Expose Non-HTTP Ports

By default, Appliku exposes only HTTP (port 80) and HTTPS (port 443) through Nginx. If your application needs to accept connections on other ports -- for example, MQTT brokers, game servers, database replicas, or custom TCP protocols -- you need to configure direct port mapping.

Understanding the Default Setup

Appliku's standard architecture routes all traffic through Nginx:

Client -> Nginx (80/443) -> Docker Container (application port)

For non-HTTP protocols, you need traffic to reach your container directly:

Client -> Docker Container (custom port)

Approach: Docker Port Mapping

Step 1: Configure Your Application

Make sure your application listens on the port you want to expose. For example, an MQTT broker might listen on port 1883:

# Example: A simple TCP server listening on port 1883
import socket

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind(("0.0.0.0", 1883))
server.listen(5)

Step 2: Set Up Port Mapping

To expose a port directly, you need to configure the Docker container to map the internal port to a port on the host machine. This is done through a docker-compose.override.yml file on the server.

SSH into your server and create or edit the override file in your application's directory:

ssh app@<your-server-ip>
cd /home/app/<your-app-directory>

Create a docker-compose.override.yml:

version: "3.8"
services:
  web:
    ports:
      - "1883:1883"

note

Replace web with the name of the service/process that needs the port exposed. Replace 1883 with the port your application uses.

Step 3: Configure Firewall Rules

By default, the server firewall (UFW) blocks incoming connections on non-standard ports. You need to open the port:

sudo ufw allow 1883/tcp
sudo ufw reload

For UDP services (e.g., game servers, DNS):

sudo ufw allow 1883/udp
sudo ufw reload

Step 4: Restart the Application

After configuring port mapping and firewall rules, restart the application:

cd /home/app/<your-app-directory>
docker compose up -d

Security Considerations

Exposing non-HTTP ports directly bypasses Nginx and its security features:

No SSL termination: You must implement TLS within your application if encryption is needed
No rate limiting: Nginx's built-in protections do not apply
Direct exposure: The port is open to the entire internet unless you add firewall restrictions

tip

If only specific IP addresses need access to the exposed port, restrict access with UFW:

sudo ufw allow from 203.0.113.0/24 to any port 1883 proto tcp

This allows access only from the specified IP range.

Common Use Cases

Service	Typical Port	Protocol
MQTT Broker	1883 / 8883 (TLS)	TCP
Game Server	Varies	TCP/UDP
Redis (external access)	6379	TCP
PostgreSQL (replica)	5432	TCP
Custom API (non-HTTP)	Varies	TCP

Understanding the Default Setup​

Approach: Docker Port Mapping​

Step 1: Configure Your Application​

Step 2: Set Up Port Mapping​

Step 3: Configure Firewall Rules​

Step 4: Restart the Application​

Security Considerations​

Common Use Cases​

Related​