Mapping Container Ports


In Maestro, your services run inside containers. For a service to be available to anything outside its own container, including public internet access, we need a bridge between the container’s internal port and an “outside” port.

This guide explains how to set up and modify this port mapping in Maestro.

This is not limited to HTTP or web traffic. The same concepts apply if your container serves non-HTTP traffic (like web sockets, DB containers or custom TCP / UDP traffic).

Port mapping is a small (but important) part of a core system that underpins container management - service networking. If you need an introduction to the concept of Service Networking, you can find one here.


In this document, "outside" is used for any client of your service that's not inside the container. This includes your other services on different nodes.

What you’ll need

Before you start, please check you have the following:


This tutorial uses the simple visit counter application we've supplied on Github as a working example.

Mapping ports

When we set up our demo-app service we configured our ports so that our internal port 5000 was mapped to the public port 80.

Now imagine that your app has evolved to offer secure web (SSL / TLS) access as well as standard web access. TLS traffic typically flows over port 443, so we need to add this to the port mapping for our application.

There are two ways to do this:

You can also read our guide to using service.yml for more help.

Editing via the UI

To edit your ports using the standard Maestro user interface:

  1. Open the Application Overview from your Dashboard
  2. Click on the Services tab
  3. Click on the Edit service icon next to the service you wish to configure. This will open a panel on the left-hand side of your screen.
  4. Edit the ports as needed and then click Save Service

Mapping container ports in Maestro

Testing your changes

You can test whether this has been properly applied by looking at that the Network column of the Services panel.

If you've followed the steps above correctly, the Network column will list both port 80 and port 443.

In order for these new settings to apply to your service, you will need to redeploy your application. To do this, click the Build / Deploy button on the Application Overview.


If you actually need HTTPS traffic to be available to the outside world (not just as a demo) you will also need to set up SSL certificates for your application.

Editing config files directly

Maestro uses a YAML file called service.yml to define each service inside your application(s). You can edit the content of this file directly using the Dashboard in two ways:

  1. Via the Services UI, using the left-hand panel we described above - but click the YAML tab instead of Network & Storage
  2. Via the Configuration Files interface

Note that with method 1 you are only editing the section of service.yml specific to your context. So in this case you would be editing the ports section of your service.yml. To edit the file as a whole, you’ll need to use method 2.

What’s next