After upgrading to Crawl4AI 0.9.x, the service is no longer reachable from other containers unless CRAWL4AI_API_TOKEN is configured.
Current behavior:
entrypoint: no CRAWL4AI_API_TOKEN set; binding loopback only (127.0.0.1:11235)
As a result:
docker exec hermes curl http://crawl4ai:11235/health
fails, even though both containers are running in the same Docker network.
For homelab and internal Docker deployments, this is unexpectedly restrictive, since the service is already isolated inside a private container network and not exposed to the internet.
Proposed fix
Allow an explicit opt-out for trusted internal environments.
Example:
CRAWL4AI_ALLOW_INSECURE_BIND=true
or
CRAWL4AI_BIND_HOST=0.0.0.0
which would allow:
to be accessed by other containers on the same Docker network without requiring API tokens.
Secure-by-default behavior should remain unchanged:
No token -> bind to 127.0.0.1
but advanced users should have an explicit way to allow internal container-to-container communication without adding authentication to every client.
Workaround
Currently the only supported solution appears to be:
CRAWL4AI_API_TOKEN=<token>
which allows non-loopback binding and access from other containers, but introduces unnecessary complexity for local-only deployments.
After upgrading to Crawl4AI 0.9.x, the service is no longer reachable from other containers unless
CRAWL4AI_API_TOKENis configured.Current behavior:
As a result:
docker exec hermes curl http://crawl4ai:11235/healthfails, even though both containers are running in the same Docker network.
For homelab and internal Docker deployments, this is unexpectedly restrictive, since the service is already isolated inside a private container network and not exposed to the internet.
Proposed fix
Allow an explicit opt-out for trusted internal environments.
Example:
or
which would allow:
to be accessed by other containers on the same Docker network without requiring API tokens.
Secure-by-default behavior should remain unchanged:
but advanced users should have an explicit way to allow internal container-to-container communication without adding authentication to every client.
Workaround
Currently the only supported solution appears to be:
which allows non-loopback binding and access from other containers, but introduces unnecessary complexity for local-only deployments.