I’m learning Kurbernetes and Docker at the moment, KinD in particular. To start with, I just want to run docker run --rm --name <container's name> -p 8080:80 -d <image name>
to create a container from the image.
I know that ports are used in the TCP/IP protocol (or Internet Protocol) to address a specific program (software). Port 80 is a default port to run web servers.
Now, my question is why 8080 or why 5000? How to determine which port should be an OUTSIDE port in this case? Is it just random or are there any rule/restrictions?
3
Answers
port 8080 is normally used to host your personal webserver/service and it is alternate of port 80
you can also use other ports instead of 8080.
when some one try to connect to your webserver from outside, and if you use port 8080, they don’t need to specify port number because by default it will look for port 8080.
If you use any other port number, when someone try to connect to your webservice/server from outside, they should specify the custom port number you specified to access your webservice/server
For the
docker run -p
option (and Composeports:
), for the first port number you can pick any port that isn’t already in use on your host system. As you’ve noted, port 80 is the standard HTTP port, and what gets used inhttp://hostname/
URLs without an explicit port number. Various frameworks use port 3000 or 5000 or 8000 or 8080 as their default but none of them is "standard" or "special" in any way.The second port number must be the port number the server process is listening on. The server process must be listening on the special 0.0.0.0 "all address" address, if that’s a configurable option; if it’s listening on 127.0.0.1 (as many developer-oriented servers do by default) it will not be reachable from outside its container. This number often is included in an
EXPOSE
line in the Dockerfile, but that directive has no other effect. (There is no reason to include adocker run --expose
option or Composeexpose:
block and it’s always safe to delete it.)There is no particular requirement that the two ports match. If you want to use host port 8888 because it’s available, and your application is a Node application using the default Express port 3000, it will work to
If you really don’t care you can use
docker run -p
with only the container port number, but this is unusual.docker port
will tell you what port Docker chose.You mention Kubernetes in here as well. In Kubernetes, all communications between Pods go through a Service, in effect an in-cluster load balancer. I’d recommend always making the Service use the "normal" port for whatever protocol you’re using, port 80 for unencrypted HTTP. Each Service has its own in-cluster IP address so there’s no risk of conflict between Services or Pods. If you’re using a NodePort-type Service to make it accessible from outside the cluster, you are usually constrained to using ports 30000 through 32767.
Now calls from another Pod through this Service can use
http://the-service-name/
as the URL with the default port.As David very nicely explained, you can use any of the 65535 ports your OS is not already using. However there are two additional limits:
Usually ports up to 1023 are not accessible from user space. As the docker daemon runs on root privileges you would not have to care, yet it is wise practice to go above.
Then every operating system has a range of ephemeral ports. These are ports that will be used by the operating system for outgoing TCP connections (yes, they also need a port). This range varies across operating systems. If you want to be sure you are able to start a container on some port (that you think is available), ensure the OS will not start using it based on whatever other process needs a connection. Thus better choose a port outside the ephemeral port range.
In short, on Linux systems you want to pick a value between 1024 and 32767.