[stork-users] Stork Agent STORK_AGENT_HOST inside Docker

Michael Salathe msalathe at clairglobal.com
Wed Jan 21 11:28:14 UTC 2026 

Hi Slawek

Thanks for your explanation. I can see how this makes sense in many deployments.

I would personally still prefer using another variable for the listen address as proposed in issue #1149. Because for me, it would be an easier solution than dealing with overlay networks between hosts or local DNS name resolution. Right now, we even use the same container names for all dhcp server stacks for templating reasons.

Thanks,
Michael

-----Original Message-----
From: Slawek Figiel <slawek at isc.org> 
Sent: Monday, 19 January 2026 16:21
To: Michael Salathe <msalathe at clairglobal.com>; Stork-users at lists.isc.org
Subject: Re: [stork-users] Stork Agent STORK_AGENT_HOST inside Docker

Hi Michael!

 > For registration and to generate the self-signed certificates, it needs to be set to the host IP address

It is not true. The STORK_AGENT_HOST must be set to the agent's hostname or IP address. This address must be accessible to the Stork server; it means the server must be able to connect to the agent on STORK_AGENT_HOST:STORK_AGENT_PORT.

If you run the Stork server in a Docker container, STORK_AGENT_HOST can be set to the service name (if Docker Compose is used), the container's hostname, or the container's IP address on the network shared between the agent and server.

See the "docker/docker-compose.yaml" file in the Stork repository for an example. We use this Docker compose file to run our public demo.

It is also possible to set up the agent (and Kea/BIND9) in containers and run the Stork server directly on the host. In this case, the STORK_AGENT_HOST variable should be set to the hostname assigned to the container, and you need to add a mapping from that hostname to localhost
(127.0.0.1) in the host's "/etc/hosts" file.

Don't hesitate to ask for more details if you encounter any further problems.

Best regards
Slawek Figiel

On 1/19/26 7:36 AM, Michael Salathe wrote:
> Hi
> 
> I’m running KEA and BIND9 on multiple hosts using docker.
> 
> When I was trying to add stork-agent to those, I run into a problem 
> with the STORK_AGENT_HOST variable:
> 
>   * For registration and to generate the self-signed certificates, it
>     needs to be set to the host IP address
>   * To start the agent webserver it needs to be set to the docker
>     container IP address(used with net.Listen() )
> 
> I couldn’t really find a solution for this, although I imagine other 
> people must run into this problem as well.
> 
> What I found is this post, suggesting to use custom certificates. 
> Which is described as “a bit hard to use.”
> https://lists.isc.org/mailman/htdig/stork-users/2025-April/000434.html
> <https://lists.isc.org/mailman/htdig/stork-users/2025-April/000434.htm
> l>
> 
> And I found this issue that was moved to the backlog in 2023:
> 
> https://gitlab.isc.org/isc-projects/stork/-/issues/1149 <https:// 
> gitlab.isc.org/isc-projects/stork/-/issues/1149>
> 
> What I ended up doing is replace the host part in this segment with 
> “0.0.0.0”. This allows it to listen on the container IP,
> 
> but uses the STORK_AGENT_HOST for everything else:
> 
> https://github.com/isc-projects/stork/
> blob/2ad80e27f71237b0930f36e977ad8f4af726934e/backend/agent/
> agent.go#L912 <https://github.com/isc-projects/stork/
> blob/2ad80e27f71237b0930f36e977ad8f4af726934e/backend/agent/agent.go#L
> 912>
> 
> I’m wondering if there is an easy solution for this that I am not seeing?
> 
> Thanks,
> 
> Michael
> 
>

More information about the Stork-users mailing list