diff --git a/CHANGES b/CHANGES
index 72aa98fde..4029d05e3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2597,3 +2597,5 @@
 * Update addons to use Ubuntu jammy
 * cloudflare: add config for default value of proxied
 * eventlog: keep 3 months
+* services: give static IPs to internal databases
+
diff --git a/src/apptask.js b/src/apptask.js
index 44cbabaf1..55f59e3ee 100644
--- a/src/apptask.js
+++ b/src/apptask.js
@@ -72,9 +72,9 @@ async function allocateContainerIp(app) {
     if (app.manifest.id === constants.PROXY_APP_APPSTORE_ID) return;
 
     await promiseRetry({ times: 10, interval: 0, debug }, async function () {
-        const iprange = iputils.intFromIp('172.18.20.255') - iputils.intFromIp('172.18.16.1');
+        const iprange = iputils.intFromIp(constants.APPS_IPv4_END) - iputils.intFromIp(constants.APPS_IPv4_START);
         let rnd = Math.floor(Math.random() * iprange);
-        const containerIp = iputils.ipFromInt(iputils.intFromIp('172.18.16.1') + rnd);
+        const containerIp = iputils.ipFromInt(iputils.intFromIp(constants.APPS_IPv4_START) + rnd);
         await updateApp(app, { containerIp });
     });
 }
diff --git a/src/constants.js b/src/constants.js
index 6cde69abb..3748498be 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -31,6 +31,17 @@ exports = module.exports = {
     DOCKER_PROXY_PORT: 3003,
     USER_DIRECTORY_LDAPS_PORT: 3004, // user directory LDAP with TLS rerouting in iptables, public port is 636
 
+    // docker IPs
+    DOCKER_IPv4_SUBNET: '172.18.0.0/16',
+    DOCKER_IPv4_RANGE: '172.18.0.0/20',
+    DOCKER_IPv4_GATEWAY: '172.18.0.1',
+    APPS_IPv4_START: '172.18.16.1',
+    APPS_IPv4_END: '172.18.20.255',
+    // these are hardcoded to allow connections from outside. this is not in "172.18.0.xx" since docker starts allocating from there
+    MYSQL_SERVICE_IPv4: '172.18.30.1',
+    POSTGRESQL_SERVICE_IPv4: '172.18.30.2',
+    MONGODB_SERVICE_IPv4: '172.18.30.3',
+
     NGINX_DEFAULT_CONFIG_FILE_NAME: 'default.conf',
 
     DEFAULT_TOKEN_EXPIRATION_MSECS: 365 * 24 * 60 * 60 * 1000, // 1 year
diff --git a/src/infra_version.js b/src/infra_version.js
index be2955284..7d4ff7ee5 100644
--- a/src/infra_version.js
+++ b/src/infra_version.js
@@ -6,7 +6,7 @@
 
 exports = module.exports = {
     // a version change recreates all containers with latest docker config
-    'version': '49.4.0',
+    'version': '49.5.0',
 
     'baseImages': [
         { repo: 'cloudron/base', tag: 'cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df' }
diff --git a/src/platform.js b/src/platform.js
index e45577b13..021a5ed47 100644
--- a/src/platform.js
+++ b/src/platform.js
@@ -11,6 +11,7 @@ const apps = require('./apps.js'),
     assert = require('assert'),
     AuditSource = require('./auditsource.js'),
     BoxError = require('./boxerror.js'),
+    constants = require('./constants.js'),
     debug = require('debug')('box:platform'),
     delay = require('./delay.js'),
     fs = require('fs'),
@@ -128,7 +129,7 @@ async function createDockerNetwork() {
 
     await shell.promises.exec('createDockerNetwork', 'docker network rm cloudron || true');
     // the --ipv6 option will work even in ipv6 is disabled. fd00 is IPv6 ULA
-    await shell.promises.exec('createDockerNetwork', 'docker network create --subnet=172.18.0.0/16 --ip-range=172.18.0.0/20 --gateway 172.18.0.1 --ipv6 --subnet=fd00:c107:d509::/64 cloudron');
+    await shell.promises.exec('createDockerNetwork', `docker network create --subnet=${constants.DOCKER_IPv4_SUBNET} --ip-range=${constants.DOCKER_IPv4_RANGE} --gateway ${constants.DOCKER_IPv4_GATEWAY} --ipv6 --subnet=fd00:c107:d509::/64 cloudron`);
 }
 
 async function removeAllContainers() {
diff --git a/src/services.js b/src/services.js
index 0ff72277c..ce69bd092 100644
--- a/src/services.js
+++ b/src/services.js
@@ -1134,6 +1134,7 @@ async function startMysql(existingInfra) {
                 --log-opt tag=mysql \
                 --dns 172.18.0.1 \
                 --dns-search=. \
+                --ip ${constants.MYSQL_SERVICE_IPv4} \
                 -e CLOUDRON_MYSQL_TOKEN=${cloudronToken} \
                 -e CLOUDRON_MYSQL_ROOT_HOST=172.18.0.1 \
                 -e CLOUDRON_MYSQL_ROOT_PASSWORD=${rootPassword} \
@@ -1351,6 +1352,7 @@ async function startPostgresql(existingInfra) {
                 --log-opt tag=postgresql \
                 --dns 172.18.0.1 \
                 --dns-search=. \
+                --ip ${constants.POSTGRESQL_SERVICE_IPv4} \
                 --shm-size=128M \
                 -e CLOUDRON_POSTGRESQL_ROOT_PASSWORD="${rootPassword}" \
                 -e CLOUDRON_POSTGRESQL_TOKEN="${cloudronToken}" \
@@ -1494,6 +1496,7 @@ async function startMongodb(existingInfra) {
                 --log-opt tag=mongodb \
                 --dns 172.18.0.1 \
                 --dns-search=. \
+                --ip ${constants.MONGODB_SERVICE_IPv4} \
                 -e CLOUDRON_MONGODB_ROOT_PASSWORD="${rootPassword}" \
                 -e CLOUDRON_MONGODB_TOKEN="${cloudronToken}" \
                 -v "${dataDir}/mongodb:/var/lib/mongodb" \