@Uberto Barbini one way to work around this would be to start two servers and bind one of them to 127.0.0.1 and put all lf the private endpoints there

in my case the reason is to be able to monitor/query the state of appserver, so having the endpoint on another is kind of pointless. 🙂 Anyway no big deal, I put some credentials check and it's ok.