Severity: High
Category: Docker Config / Networking
Platform: All
Confidence: Confirmed (all 29 files inspected)
Description
PR Light-Heart-Labs#964 (merged 2026-04-15) mandated the pattern ${BIND_ADDRESS:-127.0.0.1}:<host>:<container> for all user-facing port bindings. The default is secure loopback; --lan / dashboard / .env opts into 0.0.0.0. Core services (open-webui, dashboard, litellm, qdrant, searxng, etc.) were updated. All 29 community extensions in resources/dev/extensions-library/services/ still hardcode 127.0.0.1: and were not migrated. In LAN mode, every community extension is silently unreachable from other devices on the network — no error is produced; the ports simply don't appear on the external interface.
Affected File(s)
All community extension compose files:
resources/dev/extensions-library/services/anythingllm/compose.yaml:68.../audiocraft/compose.yaml:107.../bark/compose.yaml:141.../baserow/compose.yaml:212.../chromadb/compose.yaml:240.../continue/compose.yaml:295.../crewai/compose.yaml:360.../flowise/compose.yaml:405.../forge/compose.yaml:443.../frigate/compose.yaml:476-479 (4 ports).../gitea/compose.yaml:538-539 (2 ports).../immich/compose.yaml:567.../invokeai/compose.yaml:664.../jupyter/compose.yaml:692.../label-studio/compose.yaml:745.../langflow/compose.yaml:782.../librechat/compose.yaml:862.../localai/compose.yaml:953.../milvus/compose.yaml:986.../ollama/compose.yaml:1024.../open-interpreter/compose.yaml:1070.../paperless-ngx/compose.yaml:1115.../piper-audio/compose.yaml:1202.../privacy-shield/compose.yaml:1263.../rvc/compose.yaml:1291.../sillytavern/compose.yaml:1336.../text-generation-webui/compose.yaml:1369-1370 (2 ports).../weaviate/compose.yaml:1422-1423 (2 ports).../xtts/compose.yaml:1451
Root Cause
PR Light-Heart-Labs#964 established the project convention but was scoped to core services; the 29 community extensions in the extensions-library were not updated in the same pass. BIND_ADDRESS is registered in .env.schema.json and is set by --lan, dream --lan, and the dashboard network mode. Community extension ports do not consume it.
Evidence
Example — anythingllm:
# resources/dev/extensions-library/services/anythingllm/compose.yaml:68
ports:
- "127.0.0.1:${ANYTHINGLLM_PORT:-7800}:3001"Required form (matches core services post-Light-Heart-Labs#964):
ports:
- "${BIND_ADDRESS:-127.0.0.1}:${ANYTHINGLLM_PORT:-7800}:3001"Platform Analysis
- macOS / Linux / Windows-WSL2: All equally affected.
BIND_ADDRESS=0.0.0.0 is set via --lan on macOS installer, dream --lan on Linux CLI, and Windows PowerShell installer. All three platforms see the same symptom: core services reachable on LAN, community extensions loopback-only.
Reproduction
- Set
BIND_ADDRESS=0.0.0.0 in .env (or run dream --lan / install with --lan).
- Install any community extension (e.g. anythingllm).
- From another device on the same LAN, attempt to connect to
http://<server-ip>:7800.
- Observed: Connection refused. The port is not bound on any external interface.
- Expected: Core services (open-webui at :3000, dashboard at :8080, etc.) reachable from LAN; community extensions should be too.
Impact
Multi-device DreamServer users (NAS server + laptop/phone clients) cannot use any community extension over the LAN. Single-device users unaffected. No error is surfaced anywhere — the UI shows extension as "running" and "enabled". The gap is only visible via ss/netstat/connection attempts from another device.
Suggested Approach
Mechanical find-and-replace across all 29 files: "127.0.0.1:${ → "${BIND_ADDRESS:-127.0.0.1}:${. BIND_ADDRESS is already in .env.schema.json; no installer changes needed. Single PR covering all 29 files is appropriate — consistent scope, no logic change, matches the PR Light-Heart-Labs#964 pattern.
Labels
bug, docker-config, networking, lan, community-extensions, all-platforms
Severity: High
Category: Docker Config / Networking
Platform: All
Confidence: Confirmed (all 29 files inspected)
Description
PR Light-Heart-Labs#964 (merged 2026-04-15) mandated the pattern
${BIND_ADDRESS:-127.0.0.1}:<host>:<container>for all user-facing port bindings. The default is secure loopback;--lan/ dashboard /.envopts into0.0.0.0. Core services (open-webui, dashboard, litellm, qdrant, searxng, etc.) were updated. All 29 community extensions inresources/dev/extensions-library/services/still hardcode127.0.0.1:and were not migrated. In LAN mode, every community extension is silently unreachable from other devices on the network — no error is produced; the ports simply don't appear on the external interface.Affected File(s)
All community extension compose files:
resources/dev/extensions-library/services/anythingllm/compose.yaml:68.../audiocraft/compose.yaml:107.../bark/compose.yaml:141.../baserow/compose.yaml:212.../chromadb/compose.yaml:240.../continue/compose.yaml:295.../crewai/compose.yaml:360.../flowise/compose.yaml:405.../forge/compose.yaml:443.../frigate/compose.yaml:476-479(4 ports).../gitea/compose.yaml:538-539(2 ports).../immich/compose.yaml:567.../invokeai/compose.yaml:664.../jupyter/compose.yaml:692.../label-studio/compose.yaml:745.../langflow/compose.yaml:782.../librechat/compose.yaml:862.../localai/compose.yaml:953.../milvus/compose.yaml:986.../ollama/compose.yaml:1024.../open-interpreter/compose.yaml:1070.../paperless-ngx/compose.yaml:1115.../piper-audio/compose.yaml:1202.../privacy-shield/compose.yaml:1263.../rvc/compose.yaml:1291.../sillytavern/compose.yaml:1336.../text-generation-webui/compose.yaml:1369-1370(2 ports).../weaviate/compose.yaml:1422-1423(2 ports).../xtts/compose.yaml:1451Root Cause
PR Light-Heart-Labs#964 established the project convention but was scoped to core services; the 29 community extensions in the extensions-library were not updated in the same pass.
BIND_ADDRESSis registered in.env.schema.jsonand is set by--lan,dream --lan, and the dashboard network mode. Community extension ports do not consume it.Evidence
Example — anythingllm:
Required form (matches core services post-Light-Heart-Labs#964):
Platform Analysis
BIND_ADDRESS=0.0.0.0is set via--lanon macOS installer,dream --lanon Linux CLI, and Windows PowerShell installer. All three platforms see the same symptom: core services reachable on LAN, community extensions loopback-only.Reproduction
BIND_ADDRESS=0.0.0.0in.env(or rundream --lan/ install with--lan).http://<server-ip>:7800.Impact
Multi-device DreamServer users (NAS server + laptop/phone clients) cannot use any community extension over the LAN. Single-device users unaffected. No error is surfaced anywhere — the UI shows extension as "running" and "enabled". The gap is only visible via
ss/netstat/connection attempts from another device.Suggested Approach
Mechanical find-and-replace across all 29 files:
"127.0.0.1:${→"${BIND_ADDRESS:-127.0.0.1}:${.BIND_ADDRESSis already in.env.schema.json; no installer changes needed. Single PR covering all 29 files is appropriate — consistent scope, no logic change, matches the PR Light-Heart-Labs#964 pattern.Labels
bug,docker-config,networking,lan,community-extensions,all-platforms