OpenClaw Web UI Gateway: How to Access Your Agent from Any Browser

OpenClaw's Web UI Gateway is one of its most underrated features. It gives you a browser-accessible dashboard where you can monitor your agent's activity, view live conversations, swap AI models, check health status, and adjust settings — all without touching a terminal.

This guide covers how to set it up, secure it, and access it from anywhere.

What the Web UI Gateway Gives You

Once running, the gateway provides:

• Live conversation view — see exactly what your agent is doing in real time
• Agent health status — uptime, model in use, session info
• Activity log — recent tasks completed, errors, restarts
• Model swap — change your AI model without redeploying
• Settings management — update config through a UI instead of CLI

Step 1: Install the Gateway as a Service

If you haven't already set up the gateway as a persistent service:

openclaw gateway install --force --token YOUR_HOOKS_TOKEN
loginctl enable-linger root
systemctl --user daemon-reload
openclaw gateway start

Replace YOUR_HOOKS_TOKEN with a secure random string — this is what authenticates access to the Web UI.

Step 2: Fix the Device Pairing Issue

By default, the Web UI requires "device pairing" — a browser must be approved by an operator before it can connect. On a fresh install, there's no operator set up, so every browser gets stuck at a pairing screen.

Fix:

openclaw config set gateway.controlUi.dangerouslyDisableDeviceAuth true
openclaw gateway restart

This is safe because the ?token= URL parameter is the actual authentication layer — no one without the token can access your dashboard.

Step 3: Access the Web UI

The Web UI runs on port 3000 by default. To access it:

Locally (from the server itself):

http://localhost:3000/?token=YOUR_HOOKS_TOKEN

Remotely (from your laptop):

Option A — SSH tunnel (simplest, no SSL required):

ssh -L 3000:localhost:3000 root@YOUR_SERVER_IP

Then open http://localhost:3000/?token=YOUR_HOOKS_TOKEN in your browser.

Option B — Expose via reverse proxy with SSL (recommended for regular use):

Install Caddy:

sudo apt install -y caddy

Create /etc/caddy/Caddyfile:

agent.yourdomain.com {
    reverse_proxy localhost:3000
}

Reload Caddy:

sudo systemctl reload caddy

Caddy handles SSL automatically via Let's Encrypt. Access at:

https://agent.yourdomain.com/?token=YOUR_HOOKS_TOKEN

Step 4: Bookmark the URL

Once you have SSL working, bookmark the full URL including the ?token= parameter. Anyone with this URL can access your agent dashboard, so treat it like a password — don't share it, and use a long random token.

Generate a secure token:

openssl rand -hex 32

Keeping the Gateway Responsive

The Web UI is only useful if the gateway is actually running. The gateway can zombie (process alive, WebSocket dead) without triggering a systemd failure. To stay protected:

crontab -e
# Add:
* * * * * OPENCLAW_GATEWAY_TOKEN=your_token /usr/bin/openclaw channels status | grep -q 'running' || /usr/bin/openclaw gateway restart

Common Web UI Issues

Blank page or "Loading..." — The gateway is in zombie state. Run openclaw gateway restart.

"pairing required" — You haven't disabled device auth yet. See Step 2 above.

Token doesn't work — Make sure you're using the same token you passed to gateway install --token. Check it in /opt/openclaw/.env or your systemd drop-in.

Can't reach from outside the server — Port 3000 may be blocked by your VPS firewall. Either use an SSH tunnel or open the port: sudo ufw allow 3000.

The Simpler Path

With SimplifyClaw, the Web UI Gateway is set up automatically as part of the 60-second deployment. You get a permanent HTTPS URL (yoursubdomain.simplifyclaw.com/?token=...) that works from any browser immediately — no SSH tunnels, no Caddy config, no SSL setup.

Deploy your agent and get a Web UI out of the box →