Expose Docker Container Ports

In Docker, publishing and exposing ports have different meanings.

Publishing a port refers to making the services running inside a container accessible to the outside world by mapping a container port to a host port

Exposing a port, on the other hand, simply informs Docker that the port is available for communication between containers, but does not make it accessible from outside the Docker network unless it is also published.

The short answer

To map a host port to a container port, you can use the [.inline-code] docker run[.inline-code]  command with the [.inline-code] -p[.inline-code]  flag (short for [.inline-code] --publish[.inline-code] ) as follows:

 $ docker run -p <host_port>:<container_port> <image>

Where:

• [.inline-code] host_port[.inline-code]  specifies the port on the host.
• [.inline-code] container_port[.inline-code]  specifies the port on the container.

For example, the following command will start a new container based on the [.inline-code] nginx[.inline-code]  image and map the port [.inline-code] 8080[.inline-code]  of the host to the port [.inline-code] 80[.inline-code] of the container:

 $ docker run -p 8080:80 nginx

This way, all the traffic coming on the port [.inline-code] 8080[.inline-code]  of the host will be automatically forwarded to the port [.inline-code] 80[.inline-code]  of the container.

[#easily-recall-syntax-with-ai] Easily retrieve this command using Warp’s AI Command Suggestion [#easily-recall-syntax-with-ai]

If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Suggestion feature:

Entering [.inline-code] docker publish port[.inline-code]  in the AI command search will prompt a [.inline-code] docker[.inline-code]  command that can then be quickly inserted into your shell by doing [.inline-code] CMD+ENTER[.inline-code] .

[#publish-multiple-ports] Publishing multiple ports at once [#publish-multiple-ports]

In Docker, it is quite common for a single container to run multiple services that require different ports to listen for incoming requests.

To publish multiple ports at once, you can repeat the [.inline-code] -p[.inline-code]  flag several times using the following syntax:

 $ docker run -p <host_port>:<container_port> [-p <host_port>:<container_port>] <image>

For example, the following command will start a new container based on the [.inline-code] nginx[.inline-code]  image and map the ports [.inline-code] 80[.inline-code] , [.inline-code] 443[.inline-code] , and [.inline-code] 22[.inline-code]  on both the host and the container:

 $ docker run -p 80:80 -p 443:443 -p 22:22 nginx

[#publish-port-ranges] Publishing port ranges [#publish-port-ranges]

As an alternative, instead of repeating the [.inline-code] -p[.inline-code]  flag multiple times, you can publish port ranges using the following syntax:

$ docker run -p <start_port_host>-<end_port_host>:<container_start_port>-<container_end_port> <image>

For example, the following command will map all the ports ranging from [.inline-code] 8000[.inline-code]  to [.inline-code] 8002[.inline-code]  on the host to each of the ports ranging from [.inline-code] 3000 [.inline-code] to [.inline-code] 3002 [.inline-code] on the container:

 $ docker run -p 8000-8002:3000-3002 my-api

Note that this command is equivalent to the following one:

 $ docker run -p 8000:3000 -p 8001:3001 -p 8002:3002 my-api

[#publish-available-host-ports] Publishing the first available host port [#publish-available-host-ports]

Port ranges can also be used to assign the first port available on the host to a specific port on the container using the following syntax:

 $ docker run -p <start_port_host>-<end_port_host>:<container_port> <image>

For example, the following command will test all the ports ranging from 8000 to 8010 on the host and map the first available one to the port 3000 on the container:

 $ docker run -p 8000-8010:3000 my-api

[#publish-tcp-and-udp-ports] Publishing ports with TCP and UDP [#publish-tcp-and-udp-ports]

By default, all the ports published through the [.inline-code] -p[.inline-code]  flag use the TCP protocol, which provides a reliable and ordered delivery of data.

To publish a port with a different network communication protocol such as UDP, which prioritizes speed over perfect reliability, you can use the following syntax:

 $ docker run -p <host_port>:<container_port>/<protocol> <image>

For example, the following command will publish the port 80 using the UDP protocol and the port 443 using the TCP protocol:

 $ docker run -p 80:80/udp -p 443:443/tcp node-server

[#expose-ports-in-dockerfile] Exposing ports in a Dockerfile [#expose-ports-in-dockerfile]

To expose one or more ports in a Dockerfile, you can use the [.inline-code] EXPOSE[.inline-code]  instruction as follows:

 EXPOSE <port> [<port>/<protocol> …]

Where:

• [.inline-code] port[.inline-code]  is the port number.
• [.inline-code] [port;/protocol][.inline-code] is an optional list of ports and protocols, where [.inline-code]protocol[.inline-code]  is one of [.inline-code] tcp[.inline-code]  or [.inline-code] udp[.inline-code] .

For example, the following Dockerfile exposes the UDP port [.inline-code] 80[.inline-code] and the TCP port [.inline-code] 443[.inline-code] :

 EXPOSE 80/udp 443

Note that, by default, the TCP protocol is assumed if unspecified.

Exposing port ranges via a Dockerfile

To expose a port range in a Dockerfile, you can use the [.inline-code] EXPOSE[.inline-code]  instruction as follows:

 EXPOSE <start_port>-<end_port>/[protocol]

For example, the following Dockerfile exposes the TCP ports [.inline-code] 8000[.inline-code] , [.inline-code] 8001[.inline-code]  and [.inline-code] 8002[.inline-code] :

 EXPOSE 8000-8002

[#expose-ports-at-runtime] Exposing ports at runtime [#expose-ports-at-runtime]

To expose one or more port at runtime, you can use the [.inline-code] docker run[.inline-code]  command with the [.inline-code] --expose[.inline-code]  flag as follows:

 $ docker run --expose <port> [--expose <port> …] <image>

For example, the following command will start a new container based on the [.inline-code] postgres[.inline-code]  image and expose the port [.inline-code] 5432[.inline-code] :

 $ docker run --expose 5432 postgres

[#map-exposed-ports-at-random] Mapping exposed ports to random host ports [#map-exposed-ports-at-random]

When launching a container, you can map the ports exposed through the [.inline-code] EXPOSE[.inline-code]  property or the [.inline-code] --expose[.inline-code]  flag to random ports on the host machine using the [.inline-code] docker run[.inline-code]  command with the [.inline-code] -P[.inline-code]  flag (short for [.inline-code] --publish-all[.inline-code] ) as follows:

 $ docker run -P <image>

Once launched, you can find out the port mapping of your container using the [.inline-code] docker port[.inline-code]  command as follows:

 $ docker port <container>

Where:

• [.inline-code] container[.inline-code]  is the name or ID of the container.

You can learn more about networks and ports in Docker Compose by reading our other article on understanding port mapping in Docker Compose and creating networks in Docker Compose.