Back

12. OpenClaw Remote Deployment: Tailscale and Cloud Servers

This article details OpenClaw's remote deployment options, including Tailscale private network, cloud server deployment, Docker containerization, SSH tunneling, and more—helping you access your AI assistant anytime, anywhere.

  • “SSH tunnel OpenClaw”
  • “self-hosted AI assistant”

For OpenClaw v2026.2 | This article is for users who need 24/7 availability or multi-user access.

TL;DR: Simplest option: Tailscale ("tailscale": {"mode": "serve"}). Cloud server: Docker Compose deployment, recommend 2GB RAM, 1 CPU core. Self-hosted: Raspberry Pi 5 or old laptop. Security: bind to loopback, enable password authentication. SSH tunnel suits temporary access.

Why Remote Deployment?

Scenario Local Deployment Remote Deployment
24/7 Availability Computer must stay on ✅ Always available
Mobile Access Same network required ✅ Any network
Team Sharing ❌ Not supported ✅ Multi-user
Home Automation Computer must be online ✅ Server runs continuously
Cost Zero $5–20/month

Deployment Options Comparison

Option Difficulty Cost Security Use Case
Tailscale Free ⭐⭐⭐⭐⭐ Personal, home
SSH Tunnel ⭐⭐ Free ⭐⭐⭐⭐ Temporary access
Cloud Server ⭐⭐⭐ $5–20/month ⭐⭐⭐ Team, production
Self-Hosted Server ⭐⭐⭐⭐ Power + maintenance ⭐⭐⭐⭐ Enthusiasts, privacy

Option 1: Tailscale Private Network

What is Tailscale?

Tailscale is a WireGuard-based private network service that lets you securely access remote devices without exposing ports to the public internet.

Install Tailscale

# macOS
brew install tailscale

# Ubuntu/Debian
curl -fsSL https://tailscale.com/install.sh | sh

# CentOS/RHEL
sudo dnf install tailscale

Configure Tailscale

# Log in to Tailscale
sudo tailscale up

# Check status
tailscale status

# Example output:
# 100.64.0.1   your-machine  your-email@  linux -

# Get Tailnet name
tailscale debug whois

OpenClaw Tailscale Configuration

{
  "gateway": {
    "port": 18789,
    "bind": "loopback",
    "tailscale": {
      "mode": "serve",
      "resetOnExit": true
    }
  }
}
Mode Description
serve Accessible only within Tailnet
funnel Public access (requires password authentication)

Access Gateway

# Start Gateway
openclaw gateway

# Access via Tailscale
# https://your-machine.tailnet-name.ts.net

Option 2: SSH Tunnel

Create SSH Tunnel

# Local forwarding (run locally)
ssh -L 18789:localhost:18789 user@remote-server

# Then access
# http://localhost:18789

Reverse Tunnel

# Run on remote server
ssh -R 18789:localhost:18789 user@local-machine

# Then access locally
# http://localhost:18789

Persistent SSH Tunnel

Using autossh:

# Install autossh
brew install autossh  # macOS
sudo apt install autossh  # Ubuntu

# Create persistent tunnel
autossh -M 0 -f -N -L 18789:localhost:18789 user@remote-server

Option 3: Cloud Server Deployment

Choosing a Cloud Server

Provider Entry Config Price Notes
DigitalOcean 2GB RAM $12/month Simple and easy
Linode 2GB RAM $10/month Good value
Vultr 2GB RAM $10/month Global nodes
AWS Lightsail 2GB RAM $10/month AWS ecosystem
Hetzner 4GB RAM €5/month Lowest price
Item Minimum Recommended
CPU 1 core 2 cores
Memory 2GB 4GB
Storage 20GB 40GB SSD
Bandwidth 1TB/month 2TB/month
OS Ubuntu 22.04 Ubuntu 24.04

Docker Deployment

# docker-compose.yml
version: '3.8'

services:
  openclaw:
    image: openclaw/openclaw:latest
    container_name: openclaw
    restart: unless-stopped
    ports:
      - "127.0.0.1:18789:18789"
    volumes:
      - ./openclaw-data:/root/.openclaw
    environment:
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
      - TZ=Asia/Shanghai
    healthcheck:
      test: ["CMD", "openclaw", "health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
# Start
docker-compose up -d

# View logs
docker-compose logs -f

# Update
docker-compose pull && docker-compose up -d

System Service Deployment

# Create systemd service
sudo nano /etc/systemd/system/openclaw.service
[Unit]
Description=OpenClaw Gateway
After=network.target

[Service]
Type=simple
User=openclaw
WorkingDirectory=/home/openclaw
ExecStart=/usr/local/bin/openclaw gateway --port 18789
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target
# Enable service
sudo systemctl daemon-reload
sudo systemctl enable openclaw
sudo systemctl start openclaw

# Check status
sudo systemctl status openclaw

Reverse Proxy Configuration

Nginx:

server {
    listen 80;
    server_name your-domain.com;

    location / {
        proxy_pass http://127.0.0.1:18789;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Caddy:

your-domain.com {
    reverse_proxy localhost:18789
}

Option 4: Self-Hosted Server

Hardware Recommendations

Device Price Power Use Case
Raspberry Pi 5 $80–120 5–10W Light usage
Intel NUC $200–400 15–30W Medium load
Old Laptop Free 20–40W Budget limited
Mini PC $150–300 10–25W Best balance

Home Network Configuration

# Port forwarding (router config)
# External port 18789 -> Internal IP:18789

# Dynamic DNS
curl -u "user:password" "https://api.dynu.com/nic/update?hostname=your-domain.dynu.com"

Security Configuration

Basic Security

# Firewall configuration
sudo ufw allow ssh
sudo ufw allow 18789/tcp
sudo ufw enable

# Disable password login
sudo nano /etc/ssh/sshd_config
# PasswordAuthentication no

Authentication Configuration

{
  "gateway": {
    "auth": {
      "mode": "password",
      "password": "your-secure-password-here",
      "sessionTimeout": 3600000
    }
  }
}

Monitoring and Maintenance

Health Check

# HTTP health check
curl http://localhost:18789/health

# Auto restart
# Add to crontab
*/5 * * * * curl -f http://localhost:18789/health || systemctl restart openclaw

Log Management

# Log rotation
sudo nano /etc/logrotate.d/openclaw

/var/log/openclaw/*.log {
    daily
    rotate 7
    compress
    missingok
    notifempty
}

Summary

Remote deployment makes OpenClaw truly 24/7 available:

  • Tailscale: Simplest secure access option
  • SSH Tunnel: Quick option for temporary access
  • Cloud Server: First choice for teams and production
  • Self-Hosted Server: Best balance of privacy and cost

Changelog:

  • 2026-02-26: Initial release

Series Navigation: