diff --git a/gateway/dstack-app/builder/entrypoint.sh b/gateway/dstack-app/builder/entrypoint.sh
index 9cd46755..117f97fb 100755
--- a/gateway/dstack-app/builder/entrypoint.sh
+++ b/gateway/dstack-app/builder/entrypoint.sh
@@ -136,7 +136,11 @@ cert_chain = "$CERTBOT_WORKDIR/live/cert.pem"
 cert_key = "$CERTBOT_WORKDIR/live/key.pem"
 base_domain = "$SRV_DOMAIN"
 listen_addr = "0.0.0.0"
-listen_port = 443
+$(if [ "${SERVING_NUM_PORTS:-1}" -gt 1 ]; then
+    echo "listen_port = \"443-$((443 + SERVING_NUM_PORTS - 1))\""
+else
+    echo "listen_port = 443"
+fi)
 connect_top_n = 3
 localhost_enabled = false
 
diff --git a/gateway/dstack-app/deploy-to-vmm.sh b/gateway/dstack-app/deploy-to-vmm.sh
index a44bc66e..43e541e1 100755
--- a/gateway/dstack-app/deploy-to-vmm.sh
+++ b/gateway/dstack-app/deploy-to-vmm.sh
@@ -80,7 +80,8 @@ GATEWAY_IMAGE=dstacktee/dstack-gateway@sha256:a7b7e3144371b053ba21d6ac18141afd49
 # Port configurations
 GATEWAY_RPC_ADDR=0.0.0.0:9202
 GATEWAY_ADMIN_RPC_ADDR=127.0.0.1:9203
-GATEWAY_SERVING_ADDR=0.0.0.0:9204
+GATEWAY_SERVING_PORT=9204
+GATEWAY_SERVING_NUM_PORTS=1
 GUEST_AGENT_ADDR=127.0.0.1:9206
 WG_ADDR=0.0.0.0:9202
 
@@ -146,6 +147,7 @@ APP_LAUNCH_TOKEN=$APP_LAUNCH_TOKEN
 RPC_DOMAIN=$RPC_DOMAIN
 CERTBOT_MAX_DNS_WAIT=$CERTBOT_MAX_DNS_WAIT
 CERTBOT_DNS_TXT_TTL=$CERTBOT_DNS_TXT_TTL
+SERVING_NUM_PORTS=$GATEWAY_SERVING_NUM_PORTS
 EOF
 
 if [ -n "$APP_COMPOSE_FILE" ]; then
@@ -206,7 +208,7 @@ echo "SUBNET_INDEX: $SUBNET_INDEX"
 echo "WG_ADDR: $WG_ADDR"
 echo "GATEWAY_RPC_ADDR: $GATEWAY_RPC_ADDR"
 echo "GATEWAY_ADMIN_RPC_ADDR: $GATEWAY_ADMIN_RPC_ADDR"
-echo "GATEWAY_SERVING_ADDR: $GATEWAY_SERVING_ADDR"
+echo "GATEWAY_SERVING_PORT: $GATEWAY_SERVING_PORT (x$GATEWAY_SERVING_NUM_PORTS)"
 echo "GUEST_AGENT_ADDR: $GUEST_AGENT_ADDR"
 echo "RPC_DOMAIN: $RPC_DOMAIN"
 if [ -t 0 ]; then
@@ -238,10 +240,16 @@ else
   DEPLOY_ARGS+=(
     --port "tcp:$GATEWAY_RPC_ADDR:8000"
     --port "tcp:$GATEWAY_ADMIN_RPC_ADDR:8001"
-    --port "tcp:$GATEWAY_SERVING_ADDR:443"
     --port "tcp:$GUEST_AGENT_ADDR:8090"
     --port "udp:$WG_ADDR:51820"
   )
+  # Map serving port range: host ports starting at GATEWAY_SERVING_PORT
+  # to container ports starting at 443
+  SERVING_END=$((GATEWAY_SERVING_PORT + GATEWAY_SERVING_NUM_PORTS - 1))
+  for hp in $(seq "$GATEWAY_SERVING_PORT" "$SERVING_END"); do
+    cp=$((443 + hp - GATEWAY_SERVING_PORT))
+    DEPLOY_ARGS+=(--port "tcp:0.0.0.0:${hp}:${cp}")
+  done
 fi
 
 $CLI deploy "${DEPLOY_ARGS[@]}"
diff --git a/gateway/dstack-app/docker-compose.yaml b/gateway/dstack-app/docker-compose.yaml
index 6fdc1d8b..c476b3c2 100644
--- a/gateway/dstack-app/docker-compose.yaml
+++ b/gateway/dstack-app/docker-compose.yaml
@@ -22,6 +22,7 @@ services:
       - RUST_LOG=info,certbot=debug
       - PCCS_URL=${PCCS_URL}
       - RPC_DOMAIN=${RPC_DOMAIN}
+      - SERVING_NUM_PORTS=${SERVING_NUM_PORTS:-1}
     restart: always
 
 volumes: