What is the difference between “expose” and “publish” in Docker?

by

Basically, you have three options:

  1. Neither specify EXPOSE nor -p
  2. Only specify EXPOSE
  3. Specify EXPOSE and -p

1) If you specify neither EXPOSE nor -p, the service in the container will only be accessible from inside the container itself.

2) If you EXPOSE a port, the service in the container is not accessible from outside Docker, but from inside other Docker containers. So this is good for inter-container communication.

3) If you EXPOSE and -p a port, the service in the container is accessible from anywhere, even outside Docker.

The reason why both are separated is IMHO because:

  • choosing a host port depends on the host and hence does not belong to the Dockerfile (otherwise it would be depending on the host),
  • and often it’s enough if a service in a container is accessible from other containers.

The documentation explicitly states:

The EXPOSE instruction exposes ports for use within links.

It also points you to how to link containers, which basically is the inter-container communication I talked about.

PS: If you do -p, but do not EXPOSE, Docker does an implicit EXPOSE. This is because if a port is open to the public, it is automatically also open to other Docker containers. Hence -p includes EXPOSE. That’s why I didn’t list it above as a fourth case.

More Related Contents:

  1. Docker Compose wait for container X before starting Y
  2. How do I pass environment variables to Docker containers?
  3. Assign static IP to Docker container
  4. How to change the default docker registry from docker.io to my private registry?
  5. Docker – a way to give access to a host USB or serial device?
  6. What is the relationship between the docker host OS and the container base image OS?
  7. How to specify Memory & CPU limit in docker compose version 3
  8. Access Docker socket within container
  9. How to get a list of images on docker registry v2
  10. How to set an environment variable in a running docker container
  11. Is it possible to start a shell session in a running container (without ssh)
  12. Why are Docker container images so large?
  13. How to use environment variables in docker-compose?
  14. How do I set hostname in docker-compose?
  15. Keycloak Docker HTTPS required
  16. How to set image name in Dockerfile?
  17. Docker – how can I copy a file from an image to a host?
  18. How do I configure docker compose to expose ports correctly?
  19. Dockerfile build – possible to ignore error?
  20. Docker container doesn’t expose ports when –net=host is mentioned in the docker run command
  21. How do I Docker COPY as non root?
  22. Docker follow symlink outside context
  23. Docker mounted volume adds ;C to end of windows path when translating from linux style path
  24. When to use –hostname in docker?
  25. Docker add network drive as volume on windows
  26. Substitute environment variables in NGINX config from docker-compose
  27. Build a single image based on docker compose containers
  28. Issue in executing puppeteer in headful mode in Docker
  29. Root password inside a Docker container
  30. How to access the VM created by docker’s HyperKit?

Leave a Comment