Skip to content
dockmesh

Networks

dockmesh lists and manages Docker networks per host. Most users don’t think about networks — Compose creates them automatically per stack. But when you need cross-stack communication or explicit network isolation, this is where it happens.

Default networks

Section titled “Default networks”

Every Docker host has three built-in networks:

NetworkScopeUse
bridgeHost-localDefault for docker run without --network
hostHost-localShares the host’s network namespace — no isolation
noneHost-localNo network at all

dockmesh shows them for completeness but you rarely touch them directly.

Compose-created networks

Section titled “Compose-created networks”

When you deploy a stack, Compose creates a network named <project>_default unless you declare networks explicitly. Containers in the same stack can reach each other by service name (postgres, redis, etc.) via built-in DNS.

Custom networks

Section titled “Custom networks”

Declared in compose.yaml:

networks:
  frontend:
    driver: bridge
  backend:
    driver: bridge
    internal: true  # no internet access

Use cases:

  • internal: true — database networks with no outbound internet
  • Shared networks across stacks — use external: true to reference a network defined elsewhere
  • IPAM — custom subnets, gateways (ipam.config)

Cross-stack communication

Section titled “Cross-stack communication”

Two stacks that need to talk to each other:

  1. Create a shared network first: 
    # One-time setup stack or via UI
    networks:
      shared-bus:
        driver: bridge
  2. Both stacks reference it: 
    services:
      api:
        networks: [default, shared-bus]
    networks:
      shared-bus:
        external: true

Containers on shared-bus reach each other by service name across stacks.

Creating networks in the UI

Section titled “Creating networks in the UI”

The Create network modal under Resources → Networks has just two fields:

  • Name — the network name as Docker sees it
  • Driver — one of bridge, overlay, macvlan, ipvlan

Advanced settings (subnet, gateway, IPAM, internal/attachable/ingress, labels) aren’t exposed in the modal. Declare those in your stack’s compose.yaml instead — Compose creates the network with whatever Docker network options you specify, and dockmesh adopts it.

Pruning

Section titled “Pruning”

The Prune button removes networks with no connected containers. Safe — doesn’t touch container data, only deletes the orphaned network objects themselves.

Topology view

Section titled “Topology view”

dockmesh ships an interactive Topology page (its own top-level sidebar entry). It renders the fleet’s networks + containers as a graph: nodes are containers / networks / hosts, edges show membership, the layout uses dagre with pan and zoom for navigating larger fleets. The graph live-reloads as containers come and go.

Useful for spotting:

  • A container that’s accidentally on bridge instead of your stack network
  • Stacks that should be talking to each other but aren’t on a shared network
  • Orphaned networks left behind by a long-gone stack

The list view under Resources → Networks is faster for bulk actions; the topology view is faster for “where does this container actually sit?”.

See also

Section titled “See also”
  • Reverse Proxy — exposing containers via Caddy
  • Agent mTLS — how dockmesh talks between hosts (not over container networks)
  • Hardening — network isolation best practices