Skip to content

[BUG] Crawl4AI is not reachable from other containers in the same Docker network #84

Description

@peterek0000

After upgrading to Crawl4AI 0.9.x, the service is no longer reachable from other containers unless CRAWL4AI_API_TOKEN is configured.

Current behavior:

entrypoint: no CRAWL4AI_API_TOKEN set; binding loopback only (127.0.0.1:11235)

As a result:

docker exec hermes curl http://crawl4ai:11235/health

fails, even though both containers are running in the same Docker network.

For homelab and internal Docker deployments, this is unexpectedly restrictive, since the service is already isolated inside a private container network and not exposed to the internet.

Proposed fix

Allow an explicit opt-out for trusted internal environments.

Example:

CRAWL4AI_ALLOW_INSECURE_BIND=true

or

CRAWL4AI_BIND_HOST=0.0.0.0

which would allow:

http://crawl4ai:11235

to be accessed by other containers on the same Docker network without requiring API tokens.

Secure-by-default behavior should remain unchanged:

No token -> bind to 127.0.0.1

but advanced users should have an explicit way to allow internal container-to-container communication without adding authentication to every client.

Workaround

Currently the only supported solution appears to be:

CRAWL4AI_API_TOKEN=<token>

which allows non-loopback binding and access from other containers, but introduces unnecessary complexity for local-only deployments.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions