Why is Docker exposing port 80 even though I didn’t specify it in my docker-compose.yml?

By
Elli Mongillo
-
0
3
Asked By TechieBear923 On

Hey folks, I'm trying to understand why my Docker container, using the Caddy image, is exposing both ports 80 and 443. My docker-compose.yml only mentions port 443:

```yaml
version: '3'
networks:
reverse-proxy:
external: true
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
ports:
- '443:443'
volumes:
- ./vol/Caddyfile:/etc/caddy/Caddyfile
- ./vol/data:/data
- ./vol/config:/config
- ./vol/certs:/etc/certs
networks:
- reverse-proxy
```

In the logs, I see output indicating that port 80 is also mapped:

```
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f797069aacd8 caddy:latest "caddy run --config " 2 weeks ago Up 5 days 0.0.0.0:80->80/tcp, [::]:80->80/tcp, 0.0.0.0:443->443/tcp, [::]:443->443/tcp, 443/udp, 2019/tcp caddy
```

How is this happening? It seems like a flaw in Docker that it's exposing a port not specified in my file.

**Update**: I've switched to Docker Compose version and removed the version in my YAML. The same issue persists with port 80 showing up. According to ChatGPT, Caddy listens on both ports by default, but I want to clarify this. Can anyone help out?

4 Answers

Answered By DockerGuru88 On

The behavior you're seeing is actually expected. Caddy uses Let's Encrypt for automatic SSL provisioning, which requires access to port 80 for the HTTP-01 challenge if you're using that setup. If you're only concerned about exposing it unnecessarily in your configuration, you can adjust things in your Caddyfile.

Answered By DockerDude42 On

It sounds like you might have an old container still running. When you change your docker-compose.yml, you have to run `docker compose up -d` to apply those changes. If you haven't done that after editing the file, the old container could still be using the old settings. You could check with `docker inspect ` to confirm it's the right container. If not, just delete it manually and restart your compose setup.

Answered By ConfusedDev99 On

Removing the `external: true` option in your networks section might help reduce unexpected port exposure. However, remember that the external designation is related to network scopes, and not necessarily about port mappings directly.

Answered By CodeNinja007 On

Caddy is designed to expose and listen on ports 80 and 443 by default, even if they're not specified in your docker-compose.yml. The `EXPOSE` in the Dockerfile documentation is more about communication between the image builder and user; it won't block ports automatically. If you want to restrict access, you'll have to adjust your Caddyfile configuration to limit what ports it listens on.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.