How to configure internal-only applications in Porter

Last updated: February 10, 2026

When deploying applications that are not intended to be publicly accessible, you can still configure ports for internal communication within your Porter environment. This article explains how to set up ports for private applications.

Configuring ports for internal applications

Even if your application is not exposed to external traffic, you can still define container ports for internal use. Here's how:

  1. Navigate to the "Application services" section in your Porter configuration interface.

  2. Locate the service you want to configure (e.g., "web").

  3. In the "Container port" field, enter the desired port number (e.g., 3000).

  4. Ensure the "Expose to external traffic" checkbox is unchecked.

By following these steps, you define a port that can be used for internal communication between services within your Porter environment, without exposing it to the public internet.

Accessing internal applications securely

While internal ports are not accessible from the public internet, you may occasionally need to access your internal applications for debugging or administrative purposes. Here are your options:

Accessing internal applications locally:

If you need to access your internal application from your local machine, you can use the Tailscale integration:

  1. Enable the Tailscale integration in your Porter cluster

  2. Connect to your application through the Tailscale VPN network

Note: Direct CLI tunneling to web applications (similar to datastore tunneling) is not currently supported in Porter.

This approach maintains the security of your internal application while providing secure access when needed for development or administrative tasks.

Use cases for internal ports

Configuring internal ports can be useful for various scenarios, including:

  • Communication between microservices within your application

  • Connecting to databases or other internal resources

  • Setting up internal APIs or services

Remember, these ports will only be accessible within your Porter environment and not from the public internet, ensuring the privacy and security of your internal services.