The Difference Between External Ports and Internal Ports
DockerIn the previous section, we learned how to pull images. Now, we’ll see how to access the applications running in our containers.
Because, yes, launching a container is one thing… but accessing it from your browser is another.
To understand this, we need to discuss a key concept: port mapping.
The problem: a container is isolated
By default, a containerDockerruns in its own isolated network environment.
This means that even if a service is working perfectly inside the container, it isn’t accessible from your machine or from the Internet.
Let’s take a simple example.
You launch a container with a web server listening on port 80.
Inside the container:
http://localhost:80
it works perfectly.
But from your computer:
http://localhost
… nothing responds.
Why?
Because the container’s port 80 isn’t exposed to the outside world.
This is exactly where port mapping comes in.
The principle: connecting two ports
Port mapping involves connecting a port on your machine (the host) to a port on the container.
We refer to:
- External port (Host Port) → the port on your machine
- Internal port (Container Port) → the port used by the application in the container
Visually, this looks like:
Votre ordinateur Conteneur Docker
--------------- -----------------
localhost:8080 ---> nginx:80
(port externe) (port interne)
In this example:
- your browser accesses localhost:8080
- Docker redirects to port 80 of the container
The syntax with docker run
Port mapping is done using the option-p:
docker run -p PORT_EXTERNE:PORT_INTERNE image
A concrete example with an Nginx web server:
docker run -p 8080:80 nginx
This means:
- port 8080 on your machine
- is redirected to port 80 of the container
You can then open your browser to:
http://localhost:8080
And view the Nginx web page.
Why not just use port 80 directly?
You might ask yourself:
“Why not just use 80:80?”
That’s possible:
docker run -p 80:80 nginx
But using different ports has several advantages.
In particular, this allows you to:
- avoid conflicts if a service is already using port 80
- run multiple web applications in parallel
- test development environments
For example:
8080 → site de test
8081 → API
8082 → outil interne
All these services can run at the same time on the same machine.
A simple analogy: the building
Imagine a building.
- The building’s address = your machine
- The apartments = the containers
- The door numbers = the ports
When someone arrives at the building, they need to know which door to ring.
Docker It acts like a switchboard operator:
“If someone calls port 8080, I redirect them to the apartment listening on port 80.”
Check exposed ports
To see which ports are used by your containers:
docker ps
You’ll see a PORTS column that looks like this:
0.0.0.0:8080->80/tcp
This means:
- 8080 on your machine
- redirected to 80 in the container
Key takeaway
Port mapping is one of the most important mechanisms in Docker.
Without it:
- your containers run
- but no one can access them
Just remember this rule: EXTERNAL_PORT → INTERNAL_PORT
⚡ Tip for later: As we’ll see later in this course, it’s possible to expose our web applications without direct port forwarding, thanks to an additional service: the Traefik reverse proxy, which will automatically route requests to the correct container.
In the next lesson, we’ll cover a point that causes a lot of confusion for beginners: the difference betweenEXPOSE and PORTS.
Spoiler:EXPOSE doesn’t actually open the port. 😈