How to Secure Your OpenClaw Deployment in 15 Minutes

I recently scanned the internet and found 8,600+ exposed OpenClaw instances with zero authentication and zero encryption. Every single one of them was accessible to anyone who knew the IP address.

If you're running OpenClaw on a cloud server, there's a good chance you're one of them.

The good news: you can lock it down in about 15 minutes. Here's exactly how.

The Problem

OpenClaw's default configuration:

• Binds to 0.0.0.0:18789 (all network interfaces — public-facing)
• No authentication required
• No SSL/TLS encryption
• API fully accessible to anyone who connects

This means your chat histories, API keys, model configurations, and any tools your agent has access to are exposed to the open internet. In plaintext.

What You Need

• SSH access to your server
• A domain name pointed at your server (for SSL — optional but recommended)
• 15 minutes

Step 1: Bind OpenClaw to Localhost (2 minutes)

The single most impactful change. Stop OpenClaw from listening on the public internet.

Find your OpenClaw configuration file and change the bind address:

# Before (exposed to the internet)
server:
  host: 0.0.0.0
  port: 18789
 
# After (only accessible from localhost)
server:
  host: 127.0.0.1
  port: 18789

Restart OpenClaw after making this change. Now it only accepts connections from the same machine. Nobody on the internet can reach it directly.

If you stop here, you're already safer than 100% of the instances we found. But let's keep going.

Step 2: Install Nginx as a Reverse Proxy (5 minutes)

A reverse proxy sits in front of OpenClaw, handles authentication and encryption, and forwards legitimate requests.

# Ubuntu/Debian
sudo apt update && sudo apt install -y nginx
 
# CentOS/RHEL
sudo yum install -y nginx

Create the Nginx config:

sudo nano /etc/nginx/sites-available/openclaw

server {
    listen 80;
    server_name your-domain.com;  # or your server IP
 
    location / {
        # Basic authentication
        auth_basic "OpenClaw";
        auth_basic_user_file /etc/nginx/.openclaw_htpasswd;
 
        # Proxy to OpenClaw on localhost
        proxy_pass http://127.0.0.1:18789;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
 
        # Timeouts for long-running AI requests
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
    }
}

Enable the site:

sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default  # remove default site

Step 3: Set Up Basic Authentication (2 minutes)

Create a password file for Nginx:

# Install htpasswd utility
sudo apt install -y apache2-utils
 
# Create a user (you'll be prompted for a password)
sudo htpasswd -c /etc/nginx/.openclaw_htpasswd admin

Pick a strong password. This is the only thing standing between the internet and your AI agent.

For multiple users:

# Add additional users (note: no -c flag, which would overwrite)
sudo htpasswd /etc/nginx/.openclaw_htpasswd another_user

Test and reload Nginx:

sudo nginx -t          # verify config is valid
sudo systemctl reload nginx

Now anyone trying to access your OpenClaw instance gets a username/password prompt first.

Step 4: Enable SSL/TLS with Let's Encrypt (5 minutes)

You need a domain name pointed at your server for this step. If you're using a bare IP, skip to the firewall section — but strongly consider getting a domain.

Install Certbot:

# Ubuntu/Debian
sudo apt install -y certbot python3-certbot-nginx
 
# Run Certbot — it automatically configures Nginx for SSL
sudo certbot --nginx -d your-domain.com

Certbot will:

• Obtain a free SSL certificate
• Modify your Nginx config to use HTTPS
• Set up automatic renewal
• Redirect HTTP to HTTPS

After this, your OpenClaw instance is accessible only via https://your-domain.com with a valid username and password. Traffic is encrypted end-to-end.

Step 5: Firewall the Raw Port (1 minute)

Even with Nginx in front, block direct access to port 18789 as defense-in-depth:

# UFW (Ubuntu)
sudo ufw deny 18789
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable
 
# Or with iptables
sudo iptables -A INPUT -p tcp --dport 18789 -j DROP

Now even if someone knows the port, the firewall drops the connection before it reaches OpenClaw.

Verify It's Working

Run these checks to confirm everything is locked down:

# 1. Direct port access should fail
curl -s http://YOUR_SERVER_IP:18789
# Expected: connection refused or timeout
 
# 2. HTTP should redirect to HTTPS
curl -sI http://your-domain.com
# Expected: 301 redirect to https://
 
# 3. HTTPS without auth should be rejected
curl -s https://your-domain.com
# Expected: 401 Unauthorized
 
# 4. HTTPS with auth should work
curl -s -u admin:your_password https://your-domain.com
# Expected: OpenClaw response
 
# 5. Check Shodan (may take a few days to update)
shodan host YOUR_SERVER_IP
# Expected: port 18789 should no longer appear

Quick Reference

Here's the before and after:

Beyond the Basics

Once you've locked down access, consider these additional hardening steps:

Rotate your API keys. If your instance was exposed before today, assume your API keys (Anthropic, OpenAI, etc.) have been compromised. Regenerate them.

Audit chat histories. Review what conversations and data were accessible while the instance was open. If sensitive business data was discussed through the agent, treat it as potentially compromised.

Apply least-privilege to tools. Review what tools and integrations your OpenClaw agent has access to. Does your coding assistant really need access to your email? Limit each agent's capabilities to what it actually needs.

Set up monitoring. Log access to your Nginx proxy. Watch for unusual patterns — spikes in requests, access from unexpected IPs, requests to endpoints your normal usage doesn't hit.

Keep OpenClaw updated. Subscribe to OpenClaw's release announcements. Patch when security updates drop. Nearly 25% of the instances we found were running outdated software with known vulnerabilities.

IP allowlisting. If you only access OpenClaw from specific locations, restrict Nginx to those IPs:

location / {
    allow 203.0.113.50;     # your home IP
    allow 198.51.100.0/24;  # your office range
    deny all;
 
    auth_basic "OpenClaw";
    # ... rest of config
}

The Bottom Line

OpenClaw ships insecure by default. That's a design choice that prioritizes ease of setup over safety — and it's the reason 8,600+ instances are sitting naked on the internet right now.

Securing it takes 15 minutes. The five steps above — localhost binding, reverse proxy, authentication, SSL, and firewall — are the same basic stack we use for every other internet-facing service. Nothing exotic.

If you've done this and want a second pair of eyes, I offer a free exposure check. I'll tell you exactly what Shodan sees when it looks at your infrastructure.

Running AI agents in production? I help organizations secure their AI infrastructure. Free exposure audit at haunlab.com/free-audit.

— Taylor Haun, Haun Labs