feat(daemon): add OPENCLI_DAEMON_HOST and OPENCLI_DAEMON_BIND envs#1425
Open
qinglu008 wants to merge 2 commits into
Open
feat(daemon): add OPENCLI_DAEMON_HOST and OPENCLI_DAEMON_BIND envs#1425qinglu008 wants to merge 2 commits into
qinglu008 wants to merge 2 commits into
Conversation
Both default to 127.0.0.1, so existing deployments are unaffected. OPENCLI_DAEMON_HOST tells the CLI which host to dial when reaching the daemon. The previous hardcoded 127.0.0.1 made it impossible to call a daemon running on the host from inside a container; setting this to host.docker.internal (or any reachable address) now works. OPENCLI_DAEMON_BIND tells the daemon which interface to bind to. Defaults to loopback so the daemon stays unreachable from the network unless the operator explicitly opts in. Documented with a security note because the daemon has no built-in auth.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
OPENCLI_DAEMON_HOSTso the CLI can reach a daemon that is not on127.0.0.1(e.g. when calling out from a container to a daemon on the host)OPENCLI_DAEMON_BINDso the daemon can listen on an interface other than loopback when the operator explicitly opts inREADME.mdandREADME.zh-CN.md, with a security note onOPENCLI_DAEMON_BIND(the daemon has no built-in auth)Why
The daemon URL was a hardcoded
http://127.0.0.1:${OPENCLI_DAEMON_PORT}and the listener was hardcoded to127.0.0.1. This makes it impossible to use OpenCLI from a container that wants to drive Chrome on the host: even whenhost.docker.internal:19825is reachable, the CLI still dials127.0.0.1inside the container and fails.Both new env vars default to
127.0.0.1, so all existing deployments are byte-for-byte unchanged.Verification
npx tsc --noEmit— cleannpx vitest run --project unit src/browser/daemon-client.test.ts— 13/13 pass, including the two new casesOPENCLI_DAEMON_BIND=0.0.0.0on the host andOPENCLI_DAEMON_HOST=host.docker.internalinside an OrbStack container,opencli twitter trendingreturns data from the host's logged-in Chrome sessionundiciwebidl.util.markAsUncloneableerrors); confirmed identical failures onmainbefore any change, so they are pre-existing and unrelated to this PR