OpenClaw Install / Docs / Gateway / Skills
EN
Get Started
Home

Switch language

简体中文 English
Start Install GuideQuick StartDocs Overview
Docs ChannelsModels & APIGateway OpsTools & Skills
More ArticlesResourcesHelp Center
Get Started
Documentation navigation Gateway Ops

Current Section

On This Page

Gateway Ops 4 sections 3 key facts

Gateway Operations

Gateway Operations

The Gateway is OpenClaw's always-on control plane. It connects chat channels, serves WebSocket and HTTP interfaces, coordinates nodes and tools and keeps health checks, logs, state and remote access together.

Gateway Configuration Gateway Troubleshooting CLI Reference

What the Gateway Is

Control Plane

Unified access layer

Holds channel connections such as WhatsApp and Telegram and exposes the control surface for Dashboard, WebChat and nodes.

HTTP + WS

One port, many interfaces

The same port can carry WebSocket control traffic, the Control UI, OpenAI-style interfaces and tool-related endpoints.

Daemon

Built for supervision

It should usually run under launchd or systemd and exit non-zero on fatal errors so the supervisor can restart it.

Security Default

Use a token even locally

Even when bound to loopback, keep an auth token so other local processes cannot connect without permission.

Common Runtime Commands

Run locally

openclaw gateway --port 18789

Verbose logs

Write debugging and trace information directly to the current terminal.
openclaw gateway --port 18789 --verbose

Force recovery when the port is stuck

Find and terminate the existing listener before starting the Gateway again.
openclaw gateway --force

Watch mode for development

Hot-reload the Gateway when TypeScript changes locally.
pnpm gateway:watch

Operational Notes

Remote access

Prefer Tailscale or a VPN. SSH tunnels remain the next-best option, for example ssh -N -L 18789:127.0.0.1:18789 user@host.

Multiple instances

If isolation is really required, give each instance its own gateway.port, config file, state directory and workspace.

Hot reload and restart

The Gateway watches config changes and may hot-apply safe changes while restarting on more critical ones. Disable reload only when you need total manual control.

Service management

LaunchAgent is common on macOS and systemd user services are common on Linux / WSL2. A service reported as loaded is not the same as a healthy RPC endpoint.

Gateway Pages

Gateway Configuration

Config fields, strict validation, config.apply / patch and include-based composition.
Security

Tokens, allowFrom, pairing, exposure rules and least-privilege practices.
Logging

Structured logs, verbose output and the fields that matter when diagnosing incidents.
Remote Access

SSH tunnels, remote URLs and how local clients connect to a remote Gateway.
Tailscale

The recommended network shape when exposing the Gateway through a tailnet.
Health Checks

The order of operations from status and doctor to deeper health inspection.
Authentication

Provider credentials, auth token placement and how to reason about unauthorized errors.
Gateway Troubleshooting

Deep diagnosis for ports, auth, unauthorized UI, startup failure and provider issues.
Help Center

If you are still unsure whether the issue belongs to Gateway, channels or providers, classify it there first.