@@ -90,7 +90,7 @@ Create and run a new container from an image
9090| ` --platform ` | ` string ` | | Set platform if server is multi-platform capable |
9191| [ ` --privileged ` ] ( #privileged ) | | | Give extended privileges to this container |
9292| [ ` -p ` ] ( #publish ) , [ ` --publish ` ] ( #publish ) | ` list ` | | Publish a container's port(s) to the host |
93- | ` -P ` , ` --publish-all ` | | | Publish all exposed ports to random ports |
93+ | [ ` -P ` ] ( #publish-all ) , [ ` --publish-all ` ] ( #publish-all ) | | | Publish all exposed ports to random ports |
9494| [ ` --pull ` ] ( #pull ) | ` string ` | ` missing ` | Pull image before running (` always ` , ` missing ` , ` never ` ) |
9595| ` -q ` , ` --quiet ` | | | Suppress the pull output |
9696| [ ` --read-only ` ] ( #read-only ) | | | Mount the container's root filesystem as read only |
@@ -483,26 +483,47 @@ $ docker run -t -i --mount type=bind,src=/data,dst=/data busybox sh
483483### <a name =" publish " ></a > Publish or expose port (-p, --expose)
484484
485485``` console
486- $ docker run -p 127.0.0.1:80:8080/tcp ubuntu bash
486+ $ docker run -p 127.0.0.1:80:8080/tcp nginx:alpine
487487```
488488
489- This binds port ` 8080 ` of the container to TCP port ` 80 ` on ` 127.0.0.1 ` of the host
490- machine . You can also specify ` udp ` and ` sctp ` ports.
491- The [ Docker User Guide ] ( https://docs.docker.com/network/links/ )
492- explains in detail how to use ports in Docker.
489+ This binds port ` 8080 ` of the container to TCP port ` 80 ` on ` 127.0.0.1 ` of the
490+ host . You can also specify ` udp ` and ` sctp ` ports. The [ Networking overview
491+ page ] ( https://docs.docker.com/network/ ) explains in detail how to publish ports
492+ with Docker.
493493
494- Note that ports which are not bound to the host (i.e., ` -p 80:80 ` instead of
495- ` -p 127.0.0.1:80:80 ` ) are externally accessible. This also applies if
496- you configured UFW to block this specific port, as Docker manages its
497- own iptables rules. [ Read more] ( https://docs.docker.com/network/iptables/ )
494+ > ** Note**
495+ >
496+ > If you don't specify an IP address (i.e., ` -p 80:80 ` instead of `-p
497+ > 127.0.0.1:80:80`) when publishing a container's ports, Docker publishes the
498+ > port on all interfaces (address ` 0.0.0.0 ` ) by default. These ports are
499+ > externally accessible. This also applies if you configured UFW to block this
500+ > specific port, as Docker manages its own iptables rules. [ Read
501+ > more] ( https://docs.docker.com/network/packet-filtering-firewalls/ )
498502
499503``` console
500- $ docker run --expose 80 ubuntu bash
504+ $ docker run --expose 80 nginx:alpine
501505```
502506
503507This exposes port ` 80 ` of the container without publishing the port to the host
504508system's interfaces.
505509
510+ ### <a name =" publish-all " ></a > Publish all exposed ports (-P, --publish-all)
511+
512+ ``` console
513+ $ docker run -P nginx:alpine
514+ ```
515+
516+ The ` -P ` , or ` --publish-all ` , flag publishes all the exposed ports to the host.
517+ Docker binds each exposed port to a random port on the host.
518+
519+ The ` -P ` flag only publishes port numbers that are explicitly flagged as
520+ exposed, either using the Dockerfile ` EXPOSE ` instruction or the ` --expose `
521+ flag for the ` docker run ` command.
522+
523+ The range of ports are within an * ephemeral port range* defined by
524+ ` /proc/sys/net/ipv4/ip_local_port_range ` . Use the ` -p ` flag to explicitly map a
525+ single port or range of ports.
526+
506527### <a name =" pull " ></a > Set the pull policy (--pull)
507528
508529Use the ` --pull ` flag to set the image pull policy when creating (and running)
0 commit comments