When you run "docker run", the container has a port that is exposed and the web application works properly. When you use "docker create" then "docker start", the service is not exposed properly. You believe that "docker run" the same as a series of two steps, first "docker create" then "docker start".
Why does a Docker container started with a single "docker run" command work to expose it web service over a TCP port but not work when a "docker create" and "docker start" commands are serially issued?
"docker run" is the equivalent of two commands run in seriatim. These commands are "docker create" and then "docker start". The "docker create" command needs an image ID parameter. The "docker start" command needs a container ID parameter.
If you find a difference between "docker run" and the "docker create" with a subsequent "docker start" command, the difference is probably related to an option or flag. Specifically you may be using a flag or option with the "docker run" command that you are not employing when you use the "docker create" command.
If your "docker run" command had a "-P" flag in it, the "docker create" command should also have a "-P" flag.
Here is an example of a "docker run" command that would start a web service based on a properly created image:
docker run -d -P <image ID>
For creating a container, use this:
docker create -it -P <image ID>
You can then use "docker start" with the container created in the command above. It should have the proper port mapping you were using with your "docker run" command.
In conclusion there should be no difference between using "docker run" or the combination of "docker create" and then "docker start". An apparent difference is probably attributable to an optional flag that you used with "docker run" but not the other two.