vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 04:40:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: add AllowTcpForwarding prerequisite to Hetzner SSH tunnel step

Browse Source 
Fixes #54557; carries forward #54564; refs #54954. Thanks @satishkc7, @blackstrype, and @Aftabbs.
This commit is contained in:
SATISH K C
2026-04-28 22:16:30 -05:00
committed by GitHub
parent 7475b27887
commit ab5c8025c9
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -13,6 +13,7 @@ Docs: https://docs.openclaw.ai
### Fixes
- Docs/Hetzner: clarify that SSH tunnel access requires `AllowTcpForwarding local` before running `ssh -L`, so hardened VPS sshd configs do not block loopback Gateway access. Fixes #54557; carries forward #54564; refs #54954. Thanks @satishkc7, @blackstrype, and @Aftabbs.
- Gateway/shutdown: report structured shutdown warnings and HTTP close timeout warnings through `ShutdownResult` while preserving lifecycle hook hardening. Carries forward #41296. Thanks @edenfunf.
- Plugins/QA: prebuild the private QA channel runtime before plugin gauntlet source runs so wrapper CPU/RSS measurements are not polluted by private QA dist rebuild work. Thanks @vincentkoc.
- Gateway/reload: bound default restart deferral and SIGUSR1 restart drain to five minutes while preserving explicit `deferralTimeoutMs: 0` indefinite waits, so stale active work accounting cannot block config reloads forever. Thanks @vincentkoc.

17
docs/install/hetzner.md
View File

@@ -218,7 +218,22 @@ For the generic Docker flow, see [Docker](/install/docker).
</Step>
<Step title="Hetzner-specific access">
After the shared build and launch steps, tunnel from your laptop:
After the shared build and launch steps, complete the following setup to open the tunnel:
**Prerequisite:** Ensure your VPS sshd config allows TCP forwarding. If you
have hardened your SSH config, check `/etc/ssh/sshd_config` and set:
```
AllowTcpForwarding local
```
`local` allows `ssh -L` local forwards from your laptop while blocking
remote forwards from the server. Setting it to `no` will fail the tunnel
with:
`channel 3: open failed: administratively prohibited: open failed`
After confirming TCP forwarding is enabled, restart the SSH service
(`systemctl restart ssh`) and run the tunnel from your laptop:
```bash
ssh -N -L 18789:127.0.0.1:18789 root@YOUR_VPS_IP