Dockerdevops~5 mins

Ambassador container pattern in Docker - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes an application needs to connect to external services like databases or APIs. The Ambassador container pattern helps by creating a small helper container that acts like a middleman, making connections easier and more secure.

When your app needs to connect to a database running on another server but you want to keep connection details separate.

When you want to add logging or monitoring to network traffic between your app and an external service.

When you need to reuse the same connection setup for multiple apps without repeating configuration.

When you want to isolate network changes or updates to a helper container without changing your main app container.

Config File - docker-compose.yml

docker-compose.yml

version: '3.8'
services:
  ambassador:
    image: alpine/socat
    command: tcp-listen:5432,fork tcp-connect:db.example.com:5432
    restart: always
  app:
    image: my-app-image
    environment:
      - DATABASE_HOST=ambassador
    depends_on:
      - ambassador

This docker-compose.yml file defines two containers: ambassador and app.

The ambassador container uses alpine/socat to forward traffic from port 5432 inside the Docker network to the external database at db.example.com:5432.

The app container connects to the database by using the ambassador container as its host, simplifying connection and isolating network details.

Commands

This command starts the ambassador and app containers in the background, setting up the network forwarding automatically.

Terminal

docker-compose up -d

Expected OutputExpected

Creating network "default" with the default driver Creating ambassador ... done Creating app ... done

→

-d - Run containers in detached mode (in the background)

This command lists running containers to verify that both ambassador and app containers are up and running.

Terminal

docker-compose ps

Expected OutputExpected

Name Command State Ports -------------------------------------------------------------------------------- ambassador socat tcp-listen:5432,fork tcp-connect:db.example.com:5432 Up 5432/tcp app my-app-start-command Up

This command shows logs from the ambassador container to check if the port forwarding is working without errors.

Terminal

docker logs ambassador

Expected OutputExpected

No output (command runs silently)

Key Concept

If you remember nothing else from this pattern, remember: the ambassador container acts as a local helper that forwards network traffic to external services, simplifying and isolating connections for your app.

Common Mistakes

Setting the app to connect directly to the external service instead of the ambassador container.

This bypasses the ambassador pattern and loses the benefits of isolation and easier configuration.

Always configure your app to connect to the ambassador container hostname and port inside the Docker network.

Not exposing or forwarding the correct ports in the ambassador container.

If ports are wrong, the forwarding will fail and the app cannot reach the external service.

Double-check the ports in the socat command and ensure they match the external service's ports.

Summary

Use an ambassador container to forward network traffic from your app to external services.

Configure your app to connect to the ambassador container instead of the external service directly.

Use docker-compose to define and run both ambassador and app containers together.