Description
Summary
On Brev / brevlab VMs running the NemoClaw onboard UI (Next.js) behind nginx and cloudflared, we observed:
- OpenClaw stays red in the dashboard SERVICES panel even when the gateway is healthy inside the sandbox.
openshell sandbox exec must use openshell sandbox exec -n <NAME> -- <cmd>; exec <name> curl … treats <name> as the remote command and falls back to the last-used sandbox (wrong / hang).- Host
127.0.0.1:18789 requires openshell forward start --background 18789 <sandbox>; preflight should start forward before relying on host probes (exec can hang on some gateways).
- Sandbox phase: treat
Running like Ready for “agent live” so health fallbacks run.
- Preflight: probe
GET /health (optional Bearer), not only / (401 while healthy).
- Brev public URL: tunnel hostnames may use
nemoclaw0- vs legacy openclaw0-; prefer journald-detected hostname; optional BREVLAB_DASHBOARD_PREFIX.
- cloudflared
unexpected EOF / context canceled on /api/logs (SSE): nginx default proxy_read_timeout; mitigations: long proxy_read_timeout/proxy_send_timeout for location /api/, SSE : ping keep-alives, X-Accel-Buffering: no.
Documentation
docs/troubleshooting/brev-onboard-ui-openclaw-dashboard.md (new)- Cross-links from
docs/deployment/deploy-to-remote-gpu.md and docs/reference/troubleshooting.md
Application / image (may live outside this repo)
- onboard-ui:
app/api/preflight/route.ts, lib/services/openclaw.ts, lib/services/openshell.ts, components/organisms/SystemVisualizer.tsx, app/api/logs/route.ts
nemoclaw-nginx.conf: /api/ proxy timeouts
Ask
Confirm long-term home for onboard-ui + nemoclaw-nginx.conf (monorepo vs image-only) and align shipping with Brev launchables.
Reporter: @ofunk-nvidia (Brev VM validation)
Reproduction Steps
Reproduction steps
Provision or use a Brev / brevlab VM with the NemoClaw onboard UI (Next.js on :3000), nginx on 127.0.0.1:80 → Next, and cloudflared exposing the public nemoclaw0-…brevlab.com (or equivalent) URL.
Complete onboarding so at least one sandbox exists (e.g. first row in openshell sandbox list shows Ready or Running).
Do not run openshell forward start manually (simulate a fresh session where host :18789 is not forwarded).
Open the dashboard (/dashboard) and call GET /api/preflight (or use the SERVICES panel).
Observe: OpenClaw stays red (checks.openclaw.ok === false) while gateway / docker / openshell can still be green.
(Optional) Open live logs (client uses EventSource on /api/logs?source=all). Watch cloudflared / VM logs: unexpected EOF or context canceled for requests to /api/logs or /api/agent, with origin http://localhost:80.
Workaround that turns OpenClaw green:
openshell forward start --background 18789
then reload preflight — checks.openclaw becomes ok: true.
Environment
| Item |
Value (example / fill in) |
| Host |
Brev launchable VM (nemoclaw-*-inst-* on GCP; Linux 6.x, Ubuntu) |
| Public URL |
https://nemoclaw0-<brev-env-id>.brevlab.com (Cloudflare Access in front — sign-in may be required for browser) |
| Ingress |
cloudflared → http://127.0.0.1:80 (nginx) → Next onboard UI :3000 |
| OpenShell |
e.g. 0.0.24 (openshell --version) |
| NemoClaw CLI |
e.g. 0.0.7 (nemoclaw --version) |
| Docker |
e.g. 28.x (docker --version) |
| Node (onboard UI) |
e.g. 22.x |
| Python |
e.g. 3.10.x |
| Onboard UI |
Next.js 16.x (standalone server.js, systemd nemoclaw-onboard-ui.service, PORT=3000) |
| nginx |
Site nemoclaw from nemoclaw-nginx.conf — /api/ → :3000, / → OpenClaw :18789 with fallback |
| Sandboxes |
openshell sandbox list — at least one Ready / Running; OpenClaw listens inside sandbox on 127.0.0.1:18789 |
| CHAT_UI_URL |
Set or unset per image; affects baked allowedOrigins / dashboard URL hints |
| GPU |
CPU-only variant possible (provision.json variant: cpu) |
| Paste outputs if useful: |
|
uname -a
openshell --version
nemoclaw --version
docker --version
node --version
cat /etc/nemoclaw/provision.json 2>/dev/null | head -c 2000
curl -sS http://127.0.0.1:3000/api/preflight | jq '.checks, .provision.components'
Debug Output
| Item | Value (example / fill in) |
|------|---------------------------|
| **Host** | Brev launchable VM (`nemoclaw-*-inst-*` on GCP; Linux `6.x`, Ubuntu) |
| **Public URL** | `https://nemoclaw0-<brev-env-id>.brevlab.com` (Cloudflare Access in front — sign-in may be required for browser) |
| **Ingress** | `cloudflared` → `http://127.0.0.1:80` (nginx) → Next onboard UI `:3000` |
| **OpenShell** | e.g. `0.0.24` (`openshell --version`) |
| **NemoClaw CLI** | e.g. `0.0.7` (`nemoclaw --version`) |
| **Docker** | e.g. `28.x` (`docker --version`) |
| **Node (onboard UI)** | e.g. `22.x` |
| **Python** | e.g. `3.10.x` |
| **Onboard UI** | Next.js **16.x** (standalone `server.js`, systemd `nemoclaw-onboard-ui.service`, `PORT=3000`) |
| **nginx** | Site `nemoclaw` from `nemoclaw-nginx.conf` — `/api/` → `:3000`, `/` → OpenClaw `:18789` with fallback |
| **Sandboxes** | `openshell sandbox list` — at least one **Ready** / **Running**; OpenClaw listens **inside** sandbox on `127.0.0.1:18789` |
| **CHAT_UI_URL** | Set or unset per image; affects baked `allowedOrigins` / dashboard URL hints |
| **GPU** | CPU-only variant possible (`provision.json` `variant: cpu`) |
Paste outputs if useful:
uname -a
openshell --version
nemoclaw --version
docker --version
node --version
cat /etc/nemoclaw/provision.json 2>/dev/null | head -c 2000
curl -sS http://127.0.0.1:3000/api/preflight | jq '.checks, .provision.components'
Logs
| Item | Value (example / fill in) |
|------|---------------------------|
| **Host** | Brev launchable VM (`nemoclaw-*-inst-*` on GCP; Linux `6.x`, Ubuntu) |
| **Public URL** | `https://nemoclaw0-<brev-env-id>.brevlab.com` (Cloudflare Access in front — sign-in may be required for browser) |
| **Ingress** | `cloudflared` → `http://127.0.0.1:80` (nginx) → Next onboard UI `:3000` |
| **OpenShell** | e.g. `0.0.24` (`openshell --version`) |
| **NemoClaw CLI** | e.g. `0.0.7` (`nemoclaw --version`) |
| **Docker** | e.g. `28.x` (`docker --version`) |
| **Node (onboard UI)** | e.g. `22.x` |
| **Python** | e.g. `3.10.x` |
| **Onboard UI** | Next.js **16.x** (standalone `server.js`, systemd `nemoclaw-onboard-ui.service`, `PORT=3000`) |
| **nginx** | Site `nemoclaw` from `nemoclaw-nginx.conf` — `/api/` → `:3000`, `/` → OpenClaw `:18789` with fallback |
| **Sandboxes** | `openshell sandbox list` — at least one **Ready** / **Running**; OpenClaw listens **inside** sandbox on `127.0.0.1:18789` |
| **CHAT_UI_URL** | Set or unset per image; affects baked `allowedOrigins` / dashboard URL hints |
| **GPU** | CPU-only variant possible (`provision.json` `variant: cpu`) |
Paste outputs if useful:
uname -a
openshell --version
nemoclaw --version
docker --version
node --version
cat /etc/nemoclaw/provision.json 2>/dev/null | head -c 2000
curl -sS http://127.0.0.1:3000/api/preflight | jq '.checks, .provision.components'
Checklist
Description
Summary
On Brev / brevlab VMs running the NemoClaw onboard UI (Next.js) behind nginx and cloudflared, we observed:
openshell sandbox execmust useopenshell sandbox exec -n <NAME> -- <cmd>;exec <name> curl …treats<name>as the remote command and falls back to the last-used sandbox (wrong / hang).127.0.0.1:18789requiresopenshell forward start --background 18789 <sandbox>; preflight should start forward before relying on host probes (exec can hang on some gateways).RunninglikeReadyfor “agent live” so health fallbacks run.GET /health(optional Bearer), not only/(401 while healthy).nemoclaw0-vs legacyopenclaw0-; prefer journald-detected hostname; optionalBREVLAB_DASHBOARD_PREFIX.unexpected EOF/context canceledon/api/logs(SSE): nginx defaultproxy_read_timeout; mitigations: longproxy_read_timeout/proxy_send_timeoutforlocation /api/, SSE: pingkeep-alives,X-Accel-Buffering: no.Documentation
docs/troubleshooting/brev-onboard-ui-openclaw-dashboard.md(new)docs/deployment/deploy-to-remote-gpu.mdanddocs/reference/troubleshooting.mdApplication / image (may live outside this repo)
app/api/preflight/route.ts,lib/services/openclaw.ts,lib/services/openshell.ts,components/organisms/SystemVisualizer.tsx,app/api/logs/route.tsnemoclaw-nginx.conf:/api/proxy timeoutsAsk
Confirm long-term home for onboard-ui + nemoclaw-nginx.conf (monorepo vs image-only) and align shipping with Brev launchables.
Reporter: @ofunk-nvidia (Brev VM validation)
Reproduction Steps
Reproduction steps
Provision or use a Brev / brevlab VM with the NemoClaw onboard UI (Next.js on :3000), nginx on 127.0.0.1:80 → Next, and cloudflared exposing the public nemoclaw0-…brevlab.com (or equivalent) URL.
Complete onboarding so at least one sandbox exists (e.g. first row in openshell sandbox list shows Ready or Running).
Do not run openshell forward start manually (simulate a fresh session where host :18789 is not forwarded).
Open the dashboard (/dashboard) and call GET /api/preflight (or use the SERVICES panel).
Observe: OpenClaw stays red (checks.openclaw.ok === false) while gateway / docker / openshell can still be green.
(Optional) Open live logs (client uses EventSource on /api/logs?source=all). Watch cloudflared / VM logs: unexpected EOF or context canceled for requests to /api/logs or /api/agent, with origin http://localhost:80.
Workaround that turns OpenClaw green:
openshell forward start --background 18789
then reload preflight — checks.openclaw becomes ok: true.
Environment
nemoclaw-*-inst-*on GCP; Linux6.x, Ubuntu)https://nemoclaw0-<brev-env-id>.brevlab.com(Cloudflare Access in front — sign-in may be required for browser)cloudflared→http://127.0.0.1:80(nginx) → Next onboard UI:30000.0.24(openshell --version)0.0.7(nemoclaw --version)28.x(docker --version)22.x3.10.xserver.js, systemdnemoclaw-onboard-ui.service,PORT=3000)nemoclawfromnemoclaw-nginx.conf—/api/→:3000,/→ OpenClaw:18789with fallbackopenshell sandbox list— at least one Ready / Running; OpenClaw listens inside sandbox on127.0.0.1:18789allowedOrigins/ dashboard URL hintsprovision.jsonvariant: cpu)Debug Output
Logs
Checklist