Enhance documentation for LAN access and insecure authentication options in OpenClaw Assistant

This commit is contained in:
techartdev
2026-02-02 02:40:34 +02:00
parent 1db5009f0b
commit 5d08325190
+45 -6
View File
@@ -65,9 +65,20 @@ You have two common setups:
If your Home Assistant is already exposed via HTTPS (Nabu Casa, reverse proxy, etc.), use that. If your Home Assistant is already exposed via HTTPS (Nabu Casa, reverse proxy, etc.), use that.
This avoids browser security issues. This avoids browser security issues.
#### Option 2: LAN access (http://192.168.x.x) #### Option 2: LAN access (http://192.168.x.x) — using add-on options (recommended)
If you want to open it directly on your LAN, you must ensure OpenClaw binds to LAN. The easiest way to enable LAN access is via the add-on configuration:
In the terminal:
1. Go to Home Assistant → **Settings → Add-ons → OpenClaw Assistant → Configuration**
2. Set the following options:
- `gateway_bind_mode`: **lan** (enables LAN binding; use **loopback** for local-only access)
- `gateway_port`: **18789** (or your preferred port)
- `allow_insecure_auth`: **true** (required for HTTP access; see section 4 below)
3. Restart the add-on
The add-on will automatically update OpenClaw's configuration on startup.
#### Option 3: LAN access — manual configuration (advanced)
If you prefer to configure manually via terminal:
```sh ```sh
openclaw config set gateway.bind lan openclaw config set gateway.bind lan
@@ -120,22 +131,46 @@ Put the gateway behind HTTPS (recommended long-term).
Access it as `http://localhost:18789` using SSH port forwarding from your computer. Access it as `http://localhost:18789` using SSH port forwarding from your computer.
### Option C — Allow insecure auth (quick workaround; less secure) ### Option C — Allow insecure auth (quick workaround; less secure)
In the terminal:
**Via add-on configuration (recommended)**:
1. Go to Home Assistant → **Settings → Add-ons → OpenClaw Assistant → Configuration**
2. Set `allow_insecure_auth`: **true**
3. Restart the add-on
**Via terminal (manual)**:
```sh ```sh
openclaw config set gateway.controlUi.allowInsecureAuth true openclaw config set gateway.controlUi.allowInsecureAuth true
``` ```
Then restart the add-on.
This allows using the Control UI over LAN HTTP. This allows using the Control UI over LAN HTTP.
--- ---
## 5) Add-on options (custom / HA-specific) ## 5) Add-on options (custom / HA-specific)
This add-on intentionally keeps options minimal. See `openclaw_assistant/config.yaml`. This add-on keeps options minimal but practical. See `openclaw_assistant_dev/config.yaml` for the full schema.
### Gateway Network Settings
Control how the OpenClaw gateway binds to the network:
- **`gateway_bind_mode`** (string: **loopback** or **lan**, default **loopback**)
- **loopback**: Bind to 127.0.0.1 only — secure, local access only
- **lan**: Bind to all interfaces — accessible from your local network
- **`gateway_port`** (int, default **18789**)
- Port number for the gateway to listen on
- **`allow_insecure_auth`** (bool, default **false**)
- Allow HTTP authentication for gateway access on LAN
- **WARNING**: Only enable if using HTTP (not HTTPS) for `gateway_public_url`
- Required for browser access over HTTP (see section 4)
These settings are applied automatically on add-on startup. No need to run `openclaw config` commands manually.
### Terminal ### Terminal
- `enable_terminal` (default **true**) - `enable_terminal` (bool, default **true**)
Security note: the terminal gives shell access inside the add-on container. Security note: the terminal gives shell access inside the add-on container.
@@ -155,6 +190,10 @@ How to provide the key:
- Put the private key file under the add-on config directory so it appears in-container at `/data/keys/...` - Put the private key file under the add-on config directory so it appears in-container at `/data/keys/...`
- Recommended permissions: `chmod 600` - Recommended permissions: `chmod 600`
### Session cleanup
- `clean_session_locks_on_start` (bool, default **true**) — Remove stale lock files on startup
- `clean_session_locks_on_exit` (bool, default **true**) — Remove stale lock files on shutdown
--- ---
## Troubleshooting ## Troubleshooting