OpenClaw Assistant
__ACCESS_MODE__
⏳
Gateway: checking…
🔒
Secure context: checking…
📡
Access mode: __ACCESS_MODE__
💾
Disk: __DISK_USED__ / __DISK_TOTAL__ (__DISK_PCT__) — __DISK_AVAIL__ free
⚠️ Migration notice: OpenClaw v2026.2.21+ requires HTTPS or localhost for Control UI.
Plain HTTP LAN access no longer works. Switch access_mode to lan_https
in add-on Configuration for one-click secure LAN access, then restart.
⚠️ Low disk space:
Add-on updates and Docker builds may fail. Open the terminal and run oc-cleanup to free space.
For Docker-level cleanup, open a host root shell (Advanced SSH add-on with Protection Mode off, or type login at the HAOS console) and run docker image prune -a.
🧭 Quick-Start: Secure LAN Access
Tips & token help
The gateway UI opens in a separate tab to avoid websocket/proxy issues with Ingress.
Set gateway_public_url in add-on options if the button URL is wrong.
If the Gateway UI says Unauthorized, get your token in the terminal:
openclaw config get gateway.auth.token
Reverse-proxy recipes (NPM / Caddy / Traefik / Tailscale)
Nginx Proxy Manager (NPM)
Scheme: https
Forward: <HA-IP>:18789
WS: ON
SSL tab: Request a new SSL certificate (Let's Encrypt or custom)
Caddy
openclaw.example.com {
reverse_proxy <HA-IP>:18789
}
Traefik (docker labels)
- "traefik.http.routers.openclaw.rule=Host(`openclaw.example.com`)"
- "traefik.http.routers.openclaw.tls.certresolver=le"
- "traefik.http.services.openclaw.loadbalancer.server.port=18789"
Tailscale HTTPS
# 1. Set access_mode to tailnet_https in add-on configuration
# 2. Enable Tailscale HTTPS in your Tailnet admin: DNS → HTTPS Certificates
# 3. On the HA host: tailscale cert <machine-name>.ts.net
# 4. Set gateway_public_url to https://<machine-name>.ts.net:18789