Overview
Canton implements the Ledger API. This is exposed on what you refer to as the “ledger port” (the good ol’ 6865). On top of that, Canton also exposes a few extra services to manage a participant which are not covered by the Ledger API (e.g. the Ledger API doesn’t allow to disable a user but Canton does), which are grouped together and exposed as the Canton Participant Admin API.
Separately, a domain allows to create some sort of “subnet” that allows several participants to collaborate (the next level up being domains acting as routers to connect these subnets into a virtual shared ledger, which is currently in alpha). The domain node exposes a set of services which together allow participant to interoperate. The protocol used by participants to interact with each other via the domain is the Canton protocol and this communication uses what you refer to as the “public port”. The domain also exposes services that allow to perform administrative tasks, which are separate and exposed on the “domain admin port”.
To your points
Its “public port”.
Administrative services specific to the two types of nodes. You can read more about the specific services exposed here on the docs.
Do these pointers help?
The bulk of the reference documentation for the configuration is currently in Scaladoc format. Here is the page that contains a brief description of domains and remote-domains (specifically for the open-source version, the enterprise version might have a few additions)