openclaw-cloudflare-secureSecurely expose an OpenClaw Gateway WebUI on a VPS via Cloudflare Zero Trust Access + Cloudflare Tunnel (cloudflared), including DNS cutover for custom hostnames and optional cleanup of Tailscale Serve.
Install via ClawdBot CLI:
clawdbot install jskoiz/openclaw-cloudflare-secureUse this when you want an easy public URL (e.g. openclaw.example.com) that is NOT directly exposed, protected by Cloudflare Access allowlist, and delivered via Cloudflare Tunnel to a local service (commonly http://127.0.0.1:18789).
http://127.0.0.1:18789 (or your chosen local port).example.com).CLOUDFLARE_API_TOKEN.If you used Tailscale Serve earlier and want to remove it:
sudo tailscale serve resetIn Cloudflare Zero Trust:
cloudflared service install On the VPS:
./scripts/install_cloudflared.sh
sudo ./scripts/tunnel_service_install.sh '<TOKEN>'Verify:
sudo systemctl is-active cloudflared
sudo systemctl status cloudflared --no-pager -l | sed -n '1,80p'This uses the bundled DNS helper (./scripts/cf_dns.py). It will:
.cfargotunnel.com Prereq:
export CLOUDFLARE_API_TOKEN='...'Use this when you want the agent (with least-privilege DNS token) to create records programmatically:
./scripts/dns_create_record.sh --zone example.com --type A --name openclaw --content 1.2.3.4 --proxied true
./scripts/dns_create_record.sh --zone example.com --type CNAME --name openclaw --content target.example.net --proxied true./scripts/dns_point_hostname_to_tunnel.sh \
--zone example.com \
--hostname openclaw.example.com \
--tunnel-uuid <TUNNEL_UUID>In the tunnel:
openclaw.example.comhttp://127.0.0.1:18789In Zero Trust:
openclaw.example.com1) Allow: include specific emails (your allowlist)
2) Block: include Everyone
sudo systemctl disable --now cloudflared.Generated Mar 1, 2026
A distributed team needs secure access to an internal OpenClaw WebUI for managing AI workflows without exposing the service directly to the internet. Using Cloudflare Access and Tunnel ensures only authorized team members can connect via a custom domain, protecting sensitive data.
An AI consulting firm offers clients a private portal to monitor and interact with their OpenClaw instances. Cloudflare Access allows easy management of client-specific allowlists, while the tunnel provides a reliable, encrypted connection from the VPS to clients worldwide.
A university or training provider uses OpenClaw for AI research labs, requiring students to access the WebUI securely from off-campus. Cloudflare policies restrict access to enrolled students, and the tunnel setup simplifies network configuration without complex VPNs.
A healthcare organization deploys OpenClaw for processing anonymized patient data, needing HIPAA-compliant secure access. Cloudflare's zero-trust model and encrypted tunnels ensure only authorized medical staff can reach the WebUI, maintaining data privacy and regulatory compliance.
Offer a subscription-based service where you set up and maintain Cloudflare Access and Tunnel configurations for clients using OpenClaw. This includes ongoing monitoring, policy updates, and support, generating recurring revenue from security management fees.
Provide one-time consulting services to help businesses deploy OpenClaw with Cloudflare secure access. This includes initial setup, DNS configuration, and training, with potential for follow-up support contracts, leading to project-based income.
Develop and sell a SaaS platform that automates the deployment of OpenClaw with Cloudflare security features. Users pay for access to the platform, which handles tunnel creation, DNS management, and access policies, creating scalable revenue from user subscriptions.
đź’¬ Integration Tip
Ensure the Cloudflare API token has minimal permissions (Zone:DNS:Edit and Zone:Zone:Read) to enhance security, and always verify tunnel status and DNS records after setup to avoid connectivity issues.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack 🦞
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Interact with Moltbook social network for AI agents. Post, reply, browse, and analyze engagement. Use when the user wants to engage with Moltbook, check their feed, reply to posts, or track their activity on the agent social network.
OpenClaw CLI wrapper — gateway, channels, models, agents, nodes, browser, memory, security, automation.
MoltGuard — runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...