I need to map the ports on the host to the ports on the container. I can achieve this by running the "docker run"
command with the -p
option. How do I achieve this through the Dockerfile
? Using the following gives a "deprecated error"
EXPOSE 80:8080
How else can I make the exposed ports public through teh dockerfile?
You can expose a port through your Dockerfile or use --expose and then publish it with the -P flag. This will bind the exposed port to your Docker host on a random port (verified by running docker container ls ). You can expose a port through your Dockerfile or use --expose and then publish it with the -p 80:80 flag.
Published ports By default, when you create or run a container using docker create or docker run , it does not publish any of its ports to the outside world. To make a port available to services outside of Docker, or to Docker containers which are not connected to the container's network, use the --publish or -p flag.
Publishing a port makes it accessible from outside the container. It lets you take a port you've discovered by an EXPOSE instruction, then bind a host port to it. This command binds port 8080 on your Docker host to 80 inside your new container.
In your Dockerfile , you can use the verb EXPOSE to expose multiple ports.
You can't. What ports are published on the docker host is strictly a decision that should be made by the local administrator, not by the image they are trying to run; this would be (a) a security problem (hey, I just opened up ssh access to your system!) and (b) prone to failure (my webserver container can't bind on port 80 because I'm already running a server on port 80).
If you want to avoid long docker run
command lines, consider using something like docker-compose to automate the process. You can then pass docker-compose a configuration like:
mywebserver: image: myname/mywebserver ports: - 80:8080
And then a simple docker-compose up
will start your container with container port 8080 bound to host port 80.
Update 2017-03-11
In response to Willa's comment:
Using docker-compose
will not help with the port collision issue. The port collision issue is a reason why images should not be able to specify host port bindings. I was simply offering docker-compose
as an alternative to long docker run
command lines with multiple port bindings. The port collision issue would potentially allow a container to perform a denial-of-service attack on your host: if, for example, a container starts and binds to port 80 before an Apache server on your host (or in another container), then you have just lost your web service.
Regarding the security issue: If an image were able to specify host port bindings, it would be possible for containers to open up access to the container without your knowledge. Permitting a remote user to access a container on your host opens you up to the possibility of a host compromise in the event that the namespace features in the kernel fail to completely isolate the container, and even if you completely trust the isolation it opens you up to potential legal problems if that container is used for illicit purposes. In either case it's a bad idea.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With