“曝光”之间的区别和“发布”在码头 [英] Difference between "expose" and "publish" in docker
问题描述
我看到的所有教程首先包括 EXPOSE 命令在Dockerfile中:
...
EXPOSE 8080
...
然后他们从这个Dockerfile构建一个图像:
$ docker build -t an_image - < Dockerfile
然后在运行图像时发布与上述相同的端口:
$ docker run -d -p 8080 an_image
或使用
发布所有端口 $ docker run -d -P an_image
在Dockerfile中暴露端口的要点是什么?有没有必要首先公开港口,而不是稍后发布?实际上,我想在创建图像时指定我将在Docker文件中使用的所有端口,然后再重新打开它们,只需运行它们:
$ docker run -d an_image
这是可能吗? p>
基本上,您有三个选项:
- 既不指定
EXPOSE也不指定-p。 - 仅指定
EXPOSE。 - 指定
EXPOSE和-p。
如果您没有指定任何一个,则容器中的服务将无法从任何地方访问,从容器本身开始。
如果您的端口 c> EXPOSE ,容器中的服务无法从外部访问Docker,但从其他Docker容器内部。所以这对于集装箱间通信是有好处的。
如果您 EXPOSE 和 -p 一个端口,容器中的服务可以从任何地方访问,甚至可以在Docker外部访问。
两者分开的原因是IMHO,因为
- 选择主机端口取决于主机,因此不属于Dockerfile(否则将取决于主机),
- ,如果容器中的服务可从其他容器访问,通常就足够了。
文档明确指出:
EXPOSE指令会显示在链接中使用的端口。
它还指出了如何链接容器,这些基本上是inter-容器
PS:如果你执行 -p ,但不要 EXPOSE ,Docker执行隐式 EXPOSE 。这是因为如果一个端口对公众开放,它将自动对其他Docker容器开放。因此 -p 包括 EXPOSE 。这就是为什么我没有列出它作为第四种情况。
I'm experimenting with Dockerfiles, and I think I understand most of the logic. However, I don't see the difference between "exposing" and "publishing" a port in this context.
All the tutorials I have seen first include the EXPOSE command in the Dockerfile:
...
EXPOSE 8080
...
They then build an image from this Dockerfile:
$ docker build -t an_image - < Dockerfile
And then publish the same port as above when running the image:
$ docker run -d -p 8080 an_image
or publish all ports using
$ docker run -d -P an_image
What is the point of exposing a port in the Dockerfile, if it will be published anyway? Would there ever be a need to expose a port first, and not publish it later? Effectively, I would like to specify all the ports that I will use in the Dockerfile when creating the image, and then not bother with them again, running them simply with:
$ docker run -d an_image
Is this possible?
Basically, you have three options:
- Neither specify
EXPOSEnor-p. - Only specify
EXPOSE. - Specify
EXPOSEand-p.
If you do not specify any of those, the service in the container will not be accessible from anywhere except from inside the container itself.
If you EXPOSE a port, the service in the container is not accessible from outside Docker, but from inside other Docker containers. So this is good for inter-container communication.
If you EXPOSE and -p a port, the service in the container is accessible from anywhere, even outside Docker.
The reason why both are separated is IMHO because
- choosing a host port depends on the host and hence does not belong to the Dockerfile (otherwise it would be depending on the host),
- and often it's enough if a service in a container is accessible from other containers.
The documentation explicitly states:
The
EXPOSEinstruction exposes ports for use within links.
It also points you to how to link containers, which basically is the inter-container communication I talked about.
PS: If you do -p, but do not EXPOSE, Docker does an implicit EXPOSE. This is because if a port is open to the public, it is automatically also open to other Docker containers. Hence -p includes EXPOSE. That's why I didn't list it above as a fourth case.
这篇关于“曝光”之间的区别和“发布”在码头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
