Docs
βš™οΈ Configuration
librechat.yaml
Settings
MCP Settings

MCP Settings Object Structure

Overview

The mcpSettings configuration provides global settings for MCP (Model Context Protocol) server security and behavior. This configuration is separate from mcpServers and controls how MCP servers can connect to certain domains and IP addresses.

Example

MCP Settings Object Structure
# Example MCP Settings Configuration
mcpSettings:
  allowedDomains:
    - "example.com"           # Specific domain
    - "*.example.com"         # All subdomains using wildcard
    - "mcp-server"            # Local Docker domain
    - "172.24.1.165"          # Internal network IP

Configuration

Subkeys

KeyTypeDescriptionExample
allowedDomainsArray of StringsA list specifying allowed domains for MCP server connections.MCP servers with domains not listed will be restricted from connecting.

Security Context

By default, LibreChat restricts MCP servers from connecting to internal, local, or private network addresses to prevent potential security risks. This means that MCP servers using:

  • Internal IP addresses (e.g., 172.24.1.165, 192.168.1.100)
  • Local Docker domains (e.g., mcp-server, localhost)
  • Private network ranges (e.g., 10.0.0.0/8)

must be explicitly allowed in the allowedDomains configuration.

Pattern Formats

The allowedDomains array supports several pattern formats:

  1. Exact Domain Match

    allowedDomains:
  - "example.com"

    Only allows connections to exactly example.com

  2. Wildcard Subdomain Match

    allowedDomains:
  - "*.example.com"

    Allows connections to all subdomains of example.com (e.g., api.example.com, mcp.example.com)

  3. Specific IP Address

    allowedDomains:
  - "192.168.1.100"
  - "172.24.1.165"

    Allows connections to specific IP addresses

  4. Local Docker Domains

    allowedDomains:
  - "mcp-server"
  - "host.docker.internal"

    Allows connections to Docker container names or special Docker domains

Error Messages

If you see errors like:

  error: [MCPServersRegistry] Failed to inspect server "my-mcp": Domain "http://172.24.1.165:8000" is not allowed
  error: [MCP][my-mcp] Failed to initialize: Domain "http://172.24.1.165:8000" is not allowed

This likely indicates that the MCP server’s domain needs to be added to allowedDomains:

mcpSettings:
  allowedDomains:
    - "172.24.1.165"    # Add the IP address or domain

References

MCP ServersOCR