Openclaw - your free open-source AI personal assistant (formerly Clawdbot & Moltbot)

@robi These were patches made to the openclaw package. I'd say best is you guys test what you are trying to do then we can make all moving parts work

I think it works now. Too slow on CPU so can't actually test it without waiting ages. Ollama will only work with a model that supports tool use, so no tinyllama.

1. Node.js version override

Cloudron base image ships Node 22.14, OpenClaw requires 22.16+. We symlink /usr/local/node-22.14.0/bin/node → /usr/bin/node (NodeSource 22.22) so both the gateway
and openclaw CLI use the correct version.

2. Gateway config for reverse proxy

OpenClaw doesn't expect to run behind a proxy by default. start.sh creates /app/data/config/openclaw.json on first run with:

• gateway.mode: "local" — skips pairing requirement
• gateway.trustedProxies: ["172.18.0.0/16"] — trusts Cloudron's Docker network
• gateway.controlUi.dangerouslyAllowHostHeaderOriginFallback: true — allows web UI behind Cloudron's reverse proxy
• gateway.controlUi.dangerouslyDisableDeviceAuth: true — skips device pairing for web UI

3. Ollama auth proxy

OpenClaw's Ollama model discovery (/api/tags) doesn't send auth headers. Cloudron's Ollama package requires Bearer token auth. start.sh starts a Node.js HTTP proxy on localhost:11434 that:

• Intercepts all requests to Ollama
• Injects Authorization: Bearer <OLLAMA_API_KEY> header
• Forwards to the real OLLAMA_BASE_URL
• Overrides OLLAMA_BASE_URL to http://127.0.0.1:11434 so OpenClaw talks to the proxy

Activated when both OLLAMA_API_KEY and OLLAMA_BASE_URL are set in /app/data/.env.

4. Auth auto-provisioning

start.sh auto-creates /app/data/agents/main/agent/auth-profiles.json from:

• CLAUDE_SETUP_TOKEN → type: "token" profile
• ANTHROPIC_API_KEY → type: "api_key" profile

Not sure if this is actually valuable for anyone but it should work.

actually looks a bit more complicated and that ollama won't let openclaw do model discovery without api key… I'll have to look more into this

Pushing an update now for easy ollama configuration. You should be able to pass endpoint and API key through the .env

To connect your Cloudron Ollama with OpenClaw:

• install Ollama
• download a model in Ollama, for example by running ollama pull tinyllama in the web terminal.
• grab the Ollama API key with cat /app/data/.api_keyor from the file explorer
• install OpenClaw
• open file explorer for OpenClaw app and open .env
• add endpoint and api key from ollama
• restart OpenClaw

@timconsidine I didn't bundle it with ollama. Is that something you want to do? Ollama won't really be very useful on the vast majority of servers without some beefy GPU. But you could connect openclaw with it.

Packaged, needs more testing though https://git.due.ren/andreas/openclaw-cloudron/-/raw/main/CloudronVersions.json

Plus it's an opinionated packaged geared towards what I think is important but installing new skills should work as is.

@girish Perfect thank you

@James I am aware, I mean migrating from the stock Matrix app

Edit: Nevermind I completely misread, I thought this is a replacement for synapse including MAS but its MAS standalone

@robi Likely in the browser cache when using the web UI. In the App locally on your computer

@girish Unfortunately setting https://my.cloudron.example/openid/jwks_rsaonly isn't working either and testing auth returns:

Failed to get your identity
Looks like something went wrong. Here are the details.
Failed to verify oidc token with fresh keys
undefined

PKCE is disabled, Email claim is set to email and OIDC Scopes are set to openid,email and profile.

I can see the login attempt as authenticated in the logs for some reason though.

Edit: https://my.cloudron.example/openid/jwks_rsaonly for my cloudron returns only {"keys":[]}. Was there a regression? I'm running 9.1.3. The regular jwks endpoint is returning proper values..

@Joseph Data is stored locally if you don't connect it with their hosted service or a self-hosted instance.

@James Nice, have you tested rolling back the backup from the cloudron stock app as a form of migration of an existing instance?

@girish Perfect thanks!

Can we please allow rsync for the lamp stack? That would speed up my CI/CD pipeline.

@girish

Mar 03 15:37:42 2026-03-03T21:37:42.190 request_id=GJlyiUIE9OJthqsAAMcB [info] GET /admin/shared-senders/new
Mar 03 15:37:42 2026-03-03T21:37:42.202 request_id=GJlyiUIE9OJthqsAAMcB [info] Sent 500 in 11ms
Mar 03 15:37:42 2026-03-03T21:37:42.203 request_id=GJlyiUIE9OJthqsAAMcB [error] ** (Phoenix.Template.UndefinedError) Could not render "_config.html" for KeilaWeb.SenderView, please define a matching clause for render/2 or define a template at "lib/keila_web/templates/sender/*". The following templates were compiled:
Mar 03 15:37:42 %{form: %Phoenix.HTML.Form{source: #Ecto.Changeset<action: nil, changes: %{config: #Ecto.Changeset<action: :insert, changes: %{type: "ses"}, errors: [], data: #Keila.Mailings.Sender.Config<>, valid?: true, ...>}, errors: [], data: #Keila.Mailings.SharedSender<>, valid?: true, ...>, impl: Phoenix.HTML.FormData.Ecto.Changeset, id: "form", name: "shared_sender", data: %Keila.Mailings.SharedSender{__meta__: #Ecto.Schema.Metadata<:built, "mailings_shared_senders">, id: nil, name: nil, config: nil, inserted_at: nil, updated_at: nil}, action: nil, hidden: [], params: %{}, errors: [], options: [method: "post", id: "form", multipart: false, class: "mt-8 max-w-md flex flex-col gap-4", "@change": "setUnsavedReminder(true)", "x-data": true], index: nil}, sender_adapters: ["ses"]}
Mar 03 15:37:42 (keila 0.19.0) lib/keila_web/controllers/shared_sender_admin_controller.ex:1: KeilaWeb.SharedSenderAdminController.action/2
Mar 03 15:37:42 (keila 0.19.0) lib/keila_web/templates/shared_sender_admin/edit.html.heex:60: anonymous fn/3 in KeilaWeb.SharedSenderAdminView."edit.html"/1
Mar 03 15:37:42 (phoenix 1.7.21) lib/phoenix/controller.ex:1008: anonymous fn/5 in Phoenix.Controller.template_render_to_iodata/4
Mar 03 15:37:42 (phoenix 1.7.21) lib/phoenix/controller.ex:974: Phoenix.Controller.render_and_send/4
Mar 03 15:37:42 (phoenix_live_view 1.1.24) lib/phoenix_live_view/engine.ex:130: Phoenix.HTML.Safe.Phoenix.LiveView.Rendered.to_iodata/1
Mar 03 15:37:42 (phoenix_live_view 1.1.24) lib/phoenix_live_view/engine.ex:142: Phoenix.HTML.Safe.Phoenix.LiveView.Rendered.to_iodata/3
Mar 03 15:37:42 (phoenix_view 2.0.4) lib/phoenix_view.ex:694: Phoenix.View.__not_found__!/3
Mar 03 15:37:42 (telemetry 1.3.0) /app/code/deps/telemetry/src/telemetry.erl:324: :telemetry.span/3

@Muhanand Definitely possible. But this app just by nature requires a more sophisticated manual setup.

@jdaviescoates Would you be willing to run a custom app as a standalone application for recordings?

I set something up for our org which I'm hosting at recording.cloud.tld.com. But the package is hardcoding some opinionated things and secrets.

For example I set up recording and Speaker-diarized transcription (which is super slow on CPU). I'm willing to open source this but the package requires more work for a general audience which I'm only willing to put in, if this is of value for other people.

@LoudLemur Honestly I would recommend to just spin up a separate VPS (doesn't need to be powerful) and install this implementation: https://github.com/sunweaver/nextcloud-high-performance-backend-setup.git

Cloudron is great but the firewall is always creating problems for me with the turn server.

Updated Ente Package: andreasdueren/ente-cloudron:0.6.3

️ Fix: startup.log no longer grows unbounded
The startup log was being appended across every restart, growing to 4-5 GB and causing very slow backups. It is now truncated on each startup — only the current session's logs are kept. Backups will be significantly faster from the next restart onward.

Upstream changes (ente-io/ente):
• 792f28c: README: add Locker Obtainium and GitHub release links
• 9810269: [mob][locker] Prevent duplicate default collections during signup
• 26549fc: [mob][photos] VectorDB write index fix
• 686706b: Toggle to let ML run continuously
• 922784b: Internal toggle to let ML run continuously without interruption

Upstream: https://github.com/ente-io/ente/commit/922784b

Howdy, I needed a web frontend for my LanguageTool instance so I wrote one. It's one lightweight html file with embedded Javascript and free to use: https://git.due.ren/andreas/proofreader.git