Ubuntu部署openclaw并配置API

说明

之前都没对 OpenClaw 上心过,因为 API 消耗比较大,费钱。 这次免费领了联通的 Coding Plan Pro,以及一台 2核4G内存的 云主机,所以就打算试下。
本文先介绍如何在 Ubuntu 云主机上安装 openClaw,后续用法等有时间再写文章。

1、操作系统 ubuntu 22.04 Server
2、OpenClaw 2026.2.26 版本
3、云服务器 2核4G
4、root用户

安装

安装 OpenClaw

我使用的是 云服务器,初始系统没有安装任何软件。
安装OpenClaw其实很简单,执行下面的命令一键安装:

1
curl -fsSL https://openclaw.ai/install.sh | bash

安装脚本会自动安装 Node、OpenClaw 等。 在界面全部选”Yes”就行。

安装完成后,Gateway 会启动失败(不用担心,后面配置好后,我们重启Gateway就行)。 最后界面会出现下面的信息:

1
2
3
4
5
6
7
8
9
10
11
12
🦞 OpenClaw 2026.2.26 (bc50708) — Your task has been queued; your dignity has been deprecated.

Dashboard URL: http://127.0.0.1:18789/#token=85xxxxxxxxxxxxd9c6b036328fe00d04fd3c98
Copy to clipboard unavailable.
No GUI detected. Open from your computer:
ssh -N -L 18789:127.0.0.1:18789 root@192.168.0.167
Then open:
http://localhost:18789/
http://localhost:18789/#token=85xxxxxxxxxxxxd9c6b036328fe00d04fd3c98
Docs:
https://docs.openclaw.ai/gateway/remote
https://docs.openclaw.ai/web/control-ui

此时,你无法正常访问:http://localhost:18789/#token=85xxxxxxxxxxxxd9c6b036328fe00d04fd3c98

不过忧虑,我们进行下面的配置。

安装界面1

安装界面2

安装 Nginx (如果只是本机使用,有图形界面,可以跳过此步骤)

执行下面的命令:

1
apt install -y nginx

如果弹出选择界面,直接确定即可。

进入 /etc/nginx/ ,找到 nginx.conf 文件,修改成如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

server {
listen 18790;
server_name your-domain.com; # 替换为你的域名或 IP

location / {
proxy_pass http://127.0.0.1:18789;

# 必需的头信息传递
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# WebSocket 支持(如果 openclaw 使用 WS)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

# 超时与缓冲优化(可选)
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
}

# 健康检查端点(可选)
location /health {
access_log off;
proxy_pass http://127.0.0.1:18789/health;
}
}
}

保存文件,执行下面的命令:

1
nginx -s reload

启动 Gateway

执行下面的命令:

1
2
openclaw config set gateway.mode local
openclaw gateway restart

local

控制台没有提示失败就是启动成功了,然后我们配置好防火墙,就能浏览器访问 Ui 界面了,比如:http://:18790/#token=85xxxxxxxxxxxxd9c6b036328fe00d04fd3c98

此时界面还会提示一些异常,请进行下一步

配置 OpenClaw

当你能访问UI界面后,其实还不能使用,需要修改 OpenClaw 的配置文件,该 文件在 /root/.openclaw 目录下。

这边我直接给出完整的配置,可以直接使用,配置里的 token、allowedOrigins、apiKey 等换成你自己的配置。 我这边使用的是联通免费的Coding Plan。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
{
"meta": {
"lastTouchedVersion": "2026.2.26",
"lastTouchedAt": "2026-02-28T13:04:18.321Z"
},
"wizard": {
"lastRunAt": "2026-02-28T11:48:10.150Z",
"lastRunVersion": "2026.2.26",
"lastRunCommand": "doctor",
"lastRunMode": "local"
},
"agents": {
"defaults": {
"compaction": {
"mode": "safeguard"
},
"maxConcurrent": 4,
"subagents": {
"maxConcurrent": 8
},
"model": {
"primary": "Unicom/MiniMax-M2.5"
},
"models": {
"Unicom/MiniMax-M2.5": {}
}
}
},
"messages": {
"ackReactionScope": "group-mentions"
},
"commands": {
"native": "auto",
"nativeSkills": "auto",
"restart": true,
"ownerDisplay": "raw"
},
"gateway": {
"mode": "local",
"auth": {
"mode": "token",
"token": "保留原有的Token"
},
"controlUi": {
"allowedOrigins": [
"http://60.13.54.190:18790",
"http://192.168.0.167:18790",
"http://192.168.0.167:18789",
"http://127.0.0.1:18789"
],
"allowInsecureAuth": true,
"dangerouslyDisableDeviceAuth": true
}
},
"models": {
"mode": "merge",
"providers": {
"Unicom": {
"baseUrl": "https://aigw-gzgy2.cucloud.cn:8443/v1",
"apiKey": "sk-sp-xxxxxxxxxxxxxxxxxxxxxxxxxxx",
"api": "openai-completions",
"models": [
{
"id": "MiniMax-M2.5",
"name": "MiniMax-M2.5",
"reasoning": false,
"input": ["text"],
"cost": { "input": 0, "output": 0, "cacheRead": 0, "cacheWrite": 0 },
"contextWindow": 128000,
"maxTokens": 32000
},
{
"id": "Qwen3.5-397B-A17B",
"name": "Qwen3.5-397B-A17B",
"reasoning": false,
"input": ["text"],
"cost": { "input": 0, "output": 0, "cacheRead": 0, "cacheWrite": 0 },
"contextWindow": 128000,
"maxTokens": 32000
}
]
}
}
}
}

修改好后,先备份原有的 openclaw.json 文件,然后替换掉原有的 文件,重启 Gateway:

1
openclaw gateway restart

启动成功后,你就可以在浏览器上访问了,比如:http://:18790/#token=85xxxxxxxxxxxxd9c6b036328fe00d04fd3c98

此时,界面一切正常!

UI

问题处理

1、提示:Gateway start blocked: set gateway.mode=local (current: unset) or pass –allow-unconfigured

解决:

1
2
openclaw config set gateway.mode local
openclaw gateway restart

2、提示:origin not allowed (open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins)

解决:
需要修改 openclaw.json 中 “gateway” 内容,添加 “controlUi” ,并重启 Gateway

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
"gateway": {
"mode": "local",
"auth": {
"mode": "token",
"token": "85xxxxxxxxd95d0d9c6b0xxxxxxxx04fd3c98"
},
"controlUi": {
"allowedOrigins": [
"http://60.13.54.190:18790",
"http://192.168.0.167:18790",
"http://192.168.0.167:18789",
"http://127.0.0.1:18789"
],
"allowInsecureAuth": true,
"dangerouslyDisableDeviceAuth": true
}
}