Docker Compose Advanced Reading
networks, named vs bind volumes, restart policies, healthchecks, service_healthy — reading docker-compose files in plain English
Docker Compose advanced vocabulary
- networks: — user-defined isolation; services communicate by name only within the same network
- Named volume = Docker-managed persistent storage; bind mount = host directory mapped in
- restart: unless-stopped — auto-restart on crash, but respects manual
docker stop - healthcheck — periodic command probe; start_period gives app time to boot before failures count
- depends_on: condition: service_healthy — waits for dependency's healthcheck to pass, not just container start
Question 0 of 5
What does the networks: section define in this docker-compose file?services:
api:
image: myapp:latest
networks:
- frontend
- backend
db:
image: postgres:16
networks:
- backend
nginx:
image: nginx:alpine
networks:
- frontend
networks:
frontend:
backend:
- User-defined networks — services on the same network can reach each other using the service name as DNS hostname (e.g.,
http://db:5432) - Network isolation — nginx cannot reach db because they share no network; this is a security boundary
- Multiple networks per service — api is on both; it bridges frontend and backend tiers
- Default network — without explicit networks, all services join a single default network and can reach each other
Read the volumes: configuration below. What is the difference between the named volume and the bind mount?services:
db:
image: postgres:16
volumes:
- pgdata:/var/lib/postgresql/data
app:
image: myapp:latest
volumes:
- ./src:/app/src
- /tmp/logs:/app/logs
volumes:
pgdata:
- Named volume (pgdata:/var/lib/...) — Docker manages storage location; survives container removal; ideal for databases
- Bind mount (./src:/app/src) — mounts a host path; used in development so code changes reflect instantly without rebuild
- Absolute bind mount (/tmp/logs:/app/logs) — same as bind mount but with an absolute host path
- Anonymous volume — just a container path (e.g.,
/data) without a name; deleted when container is removed
What does restart: unless-stopped mean for a docker-compose service?services:
api:
image: myapp:latest
restart: unless-stopped
worker:
image: myapp:latest
restart: on-failure
oneshot:
image: migration-tool
restart: "no"
- no — never restart (default); for one-shot tasks like migrations
- always — always restart, even after
docker stop; also restarts on Docker daemon restart - unless-stopped — restart on crash; but if manually stopped, stays stopped even after daemon restart
- on-failure — restart only on non-zero exit code; respects
:Nmax retries (e.g.,on-failure:3)
unless-stopped for production services, no for migrations and setup tasks.Read this docker-compose healthcheck configuration. What does it check and what happens if it fails?services:
api:
image: myapp:latest
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
- test: ["CMD", ...] — runs this command inside the container; exit 0 = healthy, non-zero = unhealthy
- interval — how often to run the check (30s = every 30 seconds)
- timeout — how long to wait for the command before declaring it failed (10s)
- retries — consecutive failures before marking unhealthy (3 times)
- start_period — grace period after container start; failures during this window don't count towards retries
depends_on: condition: service_healthy to delay dependent services.What does depends_on with condition: service_healthy mean in this configuration?services:
db:
image: postgres:16
healthcheck:
test: ["CMD", "pg_isready", "-U", "postgres"]
interval: 5s
retries: 5
api:
image: myapp:latest
depends_on:
db:
condition: service_healthy
- depends_on: service: condition: service_started — default; waits for container to start (process running, not necessarily ready)
- condition: service_healthy — waits for the dependency's healthcheck to return healthy; requires a healthcheck on the dependency
- condition: service_completed_successfully — waits for the container to exit with code 0; used for migrations and init containers