feat: allow configuring GATEWAY_LISTEN and host exposure#351
Draft
anisaoshafi wants to merge 1 commit into
Draft
feat: allow configuring GATEWAY_LISTEN and host exposure#351anisaoshafi wants to merge 1 commit into
anisaoshafi wants to merge 1 commit into
Conversation
GATEWAY_LISTEN was hardcoded to ":4566,:443" and all host port bindings were pinned to 127.0.0.1, so the emulator could not be exposed beyond loopback (needed for sandboxes on EC2/Lambda MicroVM hosts). It is now read from the container's resolved env (set via an [env.*] profile). Mirroring the v1 CLI, the host part of the first entry sets the host IP that published ports bind to, so e.g. "0.0.0.0:4566,0.0.0.0:443" exposes the emulator externally. A loopback host is blanked in the container env value so the gateway still listens on all interfaces inside the container. Extra gateway ports (e.g. :8443) are published on the host; the service range (4510-4559) binds to the same host IP. Generated with [Linear](https://linear.app/localstack/issue/DEVX-945/allow-configuring-gateway-listen-in-lstk#agent-session-54ee7a51) Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GATEWAY_LISTENwas hardcoded to:4566,:443and all host port bindings were pinned to127.0.0.1, so the emulator couldn't be reached from outside the host. This is needed for sandboxes running on EC2/Lambda MicroVM hosts (and becomes more relevant with 443/8443 routing, AWS-1041).GATEWAY_LISTENis now read from the container's resolved env — set it via an[env.*]profile referenced by the container'senvfield:Mirroring the v1 CLI (
localstack), the host part of the first entry sets the host IP that all published ports bind to (gateway ports + the 4510-4559 service range), so the example above exposes the emulator beyond loopback. A127.0.0.1host is blanked in the value passed into the container so the gateway still listens on all interfaces inside it. Any extra gateway port listed (e.g.:8443) is also published on the host. When unset, behavior is unchanged (:4566,:443bound to loopback).Parsing/derivation lives in
internal/container/gateway.go; the bind host is threaded through asruntime.ContainerConfig.BindHostand applied ininternal/runtime/docker.go.Covered by unit tests for the parser and an integration test asserting the configured value reaches the container and that ports bind to the requested host IP (including a published
:8443).