diff --git a/.env.sample b/.env.sample
index 58a0ff5f..8e42a850 100644
--- a/.env.sample
+++ b/.env.sample
@@ -5,6 +5,12 @@ SECRET_KEY=secret_key  # generate a secret key with `openssl rand -base64 32`
 LOG_LEVEL=info
 LOG_QUERY=false
 BEHIND_PROXY=false
+LISTEN_PORT=3000 # if BEHIND_PROXY=true used as port for the server
+# Setting ALLOW_PRIVATE_ADDRESS to true disables SSRF (Server-Side Request Forgery) protection
+# Set to true to test in local network
+# Will be replaced by list of allowed IPs once https://github.com/dahlia/fedify/issues/157
+# is implemented.
+ALLOW_PRIVATE_ADDRESS=false
 REMOTE_ACTOR_FETCH_POSTS=10
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
diff --git a/src/federation/index.ts b/src/federation/index.ts
index 8a790955..885ce15e 100644
--- a/src/federation/index.ts
+++ b/src/federation/index.ts
@@ -109,6 +109,7 @@ if (getRedisUrl() == null) {
 export const federation = createFederation<void>({
   kv,
   queue,
+  allowPrivateAddress: process.env.ALLOW_PRIVATE_ADDRESS === "true",
 });
 
 federation
diff --git a/src/index.tsx b/src/index.tsx
index 4c05a5cd..0f65b5e0 100644
--- a/src/index.tsx
+++ b/src/index.tsx
@@ -20,5 +20,8 @@ app.get("/nodeinfo/2.0", (c) => c.redirect("/nodeinfo/2.1"));
 
 // biome-ignore lint/complexity/useLiteralKeys: tsc complains about this (TS4111)
 const BEHIND_PROXY = process.env["BEHIND_PROXY"] === "true";
+const HOLLO_PORT = Number.parseInt(process.env.LISTEN_PORT ?? "3000", 10);
 
-export default BEHIND_PROXY ? { fetch: behindProxy(app.fetch.bind(app)) } : app;
+export default BEHIND_PROXY 
+  ? { fetch: behindProxy(app.fetch.bind(app)), port: HOLLO_PORT } 
+  : app;