Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] OpenClaw — AI Personal Assistant

Featured Replies

I installed OpenClaw last week and everything was going well, however noticed there was an update so I decided to do a fresh install. I am now unable to link OpenClaw to my discord channel. I've added a new variable called DISCORD_BOT_TOKEN and put my bot key in. When the OpenClaw container restarts I get the below error, I'm unable to open up the console because the container hasn't actually started, if I try and access OpenClaw I get a 502 Gateway error. Does anyone know what I could possibly be doing wrong?

2026-03-28T20:43:13.675+10:30 [secrets] [SECRETS_RELOADER_DEGRADED] SecretRefResolutionError: Environment variable "DISCORD_BOT_TOKEN" is missing or empty. 2026-03-28T20:43:13.678+10:30 Gateway failed to start: Error: Startup failed: required secrets are unavailable. SecretRefResolutionError: Environment variable "DISCORD_BOT_TOKEN" is missing or empty.

Edited by Happytodd

  • Replies 201
  • Views 90.9k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Sharing my local ollama settings. "models": { "providers": { "ollama": { "baseUrl": "http://xxx.xxx.xxx.xxx:11434/v1", "apiKey": "ollama", "api": "openai-responses

  • PikkonMG
    PikkonMG

    If your on chrome or like me edge then edge://flags/#unsafely-treat-insecure-origin-as-secure Enable Insecure origins treated as secure and add your local ip on unraid server running openclaw I.E http

  • Can't seem to find the template on community apps. Was this published yet?

Posted Images

5 hours ago, Happytodd said:

I installed OpenClaw last week and everything was going well, however noticed there was an update so I decided to do a fresh install. I am now unable to link OpenClaw to my discord channel. I've added a new variable called DISCORD_BOT_TOKEN and put my bot key in. When the OpenClaw container restarts I get the below error, I'm unable to open up the console because the container hasn't actually started, if I try and access OpenClaw I get a 502 Gateway error. Does anyone know what I could possibly be doing wrong?

2026-03-28T20:43:13.675+10:30 [secrets] [SECRETS_RELOADER_DEGRADED] SecretRefResolutionError: Environment variable "DISCORD_BOT_TOKEN" is missing or empty. 2026-03-28T20:43:13.678+10:30 Gateway failed to start: Error: Startup failed: required secrets are unavailable. SecretRefResolutionError: Environment variable "DISCORD_BOT_TOKEN" is missing or empty.

OpenClaw template already has a Variable for DISCORD_BOT_TOKEN. Just click show more settings and you will see discord, telegram , copilot ect. Start by checking that becuase if you did what you said container config now has duplicate entries for the same env var name.

11.png

I'm reasonably tech savvy, but I can't get the docker container to install with tailscale set to yes.
With tailscale off, I was able to get it up and running, but it was very difficult w/o reverse proxy. I had to ssh into the machine and pretend to be localhost. I would prefer if I could just access it via tailscale like everything else

On 3/26/2026 at 7:46 PM, PikkonMG said:

If your on chrome or like me edge then edge://flags/#unsafely-treat-insecure-origin-as-secure
Enable Insecure origins treated as secure and add your local ip on unraid server running openclaw I.E http://192.168.1.100:18789
Edit your openclaw.json in appdata->openclaw->config you will see section like this
"allowedOrigins": [
"http://localhost:18789",
"http://127.0.0.1:18789"
],
Edit it to include your Unraid Servers IP
"allowedOrigins": [
"http://localhost:18789",
"http://192.168.1.100:18789",
"http://host-name-or-whatever:18789",
"http://127.0.0.1:18789"
],
Start OpenClaw Docker and open the webui. then just close it.
Open console terminal for OpenClaw docker and run
printenv OPENCLAW_GATEWAY_TOKEN

openclaw devices list --token "$OPENCLAW_GATEWAY_TOKEN"

It will spit out some stuff like
🦞 OpenClaw 2026.3.24 (unknown) — Say "stop" and I'll stop—say "ship" and we'll both learn a lesson. │ penclaw devices approve --latest --token "$OPENCLAW_GATEWAY_TOKEN"◇ Pending (1)


under that you will see your Pending (1) client and you will see a key something like xxxxxxx-xxxx-xxxx-xxxx-xxxxxx3971

copy that key and run
openclaw devices approve xxxxxxx-xxxx-xxxx-xxxx-xxxxxx3971 --token "$OPENCLAW_GATEWAY_TOKEN"

After that try opening webui should work.

If you use a reverse proxy you could set it up at OpnClaw and probaly skip the "Enable Insecure origins treated as secure"

Thank you kind stranger, you have saved the day (after way too many hours of frustration and manually adjusting the config file)

On 4/1/2026 at 10:11 PM, rbmatt1s said:

I'm reasonably tech savvy, but I can't get the docker container to install with tailscale set to yes.
With tailscale off, I was able to get it up and running, but it was very difficult w/o reverse proxy. I had to ssh into the machine and pretend to be localhost. I would prefer if I could just access it via tailscale like everything else

I dont use tailscale so i can't say 100% I use my own wireguard server at network level. My guess based off OpenClaw Docs is that you probably need to run tailscale on unraid it's self and add your "https://your-tailnet.ts.net" along with your "10.x.x.x" to the allowedOrigins in your openclaw.json.

I had a question about the gateway restart. Everytime the Assistant execute a gateway restart the gataway doesnt restart and i in the log of the container, it has stop logging. So the only way to get things back up is to restart the container. Is this a limitation of using this as a docker container?

Does anyone have a working, quick, guide on setting up openclaw with ollama on Unraid? I've been trying to troubleshoot issues for 2 days, and just can't quite get it to work correctly,

18 hours ago, rushone2010 said:

Does anyone have a working, quick, guide on setting up openclaw with ollama on Unraid? I've been trying to troubleshoot issues for 2 days, and just can't quite get it to work correctly,

Dont use the web gui. Do openclaw onboard via the terminal in docker container. Follow the instruction set ollama and local as provider, pick you model.

Use your Unraid or Ollama's IP do not use any forum of localhost or 127.0.0.1 ect example http://192.168.1.50:11434

With the Anthropic change I see a lot of people are changing their claude API to claude-cli in order to still use their Pro or Max accounts. But claude isn't installed inside of the docker container. Is there a way to force it to install when pulling a new image?

On 4/6/2026 at 7:26 AM, PikkonMG said:

Dont use the web gui. Do openclaw onboard via the terminal in docker container. Follow the instruction set ollama and local as provider, pick you model.

Use your Unraid or Ollama's IP do not use any forum of localhost or 127.0.0.1 ect example http://192.168.1.50:11434

I've gotten that far, but I've not been successful in actually running a model. I'm only working with an i5-12600k and 32GB of RAM without a GPU, so I feel like my NAS is not strong enought to run this.

1 hour ago, rushone2010 said:

I've gotten that far, but I've not been successful in actually running a model. I'm only working with an i5-12600k and 32GB of RAM without a GPU, so I feel like my NAS is not strong enought to run this.

What model you you trying to use? Try something small like phi3:mini or gemma thats 2B or lower. Check and make sure you can actually hit ollama curl http://<OLLAMA_IP>:11434/api/tags

Also make sure your Ollama instance is setup to use cpu or igpu not passing NVIDIA settings like --gpus=all etc.

3 hours ago, Fffrank said:

With the Anthropic change I see a lot of people are changing their claude API to claude-cli in order to still use their Pro or Max accounts. But claude isn't installed inside of the docker container. Is there a way to force it to install when pulling a new image?

Not with a normal image pull alone. The container would need to be built with claude included, or have a startup script that installs it each time. Manually installing it inside the container won’t survive an update/recreate. So the proper fix is either the maintainer adding Claude Code to the image, or you making a custom image based on it.

You can do something with User Script Plugin but it would be just a work around and im not even sure how to aproach it.

You can also do VPS route. Create a VPS on your Unraid server and install OpenCLaw or Hermes.

Edited by PikkonMG

Hello,

What is the correct way to install/activate bundled skills (which are in "Needs Setup" state).

For example, I see there the following skills which I want to setup: openai-whisper, gog

1) openai-whisper:

I've found it on ClawHub, noticed that it requires Brew. I've installed Brew as per "openclaw-unraid" readme. Then I've installed openai-whisper as per ClawHub instruction. It's installed but still has "Needs Setup" status in OpenClaw UI. Chat bot doesn't recognize audio messages as well. Restarts didn't help.

2) gog:

I've installed and configured it following "gogcli.sh" instuctions. As a result I see "gog" skill in "Ready" status in OpenClaw UI. Also I can access google services from OpenClaw command line but chat bot claims that he doesn't have access to google services.

Am I doing right to install bundled skills?

I believe not, because "bundled" from my understanding means that it should be already inside OpenClaw container and require only configuration but not installation from scratch as I did.

Could you please point me to the manual how to activate in configure bundled skills properly? (without re-installing them from 3rd party and so chat bot would have access to the skills)

Hi, I asked OpenClaude to create a homepage for my Cronjobs
so I can easily get an overview. I can see a preview image of it in the web interface chat, but I’m unable to access the actual page from my PC
http://192.168.1.2:18789/__openclaw__/canvas/documents/cron-dashboard/index.html
it just say {"error":{"message":"Unauthorized","type":"unauthorized"}}

can any help just ask for more info if neede

edit I ask claw and it say that and give me a link with my token but it the same
have try get it working with claw but I get back to OpenClaw

Gateway Dashboard and ask to loging do it with the token click on the link and it return the error
claw talk abut it a chorm problem but it all browsers
The "Unauthorized" error occurs because the OpenClaw dashboard requires an authentication token for direct browser access to protect your data.

Edited by tola5

After installing the container and setting it up via the terminal in docker container openclaw onboard the container fails to start with the following errors....

[openclaw] Unhandled promise rejection: CIAO PROBING CANCELLED

[openclaw] wrote stability bundle: /root/.openclaw/logs/stability/openclaw-stability-2026-04-27T04-26-24-680Z-1-unhandled_rejection.json

8 hours ago, oct said:

After installing the container and setting it up via the terminal in docker container openclaw onboard the container fails to start with the following errors....

[openclaw] Unhandled promise rejection: CIAO PROBING CANCELLED

[openclaw] wrote stability bundle: /root/.openclaw/logs/stability/openclaw-stability-2026-04-27T04-26-24-680Z-1-unhandled_rejection.json

If its related should make live soon I would think https://github.com/openclaw/openclaw/releases/tag/v2026.4.25-beta.2

"Plugins/Bonjour: stop the gateway from crash-looping on CIAO PROBING CANCELLED when the mDNS watchdog cancels a stuck probe. Restores the rejection-handler wiring dropped during the bonjour plugin migration and shares unhandled-rejection state across module instances so plugin-staged copies of openclaw/plugin-sdk/runtime register into the same handler set the host consults. Especially affects Docker on macOS, where mDNS probing reliably hits the watchdog. Thanks @troyhitch."

I've had the openclaw container successfully running for awhile now & had to revert back to version ghcr.io/openclaw/openclaw:2026.4.23-amd64 after the last container upgrade. Didn't bother to troubleshoot yet as I figure this is above my pay grade...

Looking around some more...

Sorry for the spam if the answer is on the previous six pages but,

is there a reason the template is using user=root as opposed to the unprivileged user, "node"?

From the openclaw dockerfile(268-271):

# Security hardening: Run as non-root user

# The node:24-bookworm image includes a 'node' user (uid 1000)

# This reduces the attack surface by preventing container escape via root privileges

USER node

Was that just to make it work? The mapped volume for the workspace looks like it may have been set up for "node" originally but now does nothing as the template uses Extra Parameters: --user root --hostname OpenClaw in the Advanced View page...

Things that make you go hmmmm....

Edited by FlynDice
Added inquiry as to reason for root user.

1 hour ago, FlynDice said:

I've had the openclaw container successfully running for awhile now & had to revert back to version ghcr.io/openclaw/openclaw:2026.4.23-amd64 after the last container upgrade. Didn't bother to troubleshoot yet as I figure this is above my pay grade...

Looking around some more...

Sorry for the spam if the answer is on the previous six pages but,

is there a reason the template is using user=root as opposed to the unprivileged user, "node"?

From the openclaw dockerfile(268-271):

# Security hardening: Run as non-root user

# The node:24-bookworm image includes a 'node' user (uid 1000)

# This reduces the attack surface by preventing container escape via root privileges

USER node

Was that just to make it work? The mapped volume for the workspace looks like it may have been set up for "node" originally but now does nothing as the template uses Extra Parameters: --user root --hostname OpenClaw in the Advanced View page...

Things that make you go hmmmm....

Template was created a few months ago and probably did what it did based off how openclaw was at the time with workarounds for Unraid permissions ects. But ya docker now should be node UID 1000. If I was an existing user id just leave it like it is as /root/.openclaw` owned by root. Switching users would cause permission errors.

I cannot seem to get this container to work properly, I have tried to get this working with local ollama container through enviroment variables but that did not work so tried running stock with gateway token and then running command for setup wizard after that adding in allowed proxies and domains which I added the local ip and also the domain that is being used through traefik to have it running as ssl encrypted to get passed the ssl warning on the dashboard but I just cannot get through to the dashboard at all even using the token id in the url path connect button does nothing at all.

Also the container is acting very very slow in terms of the setup wizard via cli.

if someone has gotten openclaw with ollama locally working I would love a config file and story of how you have set yours up, much appreciated in advance.

Cheers team.

I've got openclaw with local ollama running on my unraid box and my laptop. I tried this because I've got no GPU on the unraid box but my laptop has a ryzen with the Radeon 780M gpu . The performance is comparable between the 2 and now I have 2 parallel lanes...

I added them by running "openclaw onboard" several times through the terminal.

Good Luck!

Here are the model/ollama bits of my config:

"apiKey": "OLLAMA_API_KEY",  <-----  literal, not placeholder, just needs to be something

  "auth": {
    "profiles": {
      "ollama:default": {
        "provider": "ollama",
        "mode": "api_key"
      },
      "ollama-laptop:default": {
        "provider": "ollama-laptop",
        "mode": "api_key"
      }
    }
  },
  "models": {
    "mode": "merge",
    "providers": {
      "ollama": {
        "baseUrl": "http://<CONTAINER IP>:11434",
        "api": "ollama",
        "apiKey": "OLLAMA_API_KEY",
        "models": [
          {
            "id": "qwen2.5-coder:14b",
            "name": "qwen2.5-coder:14b",
            "reasoning": false,
            "input": [
              "text"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 32768,
            "maxTokens": 8192,
            "compat": {
              "supportsTools": false
            }
          },
          {
            "id": "llama3.1:8b",
            "name": "llama3.1:8b",
            "reasoning": false,
            "input": [
              "text"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 131072,
            "maxTokens": 8192
          },
          {
            "id": "minicpm-v:8b",
            "name": "minicpm-v:8b",
            "reasoning": false,
            "input": [
              "text",
              "image"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 32768,
            "maxTokens": 8192
          }
        ]
      },
      "ollama-laptop": {
        "baseUrl": "http://192.168.X.XXX:11434",
        "api": "ollama",
        "apiKey": "OLLAMA_API_KEY",
        "models": [
          {
            "id": "llama3.1:8b",
            "name": "llama3.1:8b (Laptop)",
            "reasoning": false,
            "input": [
              "text"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 131072,
            "maxTokens": 8192,
            "compat": {
              "requiresStringContent": true
            }
          },
          {
            "id": "qwen2.5-coder:7b",
            "name": "qwen2.5-coder:7b (Laptop)",
            "reasoning": false,
            "input": [
              "text"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 32768,
            "maxTokens": 8192,
            "compat": {
              "requiresStringContent": true,
              "supportsTools": false
            }
          }
        ]
      }
    }
  }

Versionv2026.4.25 appears to have the gateway fixed now (:latest)

I've added this to my post-install to load QMD also as it appears to not be installed in the container:

sh -c "mkdir -p /root/.openclaw /home/linuxbrew; [ -s /root/.openclaw/openclaw.json ] || echo '{\"gateway\":{\"mode\":\"local\",\"bind\":\"lan\",\"controlUi\":{\"allowInsecureAuth\":true},\"auth\":{\"mode\":\"token\"}}}' > /root/.openclaw/openclaw.json; if ! command -v qmd >/dev/null 2>&1; then echo 'Installing QMD...'; npm install -g @tobilu/qmd; echo 'QMD installed.'; fi; exec node dist/index.js gateway --bind lan"

Edited by FlynDice
my post-install vs the post-install...

8 hours ago, FlynDice said:

Versionv2026.4.25 appears to have the gateway fixed now (:latest)

I've added this to my post-install to load QMD also as it appears to not be installed in the container:

sh -c "mkdir -p /root/.openclaw /home/linuxbrew; [ -s /root/.openclaw/openclaw.json ] || echo '{\"gateway\":{\"mode\":\"local\",\"bind\":\"lan\",\"controlUi\":{\"allowInsecureAuth\":true},\"auth\":{\"mode\":\"token\"}}}' > /root/.openclaw/openclaw.json; if ! command -v qmd >/dev/null 2>&1; then echo 'Installing QMD...'; npm install -g @tobilu/qmd; echo 'QMD installed.'; fi; exec node dist/index.js gateway --bind lan"

Thank you very much FlynDice I will give it another shot when I get home after work )

So no luck on this front I feel like i have tried everything and this container is just broken. if I go local navigation I get this https crap even after allowing insecure in chrome flags and even enabling insecure auth in the .json file.

image.png

Then to get around this I pushed local dns record to traefik with no middleware so its basically untouched apart from encrypting into ssl, and after adding trusted proxy and trusted device ip's and domain names I get this device signature crap I have tried clearing every known cache and cookie, tried a new browser and even incognito mode but nothing works I get stuck at either of these two being https or device signature.
image.png

I never thought this would be so hard to setup I mean I have heard people complain about its security levels but I have not even gotten it to work, seems like the best security level is already baked in (Not Working) (

I would greatly appreciate any further guidance on this matter team otherwise I think it will just be binned and ill try another project (

I solved the gateway loop on startup by removing the plugin-runtime-deps/ dir in .openclaw. Latest build starts up fine for me now & it recreated the dir.

here is my gateway config if it helps:

"gateway": {
    "mode": "local",
    "bind": "lan",
    "controlUi": {
      "allowInsecureAuth": true,
      "allowedOrigins": [
        "http://<Unraid IP>:18789"
      ],
      "dangerouslyDisableDeviceAuth": true
    },
    "auth": {
      "mode": "token",
      "token": "REDACTED",
      "rateLimit": {
        "maxAttempts": 10,
        "windowMs": 60000,
        "lockoutMs": 300000
      }
    },
    "port": 18789,
    "tailscale": {
      "mode": "off",
      "resetOnExit": false
    }
  },

Oiii, pessoal não consigo entrar no openclaw....alguma dica pro favor?
Tenho Adguard, Npm, OpenClaw.

When I enter like this, I get this error
http://192.168.50.250:18789/?token=mytokenhere
https://openclaw.mydomain.com.br/?token=mytokenhere

image.png

If I edit the openclaw.json file to

{
  "gateway": {
    "mode": "local",
    "bind": "lan",
    "controlUi": {
      "allowInsecureAuth": true,
      //"allowedOrigins": ["*"]
      //"dangerouslyAllowHostHeaderOriginFallback": true
    },
    "auth": {
      "mode": "token"
    }
  }
}


The error now is
image.png

image.png

image.png

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.