A developer wants to ensure that a Docker container running a web application can only accept incoming traffic on port 443. Which Docker run option should be used?
Trap 1: docker run --port 443 myapp
There is no --port flag; the correct flag is -p or --publish.
Trap 2: docker run --net host myapp
--net host shares the host network stack, exposing all host ports, which is too permissive.
Trap 3: docker run --expose 443 myapp
--expose only documents ports but does not publish them; the port is still not accessible from outside.
- A
docker run --port 443 myapp
Why wrong: There is no --port flag; the correct flag is -p or --publish.
- B
docker run --net host myapp
Why wrong: --net host shares the host network stack, exposing all host ports, which is too permissive.
- C
docker run -p 443:443 myapp
-p 443:443 publishes container port 443 to host port 443, allowing external access only on that port.
- D
docker run --expose 443 myapp
Why wrong: --expose only documents ports but does not publish them; the port is still not accessible from outside.