Publishing container ports

4.1 Key Concepts of Port Publishing

Port publishing in Docker lets services running inside containers be accessible from an external network or the host. It's an essential part of setting up multi-container applications, as it enables interacting with services like web servers, databases, and other network apps. In this lecture, we're going to explore how to publish container ports and configure access to services.

Key Concepts of Port Publishing

• Port mapping: mapping a host port to a container port.
• Parameter -p/--publish: used to specify port mapping when starting a container.
• Parameter -P/--publish-all: automatically assigns host ports for all exposed container ports.

Example of using the -p parameter

When starting a container, you can use the -p option to map a host port to a container port. Command format:

docker run -d -p <host_port>:<container_port> <image> 

Example 1: Publishing a port for the Nginx web server

Let's start a container with Nginx and publish port 80 of the container to port 8080 of the host.

Now Nginx will be available at http://localhost:8080.

docker run -d -p 8080:80 --name mynginx nginx 

Example 2: Publishing multiple ports

You can publish multiple ports by specifying multiple -p options.

In this example, Nginx will be available over HTTP on port 8080 and over HTTPS on port 8443.

docker run -d -p 8080:80 -p 8443:443 --name mynginx nginx 

Example of using the -P parameter

The -P parameter automatically publishes all ports specified in the Dockerfile or container settings to random host ports.

Example:

docker run -d -P --name mynginx nginx 

To find out which ports were assigned, use the docker port command:

docker port mynginx

The output will look something like this:

80/tcp -> 0.0.0.0:32768
443/tcp -> 0.0.0.0:32769

4.2 Publishing Ports in Docker Compose

To assign ports in Docker Compose, use the ports directive in the docker-compose.yml file.

Example of a docker-compose.yml file

version: '3.8'

services:
  web:
    image: nginx:latest
    ports:
      - "8080:80"
      - "8443:443"

Run Docker Compose:

docker compose up -d 

Now Nginx will be available at http://localhost:8080 and https://localhost:8443.

4.3 Additional Parameters for Port Publishing

1. Restricting IP Address

You can limit access to the container port by specifying the host's IP address.

Example:

In this example, Nginx will only be accessible from the local host at http://127.0.0.1:8080.

docker run -d -p 127.0.0.1:8080:80 --name mynginx nginx 

2. Using a Range of Ports

You can specify a range of ports for publishing.

Example:

docker run -d -p 8080-8081:80-81 --name mynginx nginx 

Practical Tips:

• Publish Only the Necessary Ports: Only publish the ports that are really needed for service access to reduce potential vulnerabilities.
• Using a Firewall: Configure a firewall to restrict access to the published ports to trusted IP addresses only.
• Monitoring and Logging: Use monitoring and logging tools to track access to published ports and identify suspicious activity.

3

Task

Docker SELF, level 17, lesson 3

Locked

Publishing a single port

Publishing a single port

Open

3

Task

Docker SELF, level 17, lesson 3

Locked

Publishing multiple ports

Publishing multiple ports

Open

3

Task

Docker SELF, level 17, lesson 3

Locked

Publishing ports with IP restriction

Publishing ports with IP restriction

Open

3

Task

Docker SELF, level 17, lesson 3

Locked

Publishing Ports in Docker Compose

Publishing Ports in Docker Compose

Open