Updated on 2026-03-24 GMT+08:00

Getting Started

The solution creates a security group rule for port 18789 by default (this port is usually used to access OpenClaw). If necessary, configure an IP address whitelist by referring to the following information to prevent the port from being exposed to the public network.

This solution uses port 22 to remotely log in to the cloud server in SSH mode. By default, the public IP address 119.8.185.245/32 for logging in to Cloud Shell is allowed. An IP address whitelist has been configured. If you need to remotely log in to the cloud server, you can directly use CloudShell for remote login.

After the solution is deployed, the environment initialization will take 5 to 10 minutes. The actual deployment time may vary depending on the network and bandwidth. You can access the solution only after the deployment is complete.

(Optional) Modifying Security Group Rules

A security group is a collection of access control rules to control traffic to and from cloud resources, such as cloud servers, containers, and databases. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC.

You can modify security group rules, for example, by adding, modifying, or deleting a TCP port, as follows:

  • Adding a security group rule: Add an inbound rule and enable a TCP port if needed.
  • Modifying a security group rule: Inappropriate security group settings may introduce serious security risks. You can modify security group rules to ensure the network security of your ECSs.
  • Deleting a security group rule: If the source or destination IP address of an inbound or outbound security group rule changes, or a port needs to be disabled, you can delete the security group rule.

Initializing OpenClaw Configuration

  1. Logging in to the server remotely: Open the local terminal, enter `ssh root@{public IP}`, and then enter the server password to log in to the server. You can obtain the server's public IP address by referring to step 10 of the one-click deployment procedure.

    Figure 1 SSH login

  2. Initialization:After logging in to the server, enter openclaw onboard to initialize the server.

    Figure 2 Continue execution
    Figure 3 Select Quick Start mode.

    Figure 4 Select Update values.
    Figure 5 Select a model provider (this article uses Darkside as an example).
    Figure 6 Select an authentication method, enter the API key, and select the default model.
    Figure 7 Configure now
    Figure 8 Select WhatsApp
    Figure 9 Link WhatsApp (QR)
    Figure 10 Add personal number
    Figure 11 Installing skills on demand

    Figure 12 Select pnpm as the Node.js package management tool and select the required skills.
    Figure 13 You can configure an API key as needed or select No for all of them.
    Figure 14 Enable hooks, and you are advised to select all default options.

    Figure 15 Restart the gateway service
    Figure 16 Start the UI and select the Web UI. Then, you can run the command "ssh -N -L 18789:127.0.0.1:18789 root@ECS_PUBLIC_IP" on the local PC to establish an encrypted SSH tunnel, and map the web UI service of the remote server to the local port. You can then access the address (http://127.0.0.1:18789/#token=xxxxx) with the token in the local browser.
    Figure 17 Initialization completed.

Configuring a Model on Huawei Cloud MaaS

OpenClaw supports custom configuration models.

  1. Logging in to the server: If you did not log out of the server in the previous phase, you can skip this step. Otherwise, log in to the server by referring to step 1 "Initializing OpenClaw Configuration" in this document.
  2. Configure the model information: Run the bash /root/sac/maas.sh command, and then enter the Base URL, API key, and model ID as prompted.

    Figure 18 Writing Model Information

Add a Channel (Discord)

This section takes Discord as an example. Each channel has its own configuration steps. For other channels, please refer to official documentations.

  1. Logging in to the server: If you did not log out of the server in the previous phase, you can skip this step. Otherwise, log in to the server by referring to step 1 "Initializing OpenClaw Configuration" in this document.
  2. Add a channel: Run openclaw channels add to start the configuration.

    Figure 19 Configure now
    Figure 20 Select Discord
    Figure 21 Go to Discord Developer Portal (https://discord.com/developers/applications), then create a new application
    Figure 22 Click Bot -> Reset Token
    Figure 23 Copy
    Figure 24 Paste
    Figure 25 Do not configure Discord channels access (open to all channels by default)
    Figure 26 Select Finished
    Figure 27 Do not configure DM access policies now
    Figure 28 Do not display names
    Figure 29 Toggle on Privileged Gateway Intents and save
    Figure 30 Select OAuth2 -> select bot for Scopes -> open the Generated URL
    Figure 31 Select your sever and authorize
    Figure 32 Approve the access on first message. Go back to the server and run openclaw pairing approve discord <code>