Exposed Ports

Articles » Docker Networking for Container-Based Services » Exposed Ports

Any Docker container (assuming default Docker settings) can start a TCP or UDP service on any port. After all, the top process in every container runs as root, and every container gets its own IP address and TCP/IP stack (network namespace).

It’s good form to document the ports a container listens on using the EXPOSE command in Dockerfile (the file used to build a Docker container image), but the container-based services work even without that.

Let’s use the following Dockerfile to build a Docker container running a Python Flask application listening on TCP port 80. The application returns the container ID (useful when testing Docker Swarm environment) and the IP address of the HTTP client (useful when trying to figure out the convoluted setup Docker uses to implement published ports).

FROM python:2.7-slim
ADD . /app
RUN pip install -r requirements.txt
CMD ["python", ""]

After staring the container it’s possible to access the Flask application even though the container image exposed no TCP or UDP ports:

$ docker run --rm -d --name flask webapp:noexpose
$ docker inspect -f '{{range .NetworkSettings.Networks}}
>   {{.IPAddress}}{{end}}' flask
$ curl
<b>Hostname:</b> f9dc192442ee<br/>
<b>Remote IP:</b>

The only difference you’ll notice between a container exposing its ports and a container lacking that decency is the list of ports in docker ps printout (shortened to fit into the page width):

$ docker ps
f9dc192442ee  webapp:noexpose "python"            flask
5cc2cded1e38  httpd           "httpd-foreground" 80/tcp  web

You can also use a format string in docker ps command to list a subset of usually-displayed information:

docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}\t{{.Ports}}"
CONTAINER ID    IMAGE               NAMES               PORTS
f9dc192442ee    webapp:noexpose     flask
5cc2cded1e38    httpd               web                 80/tcp

Now that you know what exposed ports are, we’re ready do dive into the concept of published ports.

More Information