Why do ports need to be specified twice separated by a colon?

The first port is host's port and the second is the remote port (i.e: in the container). That expression bounds the remote port to the local port.

In the example you map container's 8080 port to host's 8080 port, but it's perfectly normal to use different ports (e.g: 48080:8080)

If the 'host' port and the ':' of the publish port is omitted, eg. 'docker run -d -p 3000 myimage'. Docker will auto assign a (high number) host port for you. You can check to see it by running 'docker ps'.