#I cant get my gateway to stay up

CRITICAL
gateway.control_ui.allowed_origins_required Non-loopback Control UI missing explicit allowed origins
Control UI is enabled on a non-loopback bind but gateway.controlUi.allowedOrigins is empty. Strict origin policy requires explicit allowed origins for non-loopback deployments.
Fix: Set gateway.controlUi.allowedOrigins to full trusted origins (for example https://control.example.com/). If your deployment intentionally relies on Host-header origin fallback, set gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback=true.

I've run every command to try and fix my gateway, but am getting this critical error. How can I resolve it?

That “CRITICAL gateway.control_ui.allowed_origins_required” happens when your Control UI is reachable on a non-loopback interface (LAN / tailnet / 0.0.0.0 / public IP), but gateway.controlUi.allowedOrigins is empty. Newer OpenClaw builds refuse to start in that case because the browser UI would otherwise accept cross-origin WS connections too loosely.

First: what does openclaw --version show? (This check changed over time.)

Fix (recommended): explicitly set gateway.controlUi.allowedOrigins

Add the full origin(s) you will load the Control UI from (scheme + host + optional port; no path).

Example: you open the UI directly via IP:port

If you browse http://192.168.1.50:18789/ then set:

// ~/.openclaw/openclaw.json
{
  gateway: {
    controlUi: {
      allowedOrigins: ["http://192.168.1.50:18789"],

    },
  },
}

Example: you access it via a domain / reverse proxy

If you browse https://control.example.com/:

{
  gateway: {
    controlUi: {
      allowedOrigins: ["https://control.example.com"],
    },
  },

}

Quick way via CLI

openclaw config set gateway.controlUi.allowedOrigins '["https://control.example.com"]'

Then restart the gateway (or if you run it as a service):

openclaw gateway restart

Docs: https://docs.openclaw.ai/web/control-ui (see the “Non-loopback … must set allowedOrigins” section)

Alternative fixes