[Bug]: Strapi "host is not allowed" error

[vlntsolo]

Error Message and Logs

Latest version of Strapi image doesn't work after deployment. Admin panel always returns host error:

Blocked request. This host ("cms.xxx.app") is not allowed.
To allow this host, add "cms.xxx.app" to `server.allowedHosts` in vite.config.js.

Steps to Reproduce

1. Deploy Strapi instance from Coolify marketplace template
2. Try accessing Strapi instance host / domain

Example Repository URL

No response

Coolify Version

v4.0.0-beta.400

Are you using Coolify Cloud?

No (self-hosted)

Operating System and Version (self-hosted)

Debian 6.1.128-1 (2025-02-07) x86_64

Additional Information

Error appears on both generic and custom domains. I was able to deploy Strapi before on the same Coolify instance.

[wuhhh]

Can confirm this is also an issue on Coolify Cloud, the same error

[ari-party]

The elestio/strapi-development image seems to be at fault here No idea where the source Dockerfile is, repository seems to be privated/deleted

[joachimageron]

Did someone find a solution?

[redtux]

Did someone find a solution?

I had the same issue yesterday (using Traefik as Coolify proxy) and found a lot of solutions online. In my case just copying the vite example worked fine, but I am hosting this inside a VPN, so that might not be a general solution for everyone.

In any case you can put the JS/TS code in a volume inside your compose config in case you prefer not to copy and edit stuff on the command line. Hope this helps!

NB: In case the above instructions were too abstract, I propose you share your config and the taken steps (and maybe some logs), then I can try to find the missing link.

[redtux]

@joachimageron, you can try this on your Coolify host:

cd /var/lib/docker/volumes/`docker volume ls --format '{{json .}}' | jq -r 'select(.Name | contains("strapi-config")) | .Name'`/_data/
mv -v admin/vite.config.example.js mv -v admin/vite.config.js

See here for the content of the admin/vite.config.js file.

As the admin folder seems to be deleted for security reasons after first setup, I cannot tell you the exact code I used anymore (just checked).

---

Note: If your Coolify instance is exposed to the internet, you might consider adding something like this to your compose YAML to protect the admin interface from public access.

    labels:
      - traefik.http.middlewares.authentik-auth@file

• Authentik Forward Authentication Middleware
• Basic Auth Middleware

---

Edit: This filter is even shorter… 😺

docker volume ls --filter name=strapi-config --format '{{.Name}}'

[amitshuklabag]

This issue can be fixed by following the steps mentioned here: https://forum.strapi.io/t/server-allowedhosts-in-vite-config-js/52759/3 to create the file vite.config.js

[amitshuklabag]

The elestio/strapi-development image seems to be at fault here No idea where the source Dockerfile is, repository seems to be privated/deleted

Our competitors have been referencing our repository to create their own infrastructure repositories. To protect our code base, we have decided to make it private. However, you can deploy the service with us and customize the code to suit your needs.

[redtux]

The elestio/strapi-development image seems to be at fault here No idea where the source Dockerfile is, repository seems to be privated/deleted

Our competitors have been referencing our repository to create their own infrastructure repositories. To protect our code base, we have decided to make it private. However, you can deploy the service with us and customize the code to suit your needs.

Thank you for the explanation! Of course, the creators of an image have the full right to do so (maybe risking some street credibility, but this is out of scope here).

In any case just a step should be noted somewhere, as it gives a bad customer experience to get a 404 on GitHub when trying to access the sources.

Apart from this I agree that private images should not be used in the preconfigured Coolify templates as this a) gives a bad impression and b) might be seen as being opposed to FLOSS principles by some Coolify users (including me).

[LucaNerlich]

Just do it yourselves and use nixpacks + env variables. The coolify strapi setup is not ideal and doesnt really make sense for strapi, in my opinion.

fyi strapi env vars need

HOST=0.0.0.0
HOSTNAME=0.0.0.0

for some reason

[lechnerio]

I had to edit the vite.config.js file

once you are connected via the terminal in the coolify project, you can run

cd src/admin
apt-get install nano
nano vite.config.js

and add the allowedHosts flag:

const { mergeConfig } = require('vite');

module.exports = (config) => {
  // Important: always return the modified config
  return mergeConfig(config, {
    resolve: {
      alias: {
        '@': '/src',
      },
    },
    server: {
      allowedHosts: true
    }
  });
};

after I restarted the container, just in case. But the backend took a solid minute to be accessable even after restarting.

[seromenho]

The root cause might be related to the default Docker image used for Strapi deployments (elestio/strapi:development). This image runs yarn develop, which starts Strapi in development mode. In this mode, the admin panel is served via Vite’s dev server, which enforces host restrictions and throws errors unless the domain is explicitly listed in server.allowedHosts inside vite.config.js.

This explains the “Blocked request. This host is not allowed” error users are seeing when accessing the generated Coolify domain (e.g. *.sslip.io).

A quick fix is to override the container’s command in the Compose file to use:

command: yarn start

…which runs Strapi in production mode, serving the pre-built admin panel without Vite — and avoids the host restriction issue entirely.

I’m not entirely sure why the current image uses entrypoint.sh && yarn develop. When I inspected the entrypoint.sh file, its only content was:

yarn add @strapi/provider-email-nodemailer

This seems unusual for an entry point, but there might be a reason.

Happy to help test or contribute further if needed!

EDIT: I understand now... It's because you might need to make some development actions, and to do so, you need to be in development mode.

[leon2811-be]

I change the image to "elestio/strapi-production" and it worked... only problem when I set a custom domain I always get "no available server". Did someone have the same issue?

[midnightdim]

The solution that worked for me (in TS setup) was this (based on the comment by @lechnerio above). Add src/admin/vite.config.ts with these contents:

import { defineConfig, mergeConfig } from 'vite';

export default (config) => {
  return mergeConfig(config, defineConfig({
    resolve: {
      alias: {
        '@': '/src',
      },
    },
    server: {
      allowedHosts: true
    }
  }));
};

Then rebuild if needed and restart Strapi. I'm using Strapi v5.12.4.

[JosephMSKL]

The elestio/strapi-development image seems to be at fault here No idea where the source Dockerfile is, repository seems to be privated/deleted

Our competitors have been referencing our repository to create their own infrastructure repositories. To protect our code base, we have decided to make it private. However, you can deploy the service with us and customize the code to suit your needs.

Due to this, it seems impossible to upgrade the node JS version to 20.x.x on minimum... (or 22.x.x as it's the latest LTS version). There are some plugins (strapi-cache) that demands Node 20 to run and that's a bummer !

[lesimoes]

I change the image to "elestio/strapi-production" and it worked... only problem when I set a custom domain I always get "no available server". Did someone have the same issue?

For those who using Coolify this works for me.

[GroophyLifefor]

I change the image to "elestio/strapi-production" and it worked... only problem when I set a custom domain I always get "no available server". Did someone have the same issue?

WHO READING THIS ISSUE, THIS IS THE ONLY ONE SOLUTION!!!!

[eborges-git]

All solutions described here were "ok", so I kept digging and finally found a solution.

• Coolify, New Resources, Search for Strapi in Services and continue
• Before deploying, you must edit you Docker-Compose and paste the one below

It'll mainly change the image from 'elestio/strapi-development:latest' to 'elestio/strapi-production:latest' and NODE_ENV=production (instead of development).

Configure your URL properly on the dashboard and Dockerfile, click Deploy and voilá. It works!

You can access /admin now without the "Blocked request. This host ("strapi.domain.com") is not allowed. To allow this host, add "strapi.domain.com" to server.allowedHosts in vite.config.js." error.

PS: I couldn't get the Healthy System check to work, keeps showing Degraded on mine, in case anyone knows a fix.

services:
  strapi:
    image: 'elestio/strapi-production:latest'
    environment:
      - NODE_ENV=production
      - URL=https://strapi.domain.com
      - DATABASE_CLIENT=postgres
      - DATABASE_HOST=postgresql
      - DATABASE_PORT=5432
      - 'DATABASE_NAME=${POSTGRESQL_DATABASE:-strapi}'
      - DATABASE_USERNAME=$SERVICE_USER_POSTGRESQL
      - DATABASE_PASSWORD=$SERVICE_PASSWORD_POSTGRESQL
      - JWT_SECRET=$SERVICE_BASE64_64_SECRET
      - ADMIN_JWT_SECRET=$SERVICE_BASE64_64_SECRET
      - APP_KEYS=$SERVICE_BASE64_64_KEY
      - 'STRAPI_TELEMETRY_DISABLED=${STRAPI_TELEMETRY_DISABLED:-true}'
    volumes:
      - 'strapi-config:/opt/app/config'
      - 'strapi-src:/opt/app/src'
      - 'strapi-uploads:/opt/app/public/uploads'
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:1337"]
      interval: 5s
      timeout: 5s
      retries: 10
      start_period: 30s
    depends_on:
      postgresql:
        condition: service_healthy

  postgresql:
    image: 'elestio/postgres:latest'
    environment:
      - 'POSTGRES_DB=${POSTGRESQL_DATABASE:-strapi}'
      - POSTGRES_USER=$SERVICE_USER_POSTGRESQL
      - POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRESQL
      - PGDATA=/var/lib/postgresql/data
    volumes:
      - 'strapi-postgresql-data:/var/lib/postgresql/data'
    healthcheck:
      test:
        - CMD-SHELL
        - 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'
      interval: 5s
      timeout: 20s
      retries: 10

[GautierT]

After switching to elestio/strapi-production:latest I can't create or edit schema : Strapi is in production mode, editing content types is disabled. Please switch to development mode by starting your server with strapi develop.

Any idea on how to make Strapi work in Coolify ? This template is not usable right now.

[Daimon-Law]

Can confirm that latest version of Coolify (self-hosted running through Cloudflare tunnels) installing Strapi through Coolify marketplace didn't work with multiple changes to .env file. Consistently threw up server and host errors and even changing the env file to set mode to "production" was seemingly overriden when Coolify deployed the app.

However, one small change to the compose file as mentioned by @seromenho did the trick:

command: yarn start

I added it right after the pull request at the very top of the compose file:

services: 
  strapi:
    image: 'elestio/strapi-development:latest'
    command: yarn start # <---- THIS IS THE NEW LINE
    environment:
      - SERVICE_URL_STRAPI_1337
      - DATABASE_CLIENT=postgres
      - ...
      - etc...