{"id":5074,"date":"2022-10-03T14:27:52","date_gmt":"2022-10-03T14:27:52","guid":{"rendered":"http:\/\/www.scmgalaxy.com\/tutorials\/?p=5074"},"modified":"2025-07-12T05:40:14","modified_gmt":"2025-07-12T05:40:14","slug":"working-with-ports-in-docker-containers","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/working-with-ports-in-docker-containers\/","title":{"rendered":"Docker Tutorials: Working with Ports in Docker Containers"},"content":{"rendered":"

\"\"<\/p>\n

Port expose and publish has to happen when a container is created. Just stop the existing container and create a new one in its place with the added expose and\/or publish options.<\/p>\n

By default Docker containers can make connections to the outside world, but the outside world cannot connect to containers. Each outgoing connection will appear to originate from one of the host machine\u2019s own IP addresses thanks to an iptables masquerading rule on the host machine that the Docker server creates when it starts:<\/p>\n

[code]$ sudo iptables -t nat -L -n
\n…
\nChain POSTROUTING (policy ACCEPT)
\ntarget prot opt source destination
\nMASQUERADE all — 172.17.0.0\/16 0.0.0.0\/0[\/code]<\/p>\n

The Docker server creates a masquerade rule that lets containers connect to IP addresses in the outside world. If you want containers to accept incoming connections, you will need to provide special options when invoking docker run. There are two approaches.<\/p>\n

How to map ports to containers?<\/strong>
\nApproach 1<\/strong>
\nFirst, you can supply -P or –publish-all=true|false to docker run
\nor
\nEXPOSE line in the image\u2019s Dockerfile
\nor
\n–expose <port> commandline flag and maps it to a host port somewhere within an ephemeral port range.<\/p>\n

Approach 2<\/strong>
\nMapping can be specified explicitly using -p SPEC or –publish=SPEC option. It allows you to particularize which port on docker server – which can be any port at all, not just one within the ephemeral port range \u2013 you want mapped to which port in the container.<\/p>\n

How to EXPOSE Port on running container?<\/strong><\/p>\n

Mehtod 1 – Using docker commit<\/strong>
\nCommit your current container to a new image and then do a docker run specifying the new port range and the new image name.<\/p>\n

[code]$ docker stop containerID
\n$ docker commit containerID newImageName:tag
\n$ docker run -d –name db -p 8091-8094:8091-8094 -p 11210:11210 newImageName:tag[\/code]<\/p>\n

Method 2 – using iptables<\/strong><\/p>\n

[code]HOST> iptables -t nat -A DOCKER -p tcp –dport 443 -j DNAT –to-destination 172.17.0.2:443
\nHOST> iptables -t nat -A POSTROUTING -j MASQUERADE -p tcp –source 172.17.0.2 –destination 172.17.0.2 –dport https
\nHOST> iptables -A DOCKER -j ACCEPT -p tcp –destination 172.17.0.2 –dport https[\/code]<\/p>\n

Docker Tutorials Fundamental To Advanced-2021 Crash Course:- https:\/\/bit.ly\/3hOIbTB<\/a><\/p>\n\n