openclaw gateway的网络绑定模式
openclaw gateway 工作原理(简短)
WhatsApp / Telegram / Slack / Discord / Google Chat / Signal / iMessage / BlueBubbles / Microsoft Teams / Matrix / Zalo / Zalo Personal / WebChat
│
▼
┌───────────────────────────────┐
│ Gateway │
│ (control plane) │
│ ws://127.0.0.1:18789 │
└──────────────┬────────────────┘
│
├─ Pi agent (RPC)
├─ CLI (openclaw …)
├─ WebChat UI
├─ macOS app
└─ iOS / Android nodes
openclaw Gateway 配置文件结构
~/.openclaw/openclaw.json
{
gateway: {
// Required: local or remote
mode: "local",
// Server binding
port: 18789,
bind: "loopback", // 五种网络绑定模式:loopback | lan | tailnet | auto | custom
host: "127.0.0.1", // when bind=custom
// Authentication
auth: {
mode: "token", // token | password | none
token: "gway_...",
password: "..." // optional, for password mode
},
// Tailscale integration
tailscale: {
mode: "off", // off | serve | funnel
resetOnExit: false
},
// Remote Gateway (when mode=remote)
remote: {
url: "ws://...",
token: "..."
},
// Hot reload behavior
reload: {
mode: "hybrid" // hybrid | restart | off
},
// Control UI settings
controlUi: {
allowInsecureAuth: false
}
},
// Canvas host (separate HTTP server for node WebViews)
canvasHost: {
enabled: true,
port: 18793,
bind: "loopback"
}
}
网络绑定模式gateway.bind
网关Gateway支持五种网络绑定模式,由gateway.bind(或--bind)控制
| Mode | Bind Address | Auth Required | Use Case |
|---|---|---|---|
| loopback | 127.0.0.1 | Optional (recommended) | Local-only access, SSH tunnels |
| lan | 0.0.0.0 (all interfaces) | Yes(token or password) | Direct LAN/WAN access without VPN |
| tailnet | Tailscale IP (100.64.0.0/10) | Yes (token or password) | Tailscale mesh network |
| auto | Falls back through loopback → tailnet → lan | If non-loopback | Automatic best-effort |
| custom | gateway.host value | Yes (token or password) | Specific IP binding |
安全规则:
- loopback模式: Auth可选,但推荐 (默认情况下,向导会生成一个令牌)
- 非loopback模式 (lan, tailnet, custom): 强制Auth,未设置
gateway.auth.token或者gateway.auth.password,Gateway拒绝启动
浙公网安备 33010602011771号