[Bug]: Applications deployed on a local server are inaccessible until ports are manually added

[ohmyboroda]

Error Message and Logs

Hi everyone,

My setup:

• Coolify running on a Hetzner server, managing other servers
• A local (home) server on a Raspberry Pi
• Connection is established via Cloudflared Tunnel, with all certificates properly configured. Everything works correctly locally and outside follows the guides from Airoflare Docs without deviations.

Issue:

When deploying applications on the local server, none of them work until I manually add the ports to Compose File (e.g., 9000:9000). Until this step is completed, the services remain inaccessible both locally and externally.

Is this expected behavior, or is there a way to configure automatic port mapping "out of the box"?

Steps to Reproduce

Example Repository URL

No response

Coolify Version

v4.0.0-beta.390

Are you using Coolify Cloud?

Yes (Coolify Cloud)

Operating System and Version (self-hosted)

Debian GNU/Linux 12 (bookworm)

Additional Information

No response

[djsisson]

@ohmyboroda if you are using a tunnel, what are you using for your tunnel entries, assuming you are using the 2 main entries of apex + wildcard, they both only need to point to localhost:80

or if you are doing each domain individually you would still need localhost:80 assuming you havent switched off your proxy

[ohmyboroda]

@ohmyboroda if you are using a tunnel, what are you using for your tunnel entries, assuming you are using the 2 main entries of apex + wildcard, they both only need to point to localhost:80

or if you are doing each domain individually you would still need localhost:80 assuming you havent switched off your proxy

Hi @djsisson
I have a setup where each service on my local server is assigned a separate domain. The configuration follows the details outlined in this guide, and my setup is identical.

However, Cloudflare is responsible for making the service accessible externally. It shouldn't affect the ability to access a locally running Docker container, correct?

For example, when checking docker ps, the container is running, but it is not accessible locally via its own local address (e.g., http://localhost:9000).

[djsisson]

@ohmyboroda you will have to give me an example of what youre entering

localhost is just the vps youre on, using that wont work unless you map your containers ports to the host, which is the initial problem you are having

you need to tell cloudflare to use your proxy on localhost:80 and let it forward to your containers

[ohmyboroda]

@djsisson it's seems like we might be talking about different things, but let’s clarify.

you will have to give me an example of what you're entering

Could you specify exactly what you need me to show?

My thoughts:

• Not all resources support assigning port 80 to a container.
• While this is a requirement for wildcard setups (Coolify Docs), my setup is different. I use a one domain > one resource approach, which does not require explicitly specifying localhost:80 at the Cloudflare level.
• Regardless, this should not matter because when setting up TLS, the port must be changed to 443:
  Configure the tunnel to use HTTPS and set the port to 443 instead of 80.
  (Coolify Docs)

Let me know what additional details you need. Thanks!

[ohmyboroda]

I still don’t understand how Cloudflare is relevant to this issue.

Let’s assume I don’t want the container to be accessible externally at all—I only want it to run locally, for example, at 127.0.0.1:4000.

How does Cloudflare and the localhost:80 configuration come into play in this case? Shouldn't the local docker function independently of Cloudflare settings?

[djsisson]

@ohmyboroda when you go to that subdomain what error do you get

ps. you can still use a wildcard to localhost:443 rather than naming every subdomain if it's easier

you have to tell cloudflare where to send the incoming traffic, so you send it to your proxy which is running on 80/443
the proxy then looks at the incoming sudbomain, and routes it to the correct container to the port that you have added in your fqdn for that project

so to confirm, does your fqdn match what you entered in cf i.e https://litellm.domain.com:4000

by your initial post, you made it sound like you couldn't access your applications via a subdomain, but only by ip:port
so is this not the case?

[ohmyboroda]

I mentioned earlier that any application deployed on my local server (in this case, a Raspberry Pi) via Coolify does not work locally—this is the key issue. As a result, it is also inaccessible externally until I manually specify the port mappings in Compose File.

Let’s take a different approach and put Cloudflare aside for now.

Right now, I performed a clean installation of changedetection, and I want it to be accessible only on the local machine where it is running, without external access.

The installation completed successfully, but the service remains inaccessible.

Why is this happening? Shouldn’t a locally deployed application be accessible by default on the same machine via http://127.0.0.1:5000/ or localhost:5000?

[djsisson]

@ohmyboroda no, this just means its running on 0.0.0.0 inside that container

so you would need to use the containerip:5000

[ohmyboroda]

Got it, that works—thanks for the clarification! I wasn’t aware of this detail.

So, in this case, the container is accessible only on the local machine. If I want to access it within the local network, I need to manually map the ports, making it available at an address like http://192.168.88.71:3001/.

If I want to expose the container to local network or externally, does that mean I always need to manually define the ports in the container file? Or is there an alternative way to automate this process?

[djsisson]

@ohmyboroda you can use sslip.io with your local ip address and proxy

so give your project a domain like http://somesubdommain.192.168.88.71.sslip.io:5000

where 5000 is the internal port, and the ip is your servers local network ip

then you can jsut browse using the new domain you have made, assuming your proxy is switched on

you can only use http doing this method unless you self generate your certificates

for external, you would use your externalip address or a dns domain that you own, the routing is all handled by the proxy

in the above example you would then browse to http://somesubdommain.192.168.88.71.sslip.io and would get your site, (this is for internal use only ofc)

[djsisson]

to change the domain, click the little yellow button/arrow next to the domain name on your project page

save and redeploy/restart

[ohmyboroda]

Yes, this works!
So, if I add a public address separated by a comma and configure Cloudflare accordingly, everything should work?

For example:
http://changedetection.192.168.88.71.sslip.io/,https://my.domain.com ?

[ohmyboroda]

Issue solved, closing.