What is the Difference Between "Expose" and "Publish" in Docker?
TLDR
In Docker, EXPOSE is used to declare the ports a container listens on at runtime, while --publish (or -p) maps a container's port to a port on the host machine, making it accessible externally. Use EXPOSE for documentation and internal communication between containers, and --publish to make services available outside the Docker host.
When working with Docker, understanding how to manage container networking is essential. Two commonly misunderstood concepts are EXPOSE and --publish. While they may seem similar, they serve distinct purposes. This guide will help you understand the difference and how to use them effectively.
What Does EXPOSE Do?
The EXPOSE instruction in a Dockerfile is a way to declare that a container listens on specific ports at runtime. It does not actually publish the port to the host machine - it simply serves as metadata for the container.
Example
Here is an example of using EXPOSE in a Dockerfile:
# Dockerfile
FROM nginx:latest
# Declare that the container listens on port 80
EXPOSE 80
When you build and run this Dockerfile, Docker knows that the container listens on port 80. However, this port is not accessible from the host machine unless explicitly published.
Why It Matters
- Documentation:
EXPOSEserves as a form of documentation for developers, indicating which ports the application inside the container uses. - Inter-container Communication: When using Docker's default bridge network,
EXPOSEallows other containers to communicate with the exposed ports.
What Does --publish Do?
The --publish (or -p) flag is used when running a container to map a container's port to a port on the host machine. This makes the container's service accessible externally.
Example
Here is an example of using --publish to map a container's port:
docker run -d -p 8080:80 nginx
In this case:
- The container's port
80is mapped to port8080on the host machine. - You can access the Nginx server by navigating to
http://localhost:8080in your browser.
Why It Matters
- External Access:
--publishis essential for making services available outside the Docker host. - Custom Port Mapping: You can map container ports to any available port on the host machine.
Key Differences Between EXPOSE and --publish
| Feature | EXPOSE |
--publish (-p) |
|---|---|---|
| Purpose | Declares container's listening ports | Maps container ports to host ports |
| Accessibility | Internal (within Docker network) | External (accessible from host) |
| Usage | Dockerfile instruction | Runtime flag |
| Example | EXPOSE 80 |
docker run -p 8080:80 |
Combining EXPOSE and --publish
You can use EXPOSE and --publish together. For example:
# Dockerfile
FROM nginx:latest
# Declare the container listens on port 80
EXPOSE 80
Run the container with:
docker run -d -p 8080:80 nginx
In this case:
EXPOSEdocuments that the container listens on port 80.--publishmaps port 80 to port 8080 on the host, making it accessible externally.
When to Use Each
- Use
EXPOSEwhen you want to document the ports your containerized application uses or enable inter-container communication. - Use
--publishwhen you need to make a service accessible from outside the Docker host.
By understanding these concepts, you can better manage your containerized applications and their networking requirements.
Found an issue?