps:
 
-# Connect destinations to shared network
-docker network connect shared-network container1
-docker network connect shared-network container2
-```
+1. **Find the Container Names**: There are multiple ways to find the container names. Here are two common methods:
 
-#### Option 2: External Communication
-Use external endpoints through the proxy:
-```bash
-# Application A calls Application B through external URL
-curl https://app-b.example.com/api/endpoint
-```
+- Go the terminal of your server and run `docker ps` to list all running containers. Look for the names of your applications in the **NAMES** column.
+  Example output:
 
-#### Option 3: Environment Variables
-Pass connection details through environment variables:
-```yaml
-environment:
-  - EXTERNAL_API_URL=https://api.example.com
-  - INTERNAL_DB_HOST=database.internal
 ```
+CONTAINER ID   IMAGE               COMMAND                  CREATED        STATUS        PORTS      NAMES
+123456789abc   nextjs-app:latest   "docker-entrypoint.s…"   2 hours ago    Up 2 hours    80/tcp     my-nextjs-app
+abcdef123456   express-api:latest  "docker-entrypoint.s…"   2 hours ago    Up 2 hours    3001/tcp   my-express-api
+```
+
+- Navigate to the `Logs` tab of each resource in the Coolify dashboard and copy the container names from the header.
+
+2. **Determine the Internal Port**: Use the port Express listens on internally (e.g., port 3001), not the external published port
+
+3. **Build the Connection String**: `http://[container-name]:[internal-port]`
+
+   - Example: `http://my-express-api:3001`
+
+4. **Use in Your App**: Configure your Next.js app to call the Express API using this internal URL instead of the external domain
+
+This same pattern applies to any two applications (databases, APIs, microservices) within the same destination - always use the container name and internal port for communication.
+
+::: info Service Stacks
+If you have a Service Stack (deployments using Docker Compose), that needs to connect to a different resource outside of it's stack, you will have to first enable [Connect To Predefined Networks](knowledge-base/docker/compose#connect-to-predefined-networks) in the Service Stack settings.
+:::
 
 ## Network Troubleshooting
 
 ### Common Network Issues
 
 #### Container Cannot Reach External Services
+
 ```bash
 # Test DNS resolution
 docker exec container-name nslookup google.com
@@ -152,10 +85,15 @@ docker exec container-name nslookup google.com
 docker exec container-name ping 8.8.8.8
 
 # Check network configuration
-docker network inspect destination-network
+docker network inspect network-name
 ```
 
+::: info Note
+Make sure to replace `container-name` with the actual name of your container and `network-name` with the docker network name of the destination.
+:::
+
 #### Containers Cannot Communicate
+
 ```bash
 # Check if containers are on same network
 docker inspect container1 | grep NetworkMode
@@ -165,7 +103,12 @@ docker inspect container2 | grep NetworkMode
 docker exec container1 ping container2
 ```
 
+::: info Note
+Make sure to replace `container1` and `container2` with the actual names of your containers.
+:::
+
 #### Proxy Not Routing Traffic
+
 ```bash
 # Check proxy network connections
 docker network ls
@@ -178,6 +121,7 @@ docker logs coolify-proxy
 ### Network Diagnostics
 
 #### Inspect Network Configuration
+
 ```bash
 # List all networks
 docker network ls
@@ -189,79 +133,6 @@ docker network inspect network-name
 docker inspect container-name
 ```
 
-#### Test Network Connectivity
-```bash
-# Test from container
-docker exec -it container-name sh
-ping target-container
-curl http://target-container:port
-
-# Test from host
-curl http://localhost:published-port
-```
-
-## Advanced Network Configuration
-
-### Custom Network Settings
-
-#### Network Aliases
-Add network aliases for service discovery:
-```yaml
-services:
-  app:
-    networks:
-      coolify-network:
-        aliases:
-          - api
-          - backend
-```
-
-#### Network Labels
-Add labels for network management:
-```yaml
-networks:
-  coolify-network:
-    labels:
-      - com.coolify.managed=true
-      - environment=production
-```
-
-### Network Performance
-
-#### Network Monitoring
-Monitor network performance:
-- **Bandwidth Usage**: Track network traffic
-- **Latency**: Measure response times
-- **Connection Counts**: Monitor active connections
-
-#### Optimization Tips
-1. **Minimize Cross-Network Traffic**: Keep related services in same destination
-2. **Use Internal URLs**: Avoid external calls for internal services
-3. **Connection Pooling**: Use connection pools for database access
-4. **Caching**: Implement caching to reduce network calls
-
-## Network Backup and Migration
-
-### Network Configuration Backup
-Network settings are preserved in:
-- **Destination Configuration**: Stored in Coolify database
-- **Docker Network State**: Recreated automatically
-- **Proxy Configuration**: Managed by Coolify
-
-### Migration Considerations
-When migrating destinations:
-1. **Network Names**: May change on new server
-2. **IP Addresses**: Will be different on new server
-3. **Proxy Configuration**: Automatically updated
-4. **Inter-Service Communication**: Uses container names (portable)
-
-## Best Practices
-
-1. **Use Container Names**: For internal service communication
-2. **Avoid Hard-Coded IPs**: Use DNS names instead
-3. **Network Isolation**: Keep unrelated services in separate destinations
-4. **Monitor Network Health**: Implement network health checks
-5. **Document Network Architecture**: Maintain network diagrams
-6. **Security First**: Follow network security best practices
-7. **Test Connectivity**: Regularly test network connectivity
-8. **Performance Monitoring**: Monitor network performance metrics
+::: info Note
+Make sure to replace `network-name` with the actual name of your network and `container-name` with the actual name of your container.
+:::
