Got it, let's break down how to get Docker containers on two separate hosts talking to each other—there are a few reliable approaches depending on your needs and infrastructure. I'll walk you through the most common ones with clear steps:

1. 使用Docker Swarm的Overlay网络（推荐集群场景） #

If you're okay with setting up a small Docker Swarm cluster, this is the most native and seamless option. Overlay networks let containers across hosts communicate directly using container names or service names.

• 步骤1：初始化Swarm集群
  On your first host (let's call it Host A), run:

  docker swarm init --advertise-addr <Host_A_Public_or_Private_IP>
  

  This will output a docker swarm join command—copy it, you'll need it for Host B.

• 步骤2：将第二台主机加入Swarm
  On Host B, paste the join command you copied (it looks like this):

  docker swarm join --token <your_join_token> <Host_A_IP>:2377
  

• 步骤3：创建跨主机Overlay网络
  On either host, create an overlay network (this will automatically propagate to all Swarm nodes):

  docker network create --driver overlay --attachable my-cross-host-net
  

  The --attachable flag lets standalone containers (not just Swarm services) connect to the network.

• 步骤4：启动容器并连接到Overlay网络
  On Host A:

  docker run -d --name container-a --network my-cross-host-net nginx
  

  On Host B:

  docker run -it --name container-b --network my-cross-host-net alpine ping container-a
  

  You’ll see container-b can ping container-a directly using its name—no IP addresses needed!

2. 主机IP + 端口映射（简单快速，适合非集群场景） #

If you don't want to set up a cluster, this is the quickest hack. You map the container's port to a port on its host, then have the other container connect to the host's IP + mapped port.

• 步骤1：在Host A上映射容器端口

  docker run -d -p 8080:80 --name container-a nginx
  

  This maps container port 80 (nginx) to Host A's port 8080.

• 步骤2：在Host B的容器中访问Host A的服务
  First, make sure Host A's firewall/security group allows incoming traffic on port 8080. Then, in Host B's container:

  docker run -it alpine curl <Host_A_IP>:8080
  

  This will pull the nginx default page from container-a.

⚠️ 注意: This method ties you to host IPs and port numbers, which isn't ideal for dynamic environments, but it's great for quick testing.

3. 使用第三方容器网络工具（Weave Net/Calico） #

Tools like Weave Net or Calico create flat, cross-host networks without needing Docker Swarm. They're perfect if you need more flexibility than Swarm offers.

Let's use Weave Net as an example:

• 步骤1：在两台主机上安装Weave Net
  On both Host A and Host B:

  curl -L git.io/weave -o /usr/local/bin/weave
  chmod +x /usr/local/bin/weave
  

• 步骤2：启动Weave Net
  On Host A:

  weave launch
  

  On Host B, point it to Host A's IP:

  weave launch <Host_A_IP>
  

• 步骤3：启动容器并连接到Weave网络
  On Host A:

  weave run -d --name container-a nginx
  

  On Host B:

  docker run -it --net=weave alpine ping container-a
  

  Weave handles the network routing automatically—containers can communicate using names or IPs.

4. 自定义网桥+手动路由配置（适合网络老手） #

If you want full control, you can set up custom Docker bridges on each host and configure routing between them.

• 步骤1：在两台主机上创建自定义网桥
  On Host A:

  docker network create --driver bridge --subnet 192.168.10.0/24 my-custom-bridge
  

  On Host B:

  docker network create --driver bridge --subnet 192.168.20.0/24 my-custom-bridge
  

• 步骤2：配置主机间路由
  On Host A, add a route to Host B's container subnet:

  ip route add 192.168.20.0/24 via <Host_B_IP>
  

  On Host B, add the reverse route:

  ip route add 192.168.10.0/24 via <Host_A_IP>
  

• 步骤3：允许Docker iptables规则和防火墙通行
  Make sure both hosts' firewalls allow traffic between the two subnets, and that Docker's iptables rules don't block the connection. You can check Docker's iptables rules with iptables -L.

• 步骤4：测试通信
  On Host A, start a container:

  docker run -d --name container-a --network my-custom-bridge nginx
  

  Get its IP with docker inspect container-a | grep IPAddress, then ping it from Host B's container:

  docker run -it --network my-custom-bridge alpine ping <container_a_ip>
  

通用注意事项 #

• 防火墙/安全组: Always double-check that your hosts' firewalls (or cloud security groups) allow the necessary traffic—whether it's Swarm's port 2377, mapped ports, or subnet-to-subnet traffic.
• 云主机: If you're using cloud instances, ensure the two hosts are in the same VPC (for private IP access) or have public IPs with open security groups.
• Network Mode: Avoid using --network host unless absolutely necessary—this shares the host's network stack and reduces isolation.

内容的提问来源于stack exchange，提问作者emon