Skip to main content
Expose ports from your Ona environment to share running services with teammates, test webhooks, or preview work without deploying.

How it works

When you open a port, Ona creates a URL with automatic TLS termination. All shared URLs use HTTPS. You can configure whether Ona connects to your service via HTTP (default) or HTTPS.
DeploymentAccess
Ona CloudInternal network - anyone with the URL can access
Enterprise RunnersThrough your runner’s Network Load Balancer, controlled by your network configuration

Prerequisites

Services must:
  • Listen on 0.0.0.0 (not localhost or 127.0.0.1)
  • Use the host network stack if running inside a container
app.listen(3000, '0.0.0.0', () => {
  console.log('Server running on port 3000');
});

Host network stack

By default, the Dev Container network is isolated from the VM. For port sharing to work, services must be accessible on the host network. There are several scenarios to consider:

Dev Container network mode

To make your Dev Container itself use the host network stack, configure your devcontainer.json: Single container setup: 
{
  "name": "My Project",
  "image": "mcr.microsoft.com/devcontainers/javascript-node:20",
  "runArgs": ["--network=host"]
}
Multi-container setup (Docker Compose): See Multi-container development for complete setup. The key requirement is network_mode: host on all services: 
# docker-compose.yml
services:
  app:
    build: .
    network_mode: host
    command: sleep infinity

  db:
    image: postgres:16
    network_mode: host
    environment:
      POSTGRES_PASSWORD: postgres

Containers inside Dev Container (Docker-in-Docker)

When running containers inside your Dev Container using Docker-in-Docker, those containers must also share the host network namespace. Otherwise, ports are only accessible within Docker’s bridge network and Ona cannot forward them. Docker run: 
# ✗ Won't work - port only accessible on Docker bridge network
docker run -d -p 8080:8080 myapp

# ✓ Works - port accessible to Ona for forwarding
docker run -d --network host myapp
Docker Compose inside Dev Container: 
services:
  database:
    image: postgres:16
    network_mode: host
    environment:
      POSTGRES_PASSWORD: postgres

  redis:
    image: redis:7
    network_mode: host
Without network_mode: host or --network host, services use Docker’s bridge network. Ports mapped with -p or ports: are only accessible within that bridge network, not from your Dev Container or Ona’s port forwarding.

Ona Tasks and Services

When using Tasks and Services with runsOn.docker, the host network is used automatically - no additional configuration needed.

Open ports

UI

In the environment sidebar, find “Public Ports” and click “Open Port”. Enter the port number, optional name, and protocol.

CLI

gitpod environment port list
gitpod environment port open 3000 --name my-app
gitpod environment port open 3000 --protocol https
gitpod environment port close 3000
Open ports are accessible to anyone who can reach the URL. On Ona Cloud, this means anyone on the internal network. For Enterprise Runners, access depends on your network configuration.

Limitations

  • Ports 1024–65535 can be exposed. System ports (1–1023) are not supported.
  • Not available on local environments
  • Subject to fair use policies and bandwidth limits
  • Organization administrators can disable port sharing via organization policies. VS Code Browser and agents are exempt from this restriction.
Network flags like --network=host in build.options are stripped during Dev Container builds. Host network mode is only applied at runtime when the container starts.