Description
[Description]
When NemoClaw is deployed on a remote host, the dashboard binds to 127.0.0.1, and forwarded browser connections may still fail with device identity required .
The remote access flow is effectively broken even when the HTTP port is forwarded successfully. This blocks a core hosted deployment workflow.
[Environment]
- Device: Unbuntu
- Node.js: v22.22.0.
- npm: 10.9.4
- Docker: Docker Engine 29.3.0
- OpenShell CLI: 0.0.15
- NemoClaw: v0.1.0 (cec1e4)
- OpenClaw: 2026.3.11 (29dc654)
[Steps to Reproduce]
- Run: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash
- nemoclaw installed
- Access: http://127.0.0.1:18789/chat?session=main
[Expected Behavior]
Remote deployments should support a documented and working access path, including correct host binding and websocket/device-auth behavior.
- Remote-host deployment can bind to
0.0.0.0 or another explicitly configured reachable address. - Browser websocket connections succeed when
dangerouslyDisableDeviceAuth: true is configured. - The docs describe the supported remote access pattern and any security implications.
- An automated or scripted test covers the remote access path.
Summary
When NemoClaw is deployed on a remote host, the dashboard binds to 127.0.0.1, and forwarded browser connections may still fail with origin not allowed or device identity required.
Problem
The remote access flow is effectively broken even when the HTTP port is forwarded successfully. This blocks a core hosted deployment workflow.
Expected behavior
Remote deployments should support a documented and working access path, including correct host binding and websocket/device-auth behavior.
Acceptance criteria
- Remote-host deployment can bind to
0.0.0.0 or another explicitly configured reachable address.
- Browser websocket connections succeed when
dangerouslyDisableDeviceAuth: true is configured.
- The docs describe the supported remote access pattern and any security implications.
- An automated or scripted test covers the remote access path.
[NVB#6018684]
Description
[Description]
When NemoClaw is deployed on a remote host, the dashboard binds to
127.0.0.1, and forwarded browser connections may still fail withdevice identity required.The remote access flow is effectively broken even when the HTTP port is forwarded successfully. This blocks a core hosted deployment workflow.
[Environment]
[Steps to Reproduce]
[Expected Behavior]
Remote deployments should support a documented and working access path, including correct host binding and websocket/device-auth behavior.
0.0.0.0or another explicitly configured reachable address.dangerouslyDisableDeviceAuth: trueis configured.Summary
When NemoClaw is deployed on a remote host, the dashboard binds to
127.0.0.1, and forwarded browser connections may still fail withorigin not allowedordevice identity required.Problem
The remote access flow is effectively broken even when the HTTP port is forwarded successfully. This blocks a core hosted deployment workflow.
Expected behavior
Remote deployments should support a documented and working access path, including correct host binding and websocket/device-auth behavior.
Acceptance criteria
0.0.0.0or another explicitly configured reachable address.dangerouslyDisableDeviceAuth: trueis configured.[NVB#6018684]