安装

需要node>=22

curl -fsSL https://openclaw.ai/install.sh | bash

一路确认，要啥点啥，Ubuntu非root用户无桌面环境下会报个错Error: systemctl is-enabled unavailable: Command failed: systemctl --user is-enabled openclaw-gateway.service，再执行一次就好了。

默认是localhost启动，去到~/.openclaw/openclaw.json找到gateway部分

{
  "gateway": {
    "bind": "lan",          // 或 "0.0.0.0"，推荐用 "lan"（官方支持模式，会自动绑所有接口）
    "port": 18789,          // 默认就是这个，可改
    // 其他可选：加强安全
    "auth": {
      "mode": "token",      // 强制用 token 登录
      "dangerouslyDisableDeviceAuth": false  // 不要关闭设备配对
    }
  }
  // ... 其他配置保持不变
}

26.3.2之后默认 模式为messaging，需要改成full才是完全体。

"tools": {
    "profile": "full"
  },

然后重启gateway

openclaw gateway restart 
# 或如果用 systemd 用户服务： 
systemctl --user restart openclaw-gateway.service 
# 如果你改成了系统级服务： 
sudo systemctl restart openclaw-gateway.service

发现自定义port没成功，openclaw gateway status显示

Listening: *:18789
Note: CLI config resolves gateway port=1234 (free).

~/.config/systemd/user/openclaw-gateway.service里面变量优先级比较高，找到 ExecStart 行和 Environment 行，将 18789 改掉。改完后openclaw gateway restart无效，需要重启systemd。

systemctl --user daemon-reload
systemctl --user restart openclaw-gateway

进到页面会提示

control ui requires device identity (use HTTPS or localhost secure context)
此页面为 HTTP，因此浏览器阻止设备标识。请使用 HTTPS (Tailscale Serve) 或在网关主机上打开 http://127.0.0.1:18789。
如果您必须保持 HTTP，请设置 gateway.controlUi.allowInsecureAuth: true (仅限令牌)。
Docs: Tailscale Serve · Docs: Insecure HTTP

设置一下允许在非加密连接下验证令牌。

"gateway": {
    "port": 1234,
    "mode": "local",
    "bind": "lan",
    "controlUi": {
      "allowedOrigins": [
        "http://localhost:1234",
        "http://127.0.0.1:1234",
        "http://192.168.8.169:1234"
      ],
      "allowInsecureAuth": true,
      "dangerouslyDisableDeviceAuth": true,
      "dangerouslyAllowHostHeaderOriginFallback": true
    },

openclaw gateway restart

配置

tg集成

创建bot，配对等常规流程略过。

启动时会有个warning:

channels.telegram.groupPolicy is "allowlist" but groupAllowFrom (and allowFrom) is empty — all group messages will be silently dropped. Addsender IDs to channels.telegram.groupAllowFrom or channels.telegram.allowFrom, or set groupPolicy to "open".

bot对于群组消息默认是白名单制度，但是白名单为空就会触发。有几种改法：全开、全关、设名单。

{
  "channels": {
    "telegram": {
      "groupPolicy": "open"
      // "groupPolicy": "disabled"
      // groupAllowFrom 可以删掉或留空
    }
  }
}

{
  "channels": {
    "telegram": {
      "groupPolicy": "allowlist",
      "groupAllowFrom": [
        "你的Telegram用户ID"   // 比如 "123456789"（纯数字，不要带 @）
        // 可以加多个： "8301705815", "tg:另一个ID"
      ]
      // 如果你也想用 DM 私聊白名单，可以顺便加：
      // "allowFrom": ["你的ID"]
    }
  }
}

Ollama集成

https://docs.openclaw.ai/zh-CN/providers/ollama

# 默认值可以不加
openclaw provider add ollama --base-url http://127.0.0.1:11434
openclaw config set models.providers.ollama.apiKey "ollama-local"

{
  agents: {
    defaults: {
      model: { primary: "ollama/qwen3.5:27b" },
    },
  },
}

隐式集成

不要加乱七八糟的provider，直接二选一

1. ~/home/admin000~/.openclaw/openclaw.json

"auth": {
      "ollama_local": {
        "provider": "ollama",
        "mode": "api_key"
      }
    }
  },

~/.openclaw/agents/main/agent/auth-profiles.json

"profiles": {
    "ollama_local": {
      "type": "api_key",
      "provider": "ollama",
      "key": "ollama_local"
    }
  },

2. ~/home/admin000~/.config/systemd/user/openclaw-gateway.service

Environment=OLLAMA_API_KEY=ollama-local

重启后查看~/.openclaw/agents/main/agent/models.json,应该能看见了自动探测的模型，openclaw models list依然看不见，需要先进openclaw configure里面选出来才行。