- MCP:
http://<your-server-ip>:8001/mcp - Open WebUI:
http://<your-server-ip>:3001
Server listens on 0.0.0.0; ensure firewall allows ports 8001 and 3001.
# From remote machine (replace <your-server-ip>)
nc -zv <your-server-ip> 8001
curl -v http://<your-server-ip>:8001/mcp # 406 is expected without proper MCP headersThe server is session-based. Clients must:
- POST
initializeto the MCP URL and readMcp-Session-Idfrom response headers. - POST
notifications/initializedwith headerMcp-Session-Id: <value>. - Send all later requests (e.g.
tools/list,tools/call) with the sameMcp-Session-Idheader.
A plain GET to /mcp returns 400 or 406; use the POST flow above.
Point your MCP client (Cursor, Claude Desktop, etc.) at http://<your-server-ip>:8001/mcp with transport http. Open WebUI: open http://<your-server-ip>:3001 in a browser.
- Connection refused / timeout — Check firewall and that the server is running (
docker compose ps). On the server:netstat -tlnp | grep 8001. - "Missing session ID" — Use the initialize → initialized → subsequent requests flow with
Mcp-Session-Id. - 406 Not Acceptable — Client must send
Accept: application/json, text/event-stream(or includetext/event-stream).
Example snippet for terminating SSL and proxying to localhost:
server {
listen 443 ssl;
server_name <your-server-hostname>;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location /mcp {
proxy_pass http://localhost:8001/mcp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location / {
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}For production, add authentication and restrict access (e.g. VPN, IP allowlist).