Configure ports | Network | Northflank Application docs

Network /

Configure ports

You can expose as many ports per deployment, public and private, as you require, and link each public port with a subdomain.

You can add ports required by your application manually, or Northflank can automatically detect ports exposed by your Dockerfile.

Ports can be added while creating your deployment, or afterwards from the ports & DNS page on deployment and combined services. Updating ports on your deployments will not require a restart.

ProtocolUsesCan be made public?
HTTP(S)/1.1Common web servers, websocketsYes
HTTP(S)/2Modern web servers, gRPC , websocketsYes
TCPCommon applicationsNo
UDPReal-time communication, media and game servers, VoIP, DNSNo

You can use any port from 1 to 65535 (ports for web servers are often 80, 443, 3000, 8000, and 8080).

Configuring ports for a deployment service in the Northflank application

Public ports

Public ports allow your application to receive and send traffic from clients on the internet. Only HTTP and HTTP/2 ports can be publicly exposed.

Public ports are automatically assigned a Northflank domain name, secured with an automatically-generated TLS certificate. They take the format:


Public ports can be also linked to your own subdomain.

Your application can be configured to listen on any port for HTTP/S traffic. Northflank will expose your HTTP ports publicly on ports 80 and 443 and route traffic to your configured port. HTTP (port 80) traffic will be automatically redirected to HTTPS (port 443).

For example:

Application portPort configuration on NorthflankPorts exposed by Northflank
8080, HTTP, publicly exposed80, 443
30003000, HTTP, publicly exposed80, 443

Private ports

You can create a private port for any protocol supported on Northflank.

Applications in your project will be able to access the private ports simply by referring to the service name and port in the following format:


Internal traffic in your project is managed with round-robin load-balancing between replicas.

You can forward private ports using the Northflank CLI, API, or JavaScript client.

Detect ports

When you create a new deployment Northflank will scan the image manifest and attempt to identify and add the ports exposed by the image. You can also detect ports from the ports & DNS page on a service. You should always verify that the ports are correct for your deployment.

You can expose ports in your Dockerfile in the following ways:

# HTTP port (public by default)
# TCP port (private)
EXPOSE 2121/tcp
# UDP port (private)
EXPOSE 7171/udp