Backend
25,731 installs
openclaw-secure-linux-cloud
by xixu-me/skills
Use when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or…
Skill content
Secure self-hosted OpenClaw deployment on Linux cloud servers with conservative access controls. - Guides fresh deployments, hardening reviews, and access-model decisions (SSH tunneling, Tailscale, reverse proxy) for remote OpenClaw instances - Recommends a "deploy private, expose later" baseline: loopback-only gateway, SSH tunnel access, token auth, pairing, and minimal tool permissions by default - Separates local machine actions (tunnel setup, browser access) from server actions (Linux hardening, Podman setup, config permissions) to avoid execution confusion - Includes distro-specific hardening steps, rootless Podman setup, baseline config templates, pre-launch checklists, and access-escalation guidance with explicit red flags for unsafe patterns Overview Use this skill for the conservative "deploy first, expose later" pattern for OpenClaw on a cloud server. Default to a private control plane: - Harden the Linux host before exposing anything. - Keep the gateway bound to 127.0.0.1. - Reach the Control UI through an SSH tunnel first. - Keep token authentication, pairing, and sandboxing enabled. - Start with a narrow tool profile and loosen only with an explicit need. This skill is for secure Linux cloud hosting. If the user only wants the fastest generic OpenClaw install on a local machine, prefer the official OpenClaw onboarding docs instead of forcing this flow. Open references/REFERENCE.md when you need the command matrix, baseline config shape, checklist, or access-path comparison.