fix(podman): honor OPENCLAW_GATEWAY_BIND env-file override (#38785, thanks @majinyu666)

Co-authored-by: majinyu666 <majy14miles@gmail.com>
2026-03-12 07:20:45 +00:00 · 2026-03-07 21:08:15 +00:00
parent c0c2f82147
commit 168e4159ad
2 changed files with 6 additions and 3 deletions
--- a/scripts/run-openclaw-podman.sh
+++ b/scripts/run-openclaw-podman.sh
@@ -75,9 +75,6 @@ OPENCLAW_IMAGE="${OPENCLAW_PODMAN_IMAGE:-openclaw:local}"
 PODMAN_PULL="${OPENCLAW_PODMAN_PULL:-never}"
 HOST_GATEWAY_PORT="${OPENCLAW_PODMAN_GATEWAY_HOST_PORT:-${OPENCLAW_GATEWAY_PORT:-18789}}"
 HOST_BRIDGE_PORT="${OPENCLAW_PODMAN_BRIDGE_HOST_PORT:-${OPENCLAW_BRIDGE_PORT:-18790}}"
-# Keep Podman default local-only unless explicitly overridden.
-# Non-loopback binds require gateway.controlUi.allowedOrigins (security hardening).
-GATEWAY_BIND="${OPENCLAW_GATEWAY_BIND:-loopback}"

 # Safe cwd for podman (openclaw is nologin; avoid inherited cwd from sudo)
 cd "$EFFECTIVE_HOME" 2>/dev/null || cd /tmp 2>/dev/null || true
@@ -100,6 +97,11 @@ if [[ -f "$ENV_FILE" ]]; then
  set +a
 fi

+# Keep Podman default local-only unless explicitly overridden.
+# Non-loopback binds require gateway.controlUi.allowedOrigins (security hardening).
+# NOTE: must be evaluated after sourcing ENV_FILE so OPENCLAW_GATEWAY_BIND set in .env takes effect.
+GATEWAY_BIND="${OPENCLAW_GATEWAY_BIND:-loopback}"
+
 upsert_env_var() {
  local file="$1"
  local key="$2"