[Bug]: attachOnly + localhost CDP fails when port is in use by proxy #20595
Description
Summary
When using Nginx reverse proxy to forward localhost CDP port, OpenClaw checks if the port is in use and fails with an error, even when attachOnly: true is configured.
Steps to reproduce
- Configure Nginx reverse proxy to forward local port 9222 to Cloudflare Tunnel
- Set in OpenClaw config:
{ "browser": { "profiles": { "remote": { "cdpUrl": "http://localhost:9222", "attachOnly": true } } } } - Start OpenClaw gateway
Expected behavior
OpenClaw should directly attempt to connect to http://localhost:9222 without checking port availability.
Actual behavior
OpenClaw fails with error:
Error: Port 9222 is already in use.
This happens because chrome.ts calls ensurePortAvailable() for localhost ports.
OpenClaw version
2026.2.15
Operating system
Debian13
Install method
npm global
Logs, screenshots, and evidence
Impact and severity
- Affected: Users who want to use Nginx + Cloudflare Access authentication header to protect CDP connection
- Severity: High (blocks remote browser feature)
- Frequency: 100%
- Consequence: Cannot use Nginx proxy, must use IP whitelist instead
Additional information
Root cause: OpenClaw uses cdpIsLoopback to determine if the browser is local. If cdpUrl contains localhost or 127.0.0.1, it's treated as a local browser, and OpenClaw will try to launch Chrome and check port availability.
Workaround: Use a domain name instead of localhost (requires Cloudflare Access IP whitelist)
Suggested fix:
- Option A: When
attachOnly: trueis configured, skip port availability check - Option B: Add new config option
skipPortCheck: true