Skip to content

feat: allow configuring GATEWAY_LISTEN and host exposure#351

Draft
anisaoshafi wants to merge 1 commit into
mainfrom
devx-945-allow-configuring-gateway_listen-in-lstk-e2ba
Draft

feat: allow configuring GATEWAY_LISTEN and host exposure#351
anisaoshafi wants to merge 1 commit into
mainfrom
devx-945-allow-configuring-gateway_listen-in-lstk-e2ba

Conversation

@anisaoshafi

Copy link
Copy Markdown
Collaborator

GATEWAY_LISTEN was hardcoded to :4566,:443 and all host port bindings were pinned to 127.0.0.1, so the emulator couldn't be reached from outside the host. This is needed for sandboxes running on EC2/Lambda MicroVM hosts (and becomes more relevant with 443/8443 routing, AWS-1041).

GATEWAY_LISTEN is now read from the container's resolved env — set it via an [env.*] profile referenced by the container's env field:

[[containers]]
type = "aws"
env = ["expose"]

[env.expose]
GATEWAY_LISTEN = "0.0.0.0:4566,0.0.0.0:443"

Mirroring the v1 CLI (localstack), the host part of the first entry sets the host IP that all published ports bind to (gateway ports + the 4510-4559 service range), so the example above exposes the emulator beyond loopback. A 127.0.0.1 host is blanked in the value passed into the container so the gateway still listens on all interfaces inside it. Any extra gateway port listed (e.g. :8443) is also published on the host. When unset, behavior is unchanged (:4566,:443 bound to loopback).

Parsing/derivation lives in internal/container/gateway.go; the bind host is threaded through as runtime.ContainerConfig.BindHost and applied in internal/runtime/docker.go.

Covered by unit tests for the parser and an integration test asserting the configured value reaches the container and that ports bind to the requested host IP (including a published :8443).

GATEWAY_LISTEN was hardcoded to ":4566,:443" and all host port bindings
were pinned to 127.0.0.1, so the emulator could not be exposed beyond
loopback (needed for sandboxes on EC2/Lambda MicroVM hosts).

It is now read from the container's resolved env (set via an [env.*]
profile). Mirroring the v1 CLI, the host part of the first entry sets the
host IP that published ports bind to, so e.g.
"0.0.0.0:4566,0.0.0.0:443" exposes the emulator externally. A loopback
host is blanked in the container env value so the gateway still listens
on all interfaces inside the container. Extra gateway ports (e.g. :8443)
are published on the host; the service range (4510-4559) binds to the
same host IP.

Generated with [Linear](https://linear.app/localstack/issue/DEVX-945/allow-configuring-gateway-listen-in-lstk#agent-session-54ee7a51)

Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
@anisaoshafi anisaoshafi added semver: patch docs: skip Pull request does not require documentation changes labels Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

docs: skip Pull request does not require documentation changes semver: patch

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant