diff --git a/docker-compose.yml b/docker-compose.yml
index ad37114..9993915 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,6 +12,12 @@ services:
     environment:
       - NOTIFY_BRIDGE_SECRET_KEY=${NOTIFY_BRIDGE_SECRET_KEY:?Set NOTIFY_BRIDGE_SECRET_KEY (min 32 chars)}
       - NOTIFY_BRIDGE_CORS_ALLOWED_ORIGINS=${NOTIFY_BRIDGE_CORS_ALLOWED_ORIGINS:-*}
+      # Allow outbound requests to RFC1918 / link-local addresses. Homelab
+      # deployments target LAN services (Immich, Gitea, ...) and the SSRF
+      # guard otherwise rejects 10.*/172.16.*/192.168.* / 169.254.* hosts.
+      # Set to 0 on internet-exposed deployments where outbound targets must
+      # be public.
+      - NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS=${NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS:-1}
     healthcheck:
       test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8420/api/health')"]
       interval: 30s