fix(penpot): include MCP server port in PENPOT_MCP_URI#5213
Merged
Conversation
The frontend nginx proxies /mcp/stream and /mcp/sse to $PENPOT_MCP_URI (the path is appended in the image's template) and /mcp/ws to $PENPOT_MCP_URI_WS. The image's entrypoint defaults these to http://penpot-mcp:4401 and :4402 respectively. The compose template overrode PENPOT_MCP_URI to http://penpot-mcp with no port, so nginx proxied /mcp/stream and /mcp/sse to :80 -> 502 Bad Gateway. Websockets worked only because PENPOT_MCP_URI_WS was left unset and fell back to the image default. Set both URIs explicitly from the existing mcp_server_port/mcp_ws_port consts so the proxy targets are correct and self-documenting. Bump chart version 1.5.26 -> 1.5.27.
The exporter is a headless browser that navigates to $PENPOT_PUBLIC_URI/render.html (it reads its own cf/get :public-uri, see exporter/src/app/renderer/bitmap.cljs). It runs on the internal app network with no external DNS or access to the reverse proxy, so when PENPOT_PUBLIC_URI is a proxied/external hostname, PNG/PDF export fails at page.goto with net::ERR_NAME_NOT_RESOLVED (or an unreachable proxy). Point the exporter's PENPOT_PUBLIC_URI at the internal frontend (http://penpot-frontend:8080), which serves render.html and same-origin /api. Backend and frontend keep the user-facing public URI.
stavros-k
approved these changes
Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The linked template has changed since the pinned commit in the comment. I tested this by manually changing it locally.
Problem
With
enable-mcp, the Penpot MCP endpoints/mcp/streamand/mcp/ssereturn 502 Bad Gateway./mcp/wsworks.Root cause
The frontend image's nginx template proxies:
/mcp/stream→$PENPOT_MCP_URI/mcp/mcp/sse→$PENPOT_MCP_URI/sse/mcp/ws→$PENPOT_MCP_URI_WSand its
entrypoint.shdefaultsPENPOT_MCP_URI=http://penpot-mcp:4401/PENPOT_MCP_URI_WS=http://penpot-mcp:4402.The compose template set
PENPOT_MCP_URItohttp://penpot-mcp(no port), overriding the correct default, so nginx proxied stream/sse to :80 → 502. ws survived only becausePENPOT_MCP_URI_WSwas left unset and fell back to the image default.Fix
Set both URIs explicitly from the existing
mcp_server_port/mcp_ws_portconsts (4401 / 4402).Verification
Running the image's
envsubstwith the corrected env yields:/mcp/ws → http://penpot-mcp:4402/
/mcp/stream → http://penpot-mcp:4401/mcp
/mcp/sse → http://penpot-mcp:4401/sse
and the MCP
initializehandshake succeeds end-to-end.