“Opening a port” means configuring firewall rules to allow traffic on a specific TCP/UDP port (e.g. 80 for HTTP, 443 for HTTPS, 22 for SSH) to reach the server.
Safe exposure involves: allowing only required ports, restricting source IP/range if possible, avoiding exposing admin ports publicly, and optionally combining with firewall-hardened SSH or VPN access. This ensures only legitimate requests reach the service.