origin not allowed (open the Control UI from the gateway host or allow it in gateway.controluiallowedOrigins)

前景

环境

1. VMware + Ubuntu 22

2. 已经配置完 openclaw onboard --install-daemon 引导流程后

   • 使用 socat 端口转发，浏览器通过 web UI + Token 进入时碰到
   • 

解决

nano ~/.openclaw/openclaw.json

在 gateway 部分添加以下配置（合并进现有 JSON，不要替换整个文件）：

{
  "gateway": {
    "controlUi": {
      "allowedOrigins": ["http://192.168.178.101:18790"],
      "allowInsecureAuth": true,
      "dangerouslyDisableDeviceAuth": true,
      "dangerouslyAllowHostHeaderOriginFallback": true
    },
    "trustedProxies": ["127.0.0.1"]
  }
}

保存退出（Ctrl+O → Enter → Ctrl+X）。

第二步：配置 socat 端口转发（持久化）

sudo apt install socat -y

sudo tee /etc/systemd/system/socat-18790.service > /dev/null << 'EOF'
[Unit]
Description=Socat port forward 18790 to openclaw 18789
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/socat TCP-LISTEN:18790,bind=0.0.0.0,fork,reuseaddr TCP:127.0.0.1:18789
Restart=always
RestartSec=3

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable socat-18790
sudo systemctl start socat-18790

第三步：放行防火墙

sudo ufw allow 18790/tcp
sudo ufw status

第四步：重启 openclaw

openclaw gateway restart

架构总结：

浏览器(Windows) → http://192.168.178.101:18790 → socat → 127.0.0.1:18789(openclaw)

参考资料

https://blog.csdn.net/tzchao111/article/details/157660763?spm=1001.2014.3001.5506

https://cloud.tencent.com/developer/article/2631562

https://cloud.tencent.com/developer/article/2627309?from_column=20421&from=20421