theboss
Grand Guru
- Joined
- Nov 25, 2018
- Messages
- 268
I see a lot of openclaw chatter and I have security concerns. I'm posting this mini-guide on how to harden an openclaw instance running in the cloud. You will need cloudflare and a domain that can receive email on it for this guide. For this example I'll use example.com as the domain. This guide is to tighten EXTERNAL threats. I'll leave a note at the end regarding internal security concerns.
NOTE: if you are using a custom droplet of some kind with other web stuff running on port 80 this will not work!
You can likely just ask it to do this for you. What we want to do is create a proxy that will map port 18789 (the port openclaw is on) to port 80. Why not just change it in the config? Because we can't use NGINX for one of it's nice features which is to only allow certain traffic and tell everybody else to go away. When we create NGINX we are going to use this as the default profile.
As you can see in this file we are allowing port 80 traffic ONLY from openclaw.example.com.
NOTE: if you are using a custom droplet of some kind with other web stuff running on port 80 this will not work!
1) Install NGINX on your openclaw server.
You can likely just ask it to do this for you. What we want to do is create a proxy that will map port 18789 (the port openclaw is on) to port 80. Why not just change it in the config? Because we can't use NGINX for one of it's nice features which is to only allow certain traffic and tell everybody else to go away. When we create NGINX we are going to use this as the default profile.
As you can see in this file we are allowing port 80 traffic ONLY from openclaw.example.com.
Last edited:
