Building Custom AI Skills with InstructLab Taxonomy
Create domain-specific AI capabilities using InstructLab's taxonomy system—from writing skill definitions to generating synthetic training data and validating fine-tuned models.
AI
Accessing the OpenClaw Control UI Dashboard on Azure
Luca Berton • • 3 min read
#openclaw#dashboard#control-ui#azure#ssh-tunnel#monitoring#web-ui#docker
🖥️ The Control UI Dashboard
OpenClaw ships with a browser-based Control UI (dashboard) for managing your AI agent. It’s where you monitor conversations, configure settings, manage devices, and interact with the agent directly.
The dashboard runs on the same port as the gateway (default: 18789) and serves under the root path / (or a custom basePath).
🔐 Option A: SSH Tunnel (Recommended)
The safest way to access the Control UI from your Azure VM is through an SSH tunnel. No public ports, no NSG rules, no origin configuration needed.
Step 1: Set bind to loopback
On the VM:
cd ~/openclaw
nano .envSet:
OPENCLAW_GATEWAY_BIND=loopbackRestart:
docker compose down
docker compose up -dStep 2: Create the SSH tunnel
On your local machine (not the VM), open a terminal and run:
ssh -L 18789:127.0.0.1:18789 azureuser@<VM_PUBLIC_IP>This forwards your local port 18789 to the VM’s localhost 18789.
Step 3: Open in your browser
Navigate to:
http://127.0.0.1:18789You should see the OpenClaw Control UI login/pairing screen.
Tip: Keep the SSH tunnel terminal open while you use the dashboard. Closing it will disconnect the tunnel.
🌐 Option B: Public Access
If you need direct access via the VM’s public IP (e.g., for team access or when SSH tunnels aren’t practical):
Step 1: Set bind to LAN
cd ~/openclaw
nano .envSet:
OPENCLAW_GATEWAY_BIND=lanStep 2: Configure allowed origins
docker compose run --rm openclaw-cli config set \
gateway.controlUi.allowedOrigins \
'["http://<VM_PUBLIC_IP>:18789"]'Step 3: Open the Azure NSG port
In the Azure Portal:
- Go to your VM → Networking
- Click Add inbound port rule
- Configure:
- Destination port:
18789 - Protocol: TCP
- Source: Your IP address (not
Any) - Priority:
1001 - Name:
AllowOpenClaw
- Destination port:
Step 4: Restart and access
docker compose down
docker compose up -dOpen in your browser:
http://<VM_PUBLIC_IP>:18789🔑 Device Pairing
When you first access the Control UI, OpenClaw requires device pairing — a security mechanism that ensures only authorized browsers/devices can control the agent.
How it works
- Open the Control UI URL in your browser
- You’ll see a pairing request screen
- Approve the device from the CLI:
cd ~/openclaw
# List pending device pairing requests
docker compose run --rm openclaw-cli devices list
# Approve a specific device
docker compose run --rm openclaw-cli devices approve <requestId>Generating a dashboard link
If you need a fresh authenticated dashboard URL:
docker compose run --rm openclaw-cli dashboard --no-openThis outputs a URL with an embedded auth token — open it in your browser.
🔧 Dashboard Features
Once authenticated, the Control UI provides:
Conversation Monitor
- View active and historical conversations
- See messages from all connected channels (Discord, Telegram, etc.)
- Watch the AI agent’s responses in real-time
Configuration Panel
- Modify gateway settings through the UI
- Manage channel configurations
- View and update model settings
Agent Status
- Current model (e.g.,
github-copilot/claude-opus-4.6) - Connected channels and their status
- Hook/plugin status
- Health monitor information
Device Management
- List paired devices
- Approve or revoke device access
- View device identities
🔄 Accessing from Multiple Devices
Each browser/device that accesses the Control UI needs to be paired. To pair additional devices:
- Open the Control UI URL from the new device
- On the VM, approve the pairing:
docker compose run --rm openclaw-cli devices list
docker compose run --rm openclaw-cli devices approve <requestId>🐛 Common Access Issues
”Unauthorized / pairing required”
# Generate a new dashboard link with auth token
docker compose run --rm openclaw-cli dashboard --no-open
# Or approve pending devices
docker compose run --rm openclaw-cli devices list
docker compose run --rm openclaw-cli devices approve <requestId>curl works but browser shows blank/error
This usually means the Control UI assets weren’t built. Check:
docker compose logs --tail=50 openclaw-gateway | grep "control-ui\|controlUi\|assets"If you see “Control UI assets not found”:
docker compose down
docker compose up -d --build --force-recreateConnection refused from laptop
- Verify the SSH tunnel is active (Option A)
- Verify the NSG rule allows your IP (Option B)
- Verify the gateway is running:
docker compose ps
⏭️ Next Steps
Now that you can access the dashboard, let’s harden the security: Security Hardening for OpenClaw on Azure.
📌 Need expert help with this topic?
Luca Berton
AI & Cloud Advisor with 18+ years experience. Author of 8 technical books, creator of Ansible Pilot. Speaker at KubeCon EU & Red Hat Summit 2026.
Related Articles
Building a Persistent AI Agent Memory System with OpenClaw
End-to-end guide to building a complete persistent memory system for your OpenClaw AI agent. Combine memory flush, hybrid search, file-backed notes, SQLite indexing, and session hooks into a cohesive knowledge architecture.
Configuring OpenClaw Gateway Bind and Control UI on Azure
Deep dive into OpenClaw gateway bind modes (loopback, lan, tailnet, auto, custom), Control UI origin enforcement, and the allowedOrigins vs dangerouslyAllowHostHeaderOriginFallback trade-off.