Is the use of PORTS, PUBLISH or EXPOSE manditory to make Traefik work?

Continuing the discussion from Please explain global scope:

based on your statement

and your intensive tests I may ask you some question about the teamwork between docker and traefik.

I’m bit confused by the statements in the docs of API and Port detection

If I look at providers overview the picture and quick start/, they tell me, that all is done by API calls and I don’t need to make any port available to other containers. In addition, it is said that containers see each other anyway, if they are in the same network but that is not that good documented you find rather

If you do not specify any of those, the service in the container will not be accessible from anywhere except from inside the container itself.

for both see What is the difference between “expose” and “publish” in Docker?

But if I read Operations → API, Docker Engine API Access and
Docker Swarm API Access, I’m not that sure anymore.
One the one hand it is said traefik provides only information via APIs but on the other hand, it also acts by means of API calls.
Moreover, port detection is explicitly mentioned in Docker Engine Port Detection and in Docker Swarm Port Detection

Any chance that someone could explain the differences in bit more details?

Thank you


EXPOSE: static docu hint from the author of the Dockerfile which ports are supposed to be used by default. There is no guaranty that any process is listening on those ports when a container is running later. Though, usualy they do :slight_smile:

Publish: actual port mapping between host and container. You can define them freely. Though, there is no verification whether something actualy listens on the target port inside the container.

Only the traefik container needs to publish its ports.

Traefik registeres for container creation/removal events of the docker engine. It will read the settings from the container labels and apply them instantly as reverse proxy rules. A container network will be used to forward traffic from traefik to target container. Thus, there is no need to publish ports on the target containers. Traffic in container networks is not restricted in any way.

Port detection is probably used to identify the target port listening inside the container. Though, I allways declared mine using labels explicitly - I never used the port detection.