[Badumtss8]

nginx listens on port 80. Accessible from machine. Inaccessible from outside unless allowed by ufw.

docker listens on port X. Accessible on machine. Also accessible from outside regardless of ufw.

No amount of time and experience will make you think that configuring a software to listen on a port will automagically poke a hole in the firewall.

[nickstinemates]

The scope of Docker and nginx are incomparable, so the comparison is wrong.

It starts with the simple truth: `docker` doesn't `listen` on any port.

Or maybe a simple question: How can I run `docker run -p 8080 nginx` over and over without port conflict?

Or - lets expand scope even more. How is docker supposed to know about your choice of firewall? What about upstream firewalls? What about multiple versions of firewalls on a host (ufw vs. fern vs.)?

Can go on and on..

[joombaga]

Just tried this because I usually use docker with k8s or compose, so wasn't sure of the behavior.

> It starts with the simple truth: `docker` doesn't `listen` on any port.

If I run the command below, `docker-proxy` starts listening on an incrementing port.

> Or maybe a simple question: How can I run `docker run -p 8080 nginx` over and over without port conflict?

Because you're not specifying a port on the host; you're specifying a port on the container. I've never used the single port form of `-p`; I would've guessed it was the same as `-p 8080:8080`.

[Badumtss8]

The same way nginx doesn't care about the choice of firewall because it doesn't automagically poke holes in the firewall.

May be a simple question: How are you able run nginx and open http:// localhost without it making any changes to the firewall. Can go on and on.