bug(podman): OPENCLAW_GATEWAY_BIND in .env ignored — gateway always starts with --bind loopback

[majinyu666]

Bug Description

When using the Podman launcher (scripts/run-openclaw-podman.sh), setting OPENCLAW_GATEWAY_BIND in the .env file has no effect. The gateway always starts with --bind loopback regardless of the value in .env.

Root Cause

In scripts/run-openclaw-podman.sh, GATEWAY_BIND is evaluated before the .env file is sourced:

# Line 80 — evaluated first
GATEWAY_BIND="${OPENCLAW_GATEWAY_BIND:-loopback}"

# ...

# Line 96 — .env sourced too late
if [[ -f "$ENV_FILE" ]]; then
  set -a
  source "$ENV_FILE" 2>/dev/null || true
  set +a
fi

By the time .env is sourced and OPENCLAW_GATEWAY_BIND=lan is set, GATEWAY_BIND has already been assigned loopback.

Impact

Users who run the onboarding wizard and choose a non-loopback bind (e.g. lan) get OPENCLAW_GATEWAY_BIND=lan written to their .env. But the gateway still starts with --bind loopback, making the dashboard unreachable from any non-loopback address — including WSL, LAN clients, or remote browsers.

The workaround is to prefix every launch command with the env var explicitly:

OPENCLAW_GATEWAY_BIND=lan ./scripts/run-openclaw-podman.sh launch

which is non-obvious and undocumented.

Steps to Reproduce

1. Run ./scripts/run-openclaw-podman.sh launch setup and choose lan bind
2. Confirm ~/.openclaw/.env contains OPENCLAW_GATEWAY_BIND=lan
3. Run ./scripts/run-openclaw-podman.sh launch
4. Check the running process: ps aux | grep gateway

Expected

node dist/index.js gateway --bind lan --port 18789

Actual

node dist/index.js gateway --bind loopback --port 18789

Environment

• OS: Linux (WSL2 on Windows 10)
• Runtime: rootless Podman

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[Junwen-xie]

i do have this problem，waitting for solve it

[steipete]

Closing this as implemented after Codex review.

Current main already fixes the Podman bind handling: scripts/run-openclaw-podman.sh loads the Podman .env before resolving GATEWAY_BIND, prefers OPENCLAW_GATEWAY_BIND, and then passes the resolved value into node dist/index.js gateway --bind .... The same fixed script is present in release v2026.4.23, so the reported behavior is no longer current.

What I checked:

• Podman env file is loaded before bind resolution: The launcher computes CONFIG_DIR/ENV_FILE, then calls load_podman_env_file "$ENV_FILE" before any GATEWAY_BIND assignment. (scripts/run-openclaw-podman.sh:228, 80b6da72f5f0)
• OPENCLAW_GATEWAY_BIND is an allowed imported env key: load_podman_env_file explicitly whitelists OPENCLAW_GATEWAY_BIND, so the value from ~/.openclaw/.env is imported into the shell environment. (scripts/run-openclaw-podman.sh:170, 80b6da72f5f0)
• Bind resolution now prefers env/config instead of hardcoded loopback: GATEWAY_BIND is derived from OPENCLAW_GATEWAY_BIND, then gateway.bind, then defaults to lan. (scripts/run-openclaw-podman.sh:269, 80b6da72f5f0)
• Resolved bind is passed to gateway startup: The final podman run command starts the gateway with node dist/index.js gateway --bind "$GATEWAY_BIND" --port 18789. (scripts/run-openclaw-podman.sh:553, 80b6da72f5f0)
• Released tag already contains the fixed script: Release tag v2026.4.23 points at a9797214338ba31c52c796adbb75afb16e0684a9, and that tagged tree contains the same fixed .env-before-bind logic in scripts/run-openclaw-podman.sh. (scripts/run-openclaw-podman.sh:228, a9797214338b)
• Issue discussion already pointed at the same fix area: The issue timeline cross-references PRs #38785 and #38862, both describing the same .env-before-GATEWAY_BIND fix shape that matches current code.

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against 80b6da72f5f0; fix evidence: release v2026.4.23, commit a9797214338b.