Docker Tip #15: Opening and Closing Ports to the Outside World
Did you know Docker acts as a firewall for your Dockerized services? You can enable or disable your services from listening on a port too.
For example, if you were running a Flask, Node or Rails app server, you might have that listen on port 8000, and then set up nginx to proxy that app on port 80 (http) and / or 443 (https).
If you do want your web app server to be public to the outside world then add this flag to your run command: -p 8000:8000. The format is HOST:CONTAINER, and that will bind the container’s port to the host on the ports you specify, which in turn makes it accessible to the outside world. If you supplied -p 8000 it would get bound to the host on a random port.
If you want your web app server to NOT be public to the outside world but still be reachable to other containers on the same network (such as nginx in this example) then you must omit the -p flag. Containers on the same network will still be able to reach each other on whatever ports they expose.