github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-13 13:10:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(cli): gateway status probe with TLS when bind=lan

Browse Source 
- Use wss:// scheme when TLS is enabled (specifically for bind=lan)
- Load TLS runtime to get certificate fingerprint
- Pass fingerprint to probeGatewayStatus for self-signed cert trust
This commit is contained in:
Liu Yuan
2026-02-23 14:00:26 +08:00
committed by Shakker
parent d6eefe2e75
commit 90d426f9ad
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/cli/daemon-cli/probe.ts
View File

@@ -6,6 +6,7 @@ export async function probeGatewayStatus(opts: {
url: string; url: string;
token?: string; token?: string;
password?: string; password?: string;
tlsFingerprint?: string;
timeoutMs: number; timeoutMs: number;
json?: boolean; json?: boolean;
configPath?: string; configPath?: string;
@@ -22,6 +23,7 @@ export async function probeGatewayStatus(opts: {
url: opts.url, url: opts.url,
token: opts.token, token: opts.token,
password: opts.password, password: opts.password,
tlsFingerprint: opts.tlsFingerprint,
method: "status", method: "status",
timeoutMs: opts.timeoutMs, timeoutMs: opts.timeoutMs,
clientName: GATEWAY_CLIENT_NAMES.CLI, clientName: GATEWAY_CLIENT_NAMES.CLI,

9
src/cli/daemon-cli/status.gather.ts
View File

@@ -19,6 +19,7 @@ import {
type PortUsageStatus, type PortUsageStatus,
} from "../../infra/ports.js"; } from "../../infra/ports.js";
import { pickPrimaryTailnetIPv4 } from "../../infra/tailnet.js"; import { pickPrimaryTailnetIPv4 } from "../../infra/tailnet.js";
import { loadGatewayTlsRuntime } from "../../infra/tls/gateway.js";
import { probeGatewayStatus } from "./probe.js"; import { probeGatewayStatus } from "./probe.js";
import { normalizeListenerAddress, parsePortFromArgs, pickProbeHostForBind } from "./shared.js"; import { normalizeListenerAddress, parsePortFromArgs, pickProbeHostForBind } from "./shared.js";
import type { GatewayRpcOpts } from "./types.js"; import type { GatewayRpcOpts } from "./types.js";
@@ -182,7 +183,8 @@ export async function gatherDaemonStatus(
const probeHost = pickProbeHostForBind(bindMode, tailnetIPv4, customBindHost); const probeHost = pickProbeHostForBind(bindMode, tailnetIPv4, customBindHost);
const probeUrlOverride = const probeUrlOverride =
typeof opts.rpc.url === "string" && opts.rpc.url.trim().length > 0 ? opts.rpc.url.trim() : null; typeof opts.rpc.url === "string" && opts.rpc.url.trim().length > 0 ? opts.rpc.url.trim() : null;
const probeUrl = probeUrlOverride ?? `ws://${probeHost}:${daemonPort}`; const scheme = daemonCfg.gateway?.tls?.enabled === true ? "wss" : "ws";
const probeUrl = probeUrlOverride ?? `${scheme}://${probeHost}:${daemonPort}`;
const probeNote = const probeNote =
!probeUrlOverride && bindMode === "lan" !probeUrlOverride && bindMode === "lan"
? `bind=lan listens on 0.0.0.0 (all interfaces); probing via ${probeHost}.` ? `bind=lan listens on 0.0.0.0 (all interfaces); probing via ${probeHost}.`
@@ -220,6 +222,10 @@ export async function gatherDaemonStatus(
const timeoutMsRaw = Number.parseInt(String(opts.rpc.timeout ?? "10000"), 10); const timeoutMsRaw = Number.parseInt(String(opts.rpc.timeout ?? "10000"), 10);
const timeoutMs = Number.isFinite(timeoutMsRaw) && timeoutMsRaw > 0 ? timeoutMsRaw : 10_000; const timeoutMs = Number.isFinite(timeoutMsRaw) && timeoutMsRaw > 0 ? timeoutMsRaw : 10_000;
// Load TLS config for secure WebSocket connections
const tlsEnabled = daemonCfg.gateway?.tls?.enabled === true;
const tlsRuntime = tlsEnabled ? await loadGatewayTlsRuntime(daemonCfg.gateway?.tls) : undefined;
const rpc = opts.probe const rpc = opts.probe
? await probeGatewayStatus({ ? await probeGatewayStatus({
url: probeUrl, url: probeUrl,
@@ -231,6 +237,7 @@ export async function gatherDaemonStatus(
opts.rpc.password || opts.rpc.password ||
mergedDaemonEnv.OPENCLAW_GATEWAY_PASSWORD || mergedDaemonEnv.OPENCLAW_GATEWAY_PASSWORD ||
daemonCfg.gateway?.auth?.password, daemonCfg.gateway?.auth?.password,
tlsFingerprint: tlsRuntime?.enabled ? tlsRuntime.fingerprintSha256 : undefined,
timeoutMs, timeoutMs,
json: opts.rpc.json, json: opts.rpc.json,
configPath: daemonConfigSummary.path, configPath: daemonConfigSummary.path,