# OpenClaw AI Gateway - Setup on NUC

**Date:** 2026-02-12 02:30
**Context:** Deployed OpenClaw (self-hosted AI assistant gateway) on the NUC via Docker Compose, connected WhatsApp channel.

## What Was Done

1. **Cloned repo** on NUC: `git clone https://github.com/openclaw/openclaw.git ~/openclaw`
2. **Built Docker image** natively on NUC (x86/amd64, no cross-compile): `docker build -t openclaw:local -f Dockerfile .`
3. **Created config** at `~/.openclaw/openclaw.json` with Anthropic Claude model
4. **Generated gateway token**: `3547c3f2b7b4a33eb077cf804bcca446057f81ba1578b2045dbb3aa4e04346ee`
5. **Started gateway** via `docker compose up -d openclaw-gateway`
6. **Ran doctor --fix** to migrate config schema and create required directories
7. **Set up Tailscale Serve** on port 8443 for HTTPS access (Control UI requires secure context)
8. **Approved device pairing** for browser access
9. **Configured Anthropic OAuth token** (generated via `claude setup-token` on Mac, valid 1 year)
10. **Enabled WhatsApp plugin** and linked via QR code

## Key Decisions

- **Built on NUC, not Mac** — NUC is x86/amd64 so native build is faster than cross-compiling from ARM Mac
- **Not deployed via Coolify** — OpenClaw uses its own docker-compose with specific volume mounts and CLI container; Coolify would add complexity without benefit
- **Tailscale Serve (not Funnel)** — Only needs tailnet access, not public internet. Port 8443 (443 taken by Turbostarter)
- **API key via env var** — Set `ANTHROPIC_API_KEY` in both `~/.openclaw/openclaw.json` and `~/openclaw/.env` for reliability
- **`script` command for QR capture** — The CLI needs a TTY for QR display; `script -qc '...' /dev/null` fakes a PTY over non-interactive SSH

## Issues Encountered & Solutions

| Issue | Cause | Solution |
|-------|-------|----------|
| Config "invalid" after creation | Used legacy `agent.model` key | Use `agents.defaults.model.primary`; run `doctor --fix` |
| "control ui requires HTTPS" | Web Crypto API needs secure context | Tailscale Serve on port 8443 |
| "pairing required" | New browser device not approved | `devices list` + `devices approve <requestId>` via `docker exec` |
| "unauthorized: gateway token missing" | UI didn't have token | Use dashboard URL with `#token=...` hash |
| CLI `docker compose run` can't reach gateway | CLI container gets different Docker IP | Use `docker exec` into running gateway container instead |
| `channels login` fails "unsupported channel" | Channel plugin not enabled | `plugins enable whatsapp` first, then restart gateway |
| `sudo tailscale serve` fails via SSH | No TTY for sudo password | Must run from interactive SSH session on NUC |
| WhatsApp QR not visible | No TTY in non-interactive SSH | Use `script -qc '...' /tmp/output.txt` to capture with fake TTY |

## Files Modified

- `~/openclaw/.env` — Docker Compose env vars (token, API key, paths)
- `~/openclaw/docker-compose.yml` — Added `ANTHROPIC_API_KEY` env var to gateway service
- `~/.openclaw/openclaw.json` — Gateway config (model, auth, env)
- `/Users/agutierrez/Desktop/nuc/CLAUDE.md` — Added full OpenClaw documentation section

## Credentials

| Item | Value |
|------|-------|
| Gateway Token | `3547c3f2b7b4a33eb077cf804bcca446057f81ba1578b2045dbb3aa4e04346ee` |
| Anthropic OAuth Token | `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` (expires ~Feb 2027) |
| NUC sudo password | `7vXHpSTD` |
| Control UI URL | `https://alezmad-nuc.tail58f5ad.ts.net:8443` |

## Container Details

| Container | Image | Status |
|-----------|-------|--------|
| `openclaw-openclaw-gateway-1` | `openclaw:local` | Running |

## Connected Channels

- **WhatsApp** — Linked via QR code, web session active

## Related

- [OpenClaw GitHub](https://github.com/openclaw/openclaw)
- [OpenClaw Docker Docs](https://docs.openclaw.ai/install/docker)
- CLAUDE.md OpenClaw section