diff --git a/roles/service/defaults/main.yaml b/roles/service/defaults/main.yaml
index 6570613..d10065c 100644
--- a/roles/service/defaults/main.yaml
+++ b/roles/service/defaults/main.yaml
@@ -2,6 +2,7 @@
 service_container_command: []
 
 service_domains: []
+service_container_http_port: 0
 service_vhost_locations: []
 service_proxy_pass_host_header: true
 
diff --git a/roles/service/meta/argument_specs.yaml b/roles/service/meta/argument_specs.yaml
index 474a478..17372cc 100644
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -27,6 +27,7 @@ argument_specs:
           - Required if service_domains is not empty.
         type: int
         required: false
+        default: 0
       service_proxy_pass_host_header:
         description: Passed to vhost role as vhost_proxy_pass_header
         type: bool
diff --git a/roles/service/tasks/main.yaml b/roles/service/tasks/main.yaml
index 945abba..61b270b 100644
--- a/roles/service/tasks/main.yaml
+++ b/roles/service/tasks/main.yaml
@@ -40,6 +40,10 @@
     container_wants: "{{ _service_container_wants }}"
     container_auto_update: "{{ service_auto_update }}"
 
+- name: Socat for {{ service_name }}
+  ansible.builtin.include_tasks: socat.yaml
+  when: service_container_http_port > 0
+
 - name: Reverse proxy for {{ service_name }}
   ansible.builtin.include_tasks: proxy.yaml
   when: service_domains | length > 0
diff --git a/roles/service/tasks/proxy.yaml b/roles/service/tasks/proxy.yaml
index ac75e36..b61e7c6 100644
--- a/roles/service/tasks/proxy.yaml
+++ b/roles/service/tasks/proxy.yaml
@@ -1,29 +1,4 @@
 ---
-- name: Socat socket for {{ service_name }}
-  ansible.builtin.template:
-    src: socat.socket.j2
-    dest: /etc/systemd/system/{{ service_name }}-socat.socket
-    mode: "0644"
-  notify: Restart socat socket for {{ service_name }}
-
-- name: Socat container for {{ service_name }}
-  ansible.builtin.import_role:
-    name: container
-  vars:
-    container_name: "{{ service_name }}-socat"
-    container_image: "docker.io/alpine/socat:latest"
-    container_command:
-      - "ACCEPT-FD:3,fork"
-      - "TCP:{{ service_name }}:{{ service_container_http_port }}"
-    container_user: nobody
-    container_networks:
-      - "{{ service_name }}"
-    container_requires:
-      - "{{ service_name }}-socat.socket"
-      - "{{ service_name }}.service"
-    container_auto_start: false
-    container_auto_update: "{{ service_auto_update }}"
-
 - name: Reverse proxy for {{ service_name }}
   ansible.builtin.import_role:
     name: uumas.general.vhost
diff --git a/roles/service/tasks/socat.yaml b/roles/service/tasks/socat.yaml
new file mode 100644
index 0000000..c35c09a
--- /dev/null
+++ b/roles/service/tasks/socat.yaml
@@ -0,0 +1,26 @@
+---
+- name: Socat socket for {{ service_name }}
+  ansible.builtin.template:
+    src: socat.socket.j2
+    dest: /etc/systemd/system/{{ service_name }}-socat.socket
+    mode: "0644"
+  notify: Restart socat socket for {{ service_name }}
+
+- name: Socat container for {{ service_name }}
+  ansible.builtin.import_role:
+    name: container
+  vars:
+    container_name: "{{ service_name }}-socat"
+    container_image: "docker.io/alpine/socat:latest"
+    container_command:
+      - "ACCEPT-FD:3,fork"
+      - "TCP:{{ service_name }}:{{ service_container_http_port }}"
+    container_user: nobody
+    container_networks:
+      - "{{ service_name }}"
+    container_requires:
+      - "{{ service_name }}-socat.socket"
+      - "{{ service_name }}.service"
+    container_auto_start: false
+    container_auto_update: "{{ service_auto_update }}"
+