let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

fix: tighten gateway bind auth diagnostics

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-08 07:42:50 +01:00
parent debfce5a77
commit 5565dcd447
8 changed files with 196 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/gateway/configuration.md
View File

@@ -1555,6 +1555,8 @@ Notes:
- `clawdbot gateway` refuses to start unless `gateway.mode` is set to `local` (or you pass the override flag).
- `gateway.port` controls the single multiplexed port used for WebSocket + HTTP (control UI, hooks, A2UI).
- Precedence: `--port` > `CLAWDBOT_GATEWAY_PORT` > `gateway.port` > default `18789`.
- Non-loopback binds (`lan`/`tailnet`/`auto`) require auth. Use `gateway.auth.token` (or `CLAWDBOT_GATEWAY_TOKEN`).
- `gateway.remote.token` is **only** for remote CLI calls; it does not enable local gateway auth. `gateway.token` is ignored.
Auth and Tailscale:
- `gateway.auth.mode` sets the handshake requirements (`token` or `password`).

12
docs/gateway/troubleshooting.md
View File

@@ -29,6 +29,18 @@ Doctor/daemon will show runtime state (PID/last exit) and log hints.
- Linux systemd (if installed): `journalctl --user -u clawdbot-gateway.service -n 200 --no-pager`
- Windows: `schtasks /Query /TN "Clawdbot Gateway" /V /FO LIST`
### Service Running but Port Not Listening
If the service reports **running** but nothing is listening on the gateway port,
the Gateway likely refused to bind.
**Check:**
- `gateway.mode` must be `local` for `clawdbot gateway` and the daemon.
- Non-loopback binds (`lan`/`tailnet`/`auto`) require auth:
`gateway.auth.token` (or `CLAWDBOT_GATEWAY_TOKEN`).
- `gateway.remote.token` is for remote CLI calls only; it does **not** enable local auth.
- `gateway.token` is ignored; use `gateway.auth.token`.
### Address Already in Use (Port 18789)
This means something is already listening on the gateway port.

4
docs/platforms/exe-dev.md
View File

@@ -129,6 +129,10 @@ For daemon runs, persist it in `~/.clawdbot/clawdbot.json`:
}
```
Notes:
- Non-loopback binds require `gateway.auth.token` (or `CLAWDBOT_GATEWAY_TOKEN`).
- `gateway.remote.token` is only for remote CLI calls; it does not enable local auth.
Then point exe.devs proxy at `8080` (or whatever port you chose) and open your VMs HTTPS URL:
```bash