In Docker Cloud you can publish or expose ports in services and containers, just like you can in Docker Engine (as documented here ).
Exposed ports are ports that a container or service is using either to provide a service, or listen on. By default, exposed ports in Docker Cloud are only privately accessible. This means only other services that are linked to the service which is exposing the ports will be able to communicate over the exposed port.
Exposed ports cannot be accessed publicly over the internet.
Published ports are exposed ports that are accessible publicly over the internet. Published ports are published to the public-facing network interface in which the container is running on the node (host).
Published ports can be accessed publicly over the internet.
If the image that you are using for your service already exposes any ports, these appear in Docker Cloud in the Launch new service wizard.
Scroll down to the Ports section.
The image in this example screenshot exposes port 80. Remember, this means that the port is only accessible to other services that link this service. It is not accessible publicly over the internet.
You can expose more ports from this screen by clicking Add Port.
See the API and CLI documentation here for information on how to launch a service with an exposed port.
If the image that you are using for your service already exposes any ports, these appear in Docker Cloud in the Launch new service wizard. You can choose to publish and map them from the wizard.
Optionally, choose which port on the node where you want to make the exposed port available.
By default, Docker Cloud assigns a published port dynamically. You can also choose a specific port. For example, you might choose to take a port that is exposed internally on port 80, and publish it externally on port 8080.
To access the published port over the internet, connect to the port you specified in the “Node port” section. If you used the default dynamic option, find the published port on the service detail page.
See the API and CLI documentation here on how to launch a service with a published port.
The Endpoints section in the Service view lists the published ports for a service. Ports that are exposed internally are not listed in this section but can be viewed by editing the service configuration.
See the API and CLI documentation here to learn how to list a service’s exposed and published ports.
The short word before dockerapp.io
in an endpoint URL tells you what type of endpoint it is. The three available types are:
node
routes to a specific node or hostsvc
routes round-robin style to the containers of a servicecont
routes to a specific container within a service regardless of which host the container is deployed onFor example, you might see an endpoint such as web.quickstart-python.0a0b0c0d.svc.dockerapp.io
. You would know that this is a service
endpoint, for reaching the web
service in the quickstart-python
stack.
Each container that has one or more published ports is automatically assigned a
DNS endpoint in the format
container-name[.stack-name].shortuuid.cont.dockerapp.io
. This DNS endpoint
(single A record) resolves to the public IP of the node where the container is
running. If the container is redeployed into another node, the DNS updates
automatically and will resolve to the new node or host.
You can see a list of container endpoints on the stack, service or container detail views, in the Endpoints tab.
Each service that has at least one port published with a fixed host port (i.e.
not dynamic) is assigned a DNS endpoint in the format
service-name[.stack-name].shortuuid.svc.dockerapp.io
. This DNS endpoint
(multiple A record) resolves to the IPs of the nodes where the containers are
running, in a round-robin
fashion.
You can see a list of service endpoints on the stack and service detail views, under the Endpoints tab.