openclaw-sync/memory/2026-04-03-remote-access-fix.md

2026-04-03/04 局域网访问 OpenClaw Control UI

问题

局域网其他设备无法访问 OpenClaw 的 Web UI（Control UI）。

原因

1. nginx SSL 证书权限问题：本机 nginx 反代（/etc/nginx/sites-enabled/reverse-proxy）配置了 HTTPS → OpenClaw，但自签证书私钥 /etc/ssl/self-signed.key 权限为 600 root:root，nginx 以 www-data 运行无法读取。
2. Control UI 安全限制：非 localhost 的 HTTP 访问会被 device identity 检查拦截。

解决方案

1. 修复 SSL 证书权限

sudo chmod 640 /etc/ssl/self-signed.key
sudo chgrp www-data /etc/ssl/self-signed.key
sudo systemctl restart nginx

2. openclaw.json 配置

gateway.controlUi 段添加：

{
  "allowedOrigins": [
    "http://localhost:18789",
    "http://127.0.0.1:18789",
    "http://192.168.2.110:18789",
    "http://192.168.2.110",
    "https://192.168.2.110",
    "https://192.168.2.110:443"
  ],
  "allowInsecureAuth": true,
  "dangerouslyDisableDeviceAuth": true
}

3. nginx 反代配置

文件：/etc/nginx/sites-enabled/reverse-proxy

server {
    listen 192.168.2.110:443 ssl;
    ssl_certificate     /etc/ssl/self-signed.crt;
    ssl_certificate_key /etc/ssl/self-signed.key;

    location / {
        proxy_pass http://127.0.0.1:18789;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 86400;
        proxy_send_timeout 86400;
    }
}

访问方式

• 局域网：https://192.168.2.110/（自签证书，浏览器需手动信任）
• 首次连接需要 openclaw devices approve（或已启用 dangerouslyDisableDeviceAuth 则跳过）