No worries, I’m happy to explain
5001 is the API port you can use to send commands to the daemon to control it. Internally, go-ipfs uses this for every command in the CLI, but if you’re not planning to control the node externally (for example, running a IPFS node on a server and connect to it from your local machine), it’s not necessary to expose it.
8080 is the HTTP gateway port. It allows you to get/add IPFS objects via HTTP and it’s meant to be exposed if you want to allow traditional applications (applications using HTTP really) access some IPFS objects. For example, we run a public IPFS-gateway at ipfs.io, so not just can you do ipfs cat QmT78zSuBmuS4z925WZfrqQ1qHaJ56DQaTfyMUF7F8ff5o
in a terminal, you can also navigate to https://ipfs.io/ipfs/QmT78zSuBmuS4z925WZfrqQ1qHaJ56DQaTfyMUF7F8ff5o
to get the same object
Exposing 4001 (swarm port) allows you to serve content via the IPFS network, and is all you need. If you need compatibility with HTTP, you should also expose the HTTP gateway. And finally, if you want need to run the daemon on a separate machine than where you use the CLI, you can expose the API port.
Hope that clears it up!