Is there any way to expose a port from a docker container without using port mapping or getting a randomized container port?

Question

I have a nginx docker container that I am trying to host on azure container instances. For the sake of this question, let's just assume that I'm only interesting in using azure container instances and not another service that can host containers.

My issue is that ACI doesn't allow for port mappings. I have an nginx container I'm trying to expose port 80 so I can access it externally. I have attempted to expose the port with EXPOSE in the docker file but it's still only listening on the internal docker network.

How can I expose a port externally without the use of port mapping?

-p 80 doesn't expose the port.

    fa2722445b36   myrepo.azurecr.io/nginx:latest   "/docker-entrypoint.…"   15 seconds ago      Up 14 seconds      0.0.0.0:54492->80/tcp   sweet_hertz

-P to expose all ports exposes port 80 but from a randomized ip inside the container.

    c2d192f1ea67   myrepo.azurecr.io/nginx:latest   "/docker-entrypoint.…"   3 seconds ago       Up 2 seconds       0.0.0.0:49157->80/tcp   mystifying_johnson

-p 80:80 works, but we can't do that in azure on aci

    fe34c30c9f8b   myrepo.azurecr.io/nginx:latest   "/docker-entrypoint.…"   7 seconds ago       Up 6 seconds       0.0.0.0:80->80/tcp   priceless_buck

I am creating this with terraform.

resource "azurerm_container_group" "nginx-cg" {
  location            = var.resource-location
  name                = "nginx-${random_integer.distinct-integer.result}"
  os_type             = "Linux"
  ip_address_type     = "Public"
  resource_group_name = azurerm_resource_group.resource-group.name

  exposed_port {
    port = 80
    protocol = "TCP"
  }

  exposed_port {
    port = 443
    protocol = "TCP"
  }

  image_registry_credential {
    password = data.azurerm_key_vault_secret.mysweetapp-container-registry-password.value
    server   = data.azurerm_key_vault_secret.mysweetapp-container-registry-url.value
    username = data.azurerm_key_vault_secret.mysweetapp-container-registry-username.value
  }
  container {
    cpu    = 3
    image  = "${data.azurerm_key_vault_secret.mysweetapp-container-registry-url.value}/nginx:${var.build-id}"
    memory = 12
    name   = "nginx"

    environment_variables = {
      DOCKER_REGISTRY_SERVER_URL : "https://${data.azurerm_key_vault_secret.mysweetapp-container-registry-url.value}"
      DOCKER_REGISTRY_SERVER_USERNAME : data.azurerm_key_vault_secret.mysweetapp-container-registry-username.value
      DOCKER_REGISTRY_SERVER_PASSWORD : data.azurerm_key_vault_secret.mysweetapp-container-registry-password.value
      PORT : "80"
    }

    ports {
      port     = 80
      protocol = "TCP"
    }

    ports {
      port     = 443
      protocol = "TCP"
    }

    volume {
      name                 = "nginx-conf-d"
      mount_path           = "/etc/nginx/conf.d"
      storage_account_name = azurerm_storage_account.container-storage.name
      storage_account_key  = azurerm_storage_account.container-storage.primary_access_key
      share_name           = azurerm_storage_share.nginx-conf-share.name
    }

  }

  lifecycle {
    ignore_changes = [container]
  }
}

My nginx config is also set to listen on port 80.

Is there another method I'm not seeing?

Thanks for reading.