group "firecrawl-mcp" {
constraint {
attribute = "${attr.unique.hostname}"
operator = "regexp"
value = "SMTRL-P02|SMTRL-P03"
}
network {
mode = "bridge"
port "envoy-metrics" {}
}
service {
name = "firecrawl-mcp"
port = "3000"
tags = [
"traefik.http.routers.firecrawl-mcp.middlewares=https-headers@file",
]
meta {
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
}
connect {
sidecar_service {
proxy {
transparent_proxy {
exclude_outbound_ports = [53,8600]
exclude_outbound_cidrs = ["172.26.64.0/20","127.0.0.0/8"]
}
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9102
listener_port = "envoy-metrics"
}
}
}
}
}
#check {
# expose = true
# type = "http"
# path = "/health"
# interval = "5s"
# timeout = "1s"
#}
}
task "firecrawl-mcp" {
driver = "docker"
config {
image = "mcp/firecrawl:latest"
}
env {
FIRECRAWL_API_URL = "http://firecrawl-api.virtual.consul"
FIRECRAWL_API_KEY = "dummy"
FIRECRAWL_RETRY_MAX_ATTEMPTS = "3"
FIRECRAWL_RETRY_INITIAL_DELAY = "1000" # delay in ms before first retry
FIRECRAWL_RETRY_MAX_DELAY = "10000" # max delay in ms between retries
FIRECRAWL_RETRY_BACKOFF_FACTOR = "2"
FIRECRAWL_CREDIT_WARNING_THRESHOLD = "100000000" # high, so it doesn't trigger
FIRECRAWL_CREDIT_CRITICAL_THRESHOLD = "10000000"
SSE_LOCAL = "true"
HTTP_STREAMABLE_SERVER = "true"
CLOUD_SERVICE = "false"
PORT = "3000"
HOST = "0.0.0.0"
NODE_RESOLVE_IPV4 = "1"
BIND_ADDRESS = "0.0.0.0"
}
resources {
cpu = 128
memory = 512
}
}
}I only know this bc I ran into it in the past with npm projects, but firecrawl-mcp launches on the ipv6 interface by default, which means envoy can't proxy it.
So, you must set:
HOST = "0.0.0.0"
NODE_RESOLVE_IPV4 = "1"
BIND_ADDRESS = "0.0.0.0"
I only know this bc I ran into it in the past with npm projects, but firecrawl-mcp launches on the ipv6 interface by default, which means envoy can't proxy it.
So, you must set: