LuisLlamas Logo
docker-publicacion-puertos

Port Publishing in Docker

  • 4 min
  • Intermediate

The port publication is a Docker networking technique that binds a specific port on the host machine with an internal container port, creating a tunnel that allows external traffic to breach the isolation.

By default, containers are hermetic bunkers. They can access the internet (to download updates), but nobody can get in.

Imagine you’ve downloaded the Nginx image. You’ve executed docker run nginx. Docker tells you the container is running. Everything seems perfect.

You open your browser, type localhost, hit Enter, and… “Can’t connect”. What happened? The answer lies in what we saw in the previous chapter: Isolation.

Today we’ll look at Port Publishing to manage how ports are exposed, allowing your services to be accessible from outside the container 👇.

The anatomy of the -p flag

To allow incoming traffic, we must explicitly tell Docker to connect a port on our machine (Host) with a container port.

This is done with the -p (lowercase) flag, and the syntax is:

-p <HOST_PORT>:<CONTAINER_PORT>
Copied!

It’s always “from the outside in”. First comes MY computer (where I’m typing), then the CONTAINER.

Practical Example: The Web Server

Let’s imagine we launch an Nginx server. Internally, Nginx is configured by default to listen on port 80. That’s the container port (right side).

Now we need to decide which port on our PC (left side) we want to use.

We want to access it through port 8080 on our computer.

docker run -d -p 8080:80 nginx
Copied!
  • Access: We go to the browser and type localhost:8080.
  • Flow: Request hits my PC (8080) ➡️ Docker captures it ➡️ Sends it to the Container (80). It works! 👍

Why doesn’t Docker open ports automatically?

You might wonder, “If Docker knows it’s an Nginx image and knows Nginx uses port 80… why doesn’t it open it automatically?”.

The answer is: For security and to avoid conflicts.

Imagine if Docker opened ports automatically.

  1. You launch Nginx ➡️ It occupies your port 80.
  2. You launch Apache ➡️ It tries to occupy your port 80 ➡️ Error! Port already in use. 💥

By forcing manual mapping, Docker allows you to have 10 different web servers running simultaneously, simply by assigning them different ports on your machine:

docker run -d -p 8001:80 --name web1 nginx
docker run -d -p 8002:80 --name web2 nginx
docker run -d -p 8003:80 --name web3 nginx
Copied!
  • localhost:8001 ➡️ Web 1
  • localhost:8002 ➡️ Web 2
  • localhost:8003 ➡️ Web 3

Notice that the right side (the container’s) is always 80. The container doesn’t care what happens outside; it happily lives on its internal port 80.

EXPOSE vs -p

If you look at a Dockerfile (we’ll cover this soon), you’ll see an instruction that says EXPOSE 80. Many people believe EXPOSE opens the port, but it doesn’t.

  • EXPOSE is mere documentation. It’s a message from the image creator saying: “Hey, I’m letting you know this software usually listens on port 80”. But it does nothing at the network level.
  • -p is what actually opens and maps the port.

If the image has EXPOSE 80 but you don’t use -p ...:80 when starting, the port remains closed.

Restricting the IP

By default, when you do -p 8080:80, Docker publishes that port on all network interfaces of your computer (0.0.0.0).

This means that if you’re on a public WiFi network or in an office:

  1. You can access it via localhost:8080.
  2. Your colleague next to you can access it by using your IP 192.168.1.55:8080.

Sometimes we don’t want this. If you only want it to be accessible from YOUR computer (localhost) and no one else, you can specify the loopback IP:

docker run -d -p 127.0.0.1:8080:80 nginx

On this page