宝塔后台设置nginx反向代理

目标url：

发送域名：

127.0.0.1

disconnected (1008): pairing required解决

根据官网内容

Control UI over HTTP

The Control UI needs a secure context (HTTPS or localhost) to generate device identity. If you enable gateway.controlUi.allowInsecureAuth, the UI falls back to token-only auth and skips device pairing when device identity is omitted. This is a security downgrade—prefer HTTPS (Tailscale Serve) or open the UI on 127.0.0.1.For break-glass scenarios only, gateway.controlUi.dangerouslyDisableDeviceAuth disables device identity checks entirely. This is a severe security downgrade; keep it off unless you are actively debugging and can revert quickly.openclaw security audit warns when this setting is enabled.

openclaw更新：

Control UI over HTTP

The Control UI needs a secure context (HTTPS or localhost) to generate device identity. gateway.controlUi.allowInsecureAuth does not bypass secure-context, device-identity, or device-pairing checks. Prefer HTTPS (Tailscale Serve) or open the UI on 127.0.0.1.For break-glass scenarios only, gateway.controlUi.dangerouslyDisableDeviceAuth disables device identity checks entirely. This is a severe security downgrade; keep it off unless you are actively debugging and can revert quickly.openclaw security audit warns when this setting is enabled.

在openclaw.json中加入

  "gateway": {
    "port": 65530,
    "mode": "local",
    "bind": "loopback",
    "controlUi": {
      "allowInsecureAuth": true,
      "dangerouslyDisableDeviceAuth": true
    },