If your OpenClaw dashboard will not load, the TUI shows "gateway disconnected," or you are seeing "Web login provider is not available," this guide covers every common cause and how to fix it. We will work through problems from most common to least common.
"Web Login Provider Is Not Available"
This is the most frequently reported dashboard error. It means OpenClaw's web interface cannot authenticate your session.
Cause 1: Gateway Mode Not Set to Local
The gateway needs to run in local mode for the web UI to work.
openclaw config get gateway.mode
If it returns anything other than local, fix it:
openclaw config set gateway.mode "local"
openclaw restart
Cause 2: Gateway Not Fully Started
The web UI depends on the gateway process. If the gateway has not finished starting, the login provider is not yet available.
Check the logs for the ready signal:
openclaw logs --tail 30
Look for [gateway] listening on. If you only see [entrypoint] Starting OpenClaw gateway, the gateway is still booting — it takes approximately 40 seconds. Wait and try again.
Cause 3: Port Conflict
Another process is using the gateway port (default 3001):
lsof -i :3001
If something else is listening on that port, either stop that process or change the OpenClaw port:
openclaw config set gateway.port 3002
openclaw restart
Then access the dashboard on the new port.
TUI Shows "Gateway Disconnected"
The TUI (Terminal User Interface) connects to the gateway via a local socket. "Gateway disconnected" means the TUI cannot reach the gateway process.
Fix 1: Restart the Gateway
openclaw gateway stop
# Wait 5 seconds
openclaw gateway start
Then relaunch the TUI:
openclaw
Fix 2: Check If Gateway Is Running
openclaw status
If the gateway is not running, start it:
openclaw gateway start
If it fails to start, check for errors:
openclaw logs --tail 50
Fix 3: Stale PID File
Sometimes the gateway process dies but leaves a PID file behind, preventing a clean restart.
openclaw doctor --fix
This detects and removes stale PID files, then restarts the gateway cleanly.
Fix 4: Docker-Specific TUI Issues
If running in Docker, the TUI needs to connect to the gateway inside the container:
docker exec -it YOUR_CONTAINER_NAME openclaw
Do not try to run the TUI from outside the container — it cannot reach the gateway socket.
Dashboard Loads But Shows a Blank Page
Cause 1: JavaScript Errors
Open your browser's developer console (F12 or Cmd+Shift+J) and check for errors. Common issues:
- CORS errors — the dashboard URL does not match the configured gateway URL
- Mixed content — accessing via HTTPS but the gateway is on HTTP
- Module loading errors — browser cache is stale
Fix: Clear Browser Cache
A stale cache is the most common cause of blank dashboard pages after an OpenClaw update.
- Hard refresh:
Ctrl+Shift+R(Windows/Linux) orCmd+Shift+R(Mac) - If that does not work, clear site data:
- Chrome: Settings → Privacy → Clear browsing data → Cached images and files
- Firefox: Settings → Privacy → Clear Data → Cached Web Content
Cause 2: Incomplete Update
If you updated OpenClaw but the dashboard still shows old assets:
# In Docker
docker compose pull
docker compose up -d --force-recreate
# Bare metal
openclaw update
openclaw restart
Dashboard Loads But Cannot Connect to Gateway
You see the login page or dashboard UI, but it shows "Connecting..." or "Connection failed."
Cause 1: Wrong Gateway URL in Browser
The dashboard tries to connect to the gateway URL embedded in its configuration. If you access it from a different URL than expected:
openclaw config get gateway.url
Make sure this matches the URL you use in your browser. If you access OpenClaw at https://openclaw.mydomain.com, the gateway URL needs to match.
Cause 2: Reverse Proxy Not Forwarding WebSocket
OpenClaw uses WebSocket connections for real-time communication between the dashboard and gateway. Many reverse proxy configurations do not forward WebSocket traffic by default.[1]
Caddy handles WebSocket forwarding automatically — no extra configuration needed.
Nginx requires explicit WebSocket headers:
location / {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
The Upgrade and Connection headers are critical. Without them, WebSocket connections fail silently and the dashboard appears to load but never connects.
Cause 3: Trusted Proxies Not Configured
If OpenClaw is behind a reverse proxy (Caddy, Nginx, Traefik), it needs to know[2]:
openclaw config set gateway.trustedProxies '["127.0.0.1"]'
openclaw restart
Without this, the security audit flags trusted_proxies_missing and some features (including web client detection) may not work correctly through the proxy.
Device Approval Required
When connecting from a new browser, OpenClaw requires device approval. If the dashboard loads but says "Device identity required":
# List pending devices
openclaw devices list
# Approve the device
openclaw devices approve DEVICE_ID
On Docker:
docker exec -it YOUR_CONTAINER_NAME openclaw devices approve DEVICE_ID
Once approved, refresh the browser page.
Browser Compatibility
OpenClaw's web dashboard requires a modern browser. Known issues:
| Browser | Status |
|---|---|
| Chrome 100+ | Full support |
| Firefox 100+ | Full support |
| Safari 16+ | Full support |
| Edge 100+ | Full support |
| Safari < 16 | WebSocket issues |
| Internet Explorer | Not supported |
| Brave (strict shields) | May block WebSocket; allow the domain |
Private/Incognito Mode
The dashboard works in private browsing mode, but device approval is required each time since cookies do not persist between sessions.
Browser Extensions That Interfere
Some extensions can break the dashboard:
- Ad blockers — may block WebSocket connections. Add the dashboard domain to the allowlist.
- Privacy extensions (uBlock Origin, Privacy Badger) — may block the connection to the gateway. Whitelist the domain.
- VPN extensions — can cause certificate mismatches. Disable for the dashboard domain.
HTTPS / SSL Issues
"Your Connection Is Not Private"
If you see certificate warnings:
- Self-signed certificate — your reverse proxy is not using a valid TLS certificate. Use Caddy for automatic Let's Encrypt certificates.
- Certificate expired — check your certificate renewal. Caddy auto-renews; Certbot may need a cron job.
- Domain mismatch — the certificate is for a different domain than the one you are accessing.
Mixed Content Errors
If the dashboard loads on HTTPS but tries to connect to the gateway on HTTP:
openclaw config set gateway.url "https://your-domain.com"
openclaw restart
All connections must use the same protocol. You cannot load the dashboard on HTTPS and connect to the gateway on HTTP.
The Nuclear Option: Full Reset
If nothing else works and you need a clean start:
# Backup your data first
cp -r /app/data /app/data-backup
# Run the diagnostic tool
openclaw doctor --fix
# If still broken, factory reset (preserves memories)
openclaw factory-reset --keep-memories
# Restart
openclaw restart
See our factory reset guide for the full procedure and what it does and does not preserve.
Quick Diagnosis Checklist
Run through this checklist when the dashboard is not working:
- Is OpenClaw running? →
openclaw status - Is the gateway ready? → check logs for
[gateway] listening on - Is the port accessible? →
curl http://localhost:3001/health - Is the reverse proxy forwarding correctly? →
curl -I https://your-domain.com - Are trusted proxies configured? →
openclaw config get gateway.trustedProxies - Is the device approved? →
openclaw devices list - Is the browser cache stale? → hard refresh (
Ctrl+Shift+R) - Are browser extensions interfering? → test in incognito mode
Skip the Infrastructure
Most dashboard issues come from reverse proxy misconfiguration, port conflicts, or TLS setup problems — all infrastructure concerns that have nothing to do with actually using OpenClaw.
ClawTank handles the reverse proxy, TLS, port allocation, and device management automatically. Your OpenClaw instance is accessible at a stable HTTPS URL from the moment it is created. No proxy configuration, no port debugging, no certificate management.
