The latest articles on DEV Community by Asim Hayat (@asim07). https://dev.to/asim07 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F779983%2F3f527244-4345-4615-9698-6b7e6925e1b1.jpg https://dev.to/asim07 en Asim Hayat Sat, 07 Mar 2026 02:41:06 +0000 https://dev.to/asim07/openclaw-whatsapp-how-to-lock-your-bot-to-one-specific-group-16pb https://dev.to/asim07/openclaw-whatsapp-how-to-lock-your-bot-to-one-specific-group-16pb <p>The first time I added OpenClaw to a WhatsApp group, it replied to every single message. My friend sent "lol" and the bot wrote a three-paragraph response. Someone shared a meme and it started analyzing the image. My phone was blowing up.</p> <p>Then people started DMing my number directly because OpenClaw uses <em>your</em> WhatsApp account, not a separate bot number. The bot was happily chatting with complete strangers.</p> <p>I turned it off within 10 minutes.</p> <p>The fix took another 10 minutes once I figured out the config. Here's exactly how to lock your OpenClaw bot so it only responds in one specific group, only when mentioned, and ignores everything else.</p> <h2> The Problem: OpenClaw Talks to Everyone </h2> <p>OpenClaw doesn't have its own WhatsApp number. It piggybacks on yours. That means every DM to your number hits the bot, every group you're in becomes a potential chat room, and the bot eats API tokens on messages you never wanted it to see.</p> <p>If you're running Anthropic's API, that "lol" response probably cost you $0.02. Multiply that by 50 messages in an active group and you're burning through credits for nothing.</p> <p>The config file that controls all of this lives at <code>~/.openclaw/openclaw.json</code>. Every change requires a restart:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openclaw restart </code></pre> </div> <p>Let's lock it down layer by layer.</p> <h2> Layer 1: Lock DMs With allowFrom </h2> <p>First, stop random people from chatting with your bot. The <code>allowFrom</code> field controls who can send DMs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"channels"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"whatsapp"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"allowFrom"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"+15551234567"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Only numbers in this array can DM the bot. Everyone else gets ignored. No response, no error message, nothing. The bot just silently drops the message.</p> <p>Use full international format with the <code>+</code> prefix. If you want to add a second person:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"allowFrom"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"+15551234567"</span><span class="p">,</span><span class="w"> </span><span class="s2">"+15559876543"</span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p>Quick tip: if you don't want to hardcode numbers, use <code>dmPolicy: "pairing"</code> instead. This makes unknown senders receive a pairing code that you have to approve before they can chat:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"channels"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"whatsapp"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"dmPolicy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"pairing"</span><span class="p">,</span><span class="w"> </span><span class="nl">"allowFrom"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"+15551234567"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Pairing requests expire after 1 hour and are capped at 3 pending requests per channel, so nobody can flood your bot with approval requests.</p> <h2> Layer 2: Set Group Policy </h2> <p>Now for groups. OpenClaw has two independent filtering layers for groups, and this is where most people get confused.</p> <p><code>groupPolicy</code> controls <em>who</em> can trigger the bot in groups. The <code>groups</code> block controls <em>which</em> groups the bot responds in. They work together but they're configured separately.</p> <p>Start with <code>groupPolicy</code>. You have two options:</p> <p><code>"allowlist"</code> means only senders listed in <code>groupAllowFrom</code> can trigger the bot in any group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"channels"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"whatsapp"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"groupPolicy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"allowlist"</span><span class="p">,</span><span class="w"> </span><span class="nl">"groupAllowFrom"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"+15551234567"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><code>"open"</code> means anyone in an allowed group can trigger the bot (with mention gating):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"channels"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"whatsapp"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"groupPolicy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"open"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Which one should you use? If it's a personal bot and only you should trigger it, go with <code>"allowlist"</code> and put your number in <code>groupAllowFrom</code>. If it's a team or client bot where multiple people need access, use <code>"open"</code> and rely on group-level controls plus mention gating.</p> <h2> Layer 3: Target One Specific Group </h2> <p>This is the part everyone wants. You need the group's JID (Jabber ID), which looks like <code>120363407119785089@g.us</code>.</p> <p>To find your group JID, run this command and then send a message in the target group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openclaw logs <span class="nt">--follow</span> </code></pre> </div> <p>Watch the logs for a line like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Inbound message 120363407119785089@g.us -&gt; +15551234567 (group) </code></pre> </div> <p>That long number before <code>@g.us</code> is your group JID. Copy it.</p> <p>Now configure the <code>groups</code> block to only allow that specific group:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"channels"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"whatsapp"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"dmPolicy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"pairing"</span><span class="p">,</span><span class="w"> </span><span class="nl">"allowFrom"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"+15551234567"</span><span class="p">],</span><span class="w"> </span><span class="nl">"groupPolicy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"open"</span><span class="p">,</span><span class="w"> </span><span class="nl">"groups"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"120363407119785089@g.us"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"requireMention"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>When the <code>groups</code> block exists and doesn't include a <code>"*"</code> wildcard, it acts as an allowlist. Only the groups listed here will get responses. Every other group is silently ignored.</p> <p>Setting <code>requireMention: true</code> means someone has to @mention the bot or reply to one of its messages before it responds. Without this, the bot replies to every message in the group.</p> <p>If you want the bot to reply to everything in that one group without needing a mention:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"120363407119785089@g.us"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"requireMention"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Only do this for small, private groups. In a 50-person group with <code>requireMention: false</code>, your API bill will be ugly.</p> <h2> The Full Config: One Group, Locked Down </h2> <p>Here's the complete config that locks DMs, targets one group, and requires mentions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"channels"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"whatsapp"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"dmPolicy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"pairing"</span><span class="p">,</span><span class="w"> </span><span class="nl">"allowFrom"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"+15551234567"</span><span class="p">],</span><span class="w"> </span><span class="nl">"groupPolicy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"open"</span><span class="p">,</span><span class="w"> </span><span class="nl">"groups"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"120363407119785089@g.us"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"requireMention"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"ackReaction"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"emoji"</span><span class="p">:</span><span class="w"> </span><span class="s2">"👀"</span><span class="p">,</span><span class="w"> </span><span class="nl">"direct"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"group"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mentions"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"sendReadReceipts"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"agents"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"list"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"main"</span><span class="p">,</span><span class="w"> </span><span class="nl">"groupChat"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"mentionPatterns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"@openclaw"</span><span class="p">,</span><span class="w"> </span><span class="s2">"openclaw"</span><span class="p">,</span><span class="w"> </span><span class="s2">"@bot"</span><span class="p">],</span><span class="w"> </span><span class="nl">"historyLimit"</span><span class="p">:</span><span class="w"> </span><span class="mi">50</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Let me break down the extras.</p> <p><code>ackReaction</code> makes the bot react with 👀 when it receives your message, so you know it's processing. In groups, it only reacts on mentions.</p> <p><code>sendReadReceipts</code> shows the blue ticks so you know the bot read the message.</p> <p><code>mentionPatterns</code> is the list of words that trigger the bot in groups. Add whatever your team will naturally type. Replying to a bot message also counts as a mention automatically.</p> <p><code>historyLimit: 50</code> means the bot sees the last 50 messages in the group for context, even ones it didn't respond to. Useful for "catch up" questions like "summarize what everyone said."</p> <h2> Known Bug: groupPolicy "allowlist" Can Block Everything </h2> <p>Here's something that tripped me up and has caught others too. If you use <code>groupPolicy: "allowlist"</code> but leave <code>groupAllowFrom</code> empty, <strong>all group messages are blocked</strong> even if you've configured specific groups in the <code>groups</code> block.</p> <p>This happens because OpenClaw checks <code>groupAllowFrom</code> first. If it's empty, the message is dropped before it ever reaches the group-level config.</p> <p>There's an open <a href="https://github.com/openclaw/openclaw/issues/6558" rel="noopener noreferrer">GitHub issue (#6558)</a> about this. The workaround is simple: use <code>groupPolicy: "open"</code> and let the <code>groups</code> block handle which groups are allowed. That's what I use in my config above.</p> <p>If you specifically need sender-level filtering in groups where only certain people can trigger the bot, you need to set both:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"groupPolicy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"allowlist"</span><span class="p">,</span><span class="w"> </span><span class="nl">"groupAllowFrom"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"+15551234567"</span><span class="p">,</span><span class="w"> </span><span class="s2">"+15559876543"</span><span class="p">],</span><span class="w"> </span><span class="nl">"groups"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"120363407119785089@g.us"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"requireMention"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Testing It </h2> <p>After saving your config and running <code>openclaw restart</code>, test each layer:</p> <p><strong>1. DM test.</strong> Have a friend who is not in your <code>allowFrom</code> list DM your WhatsApp number. The bot should not respond.</p> <p><strong>2. Wrong group test.</strong> Send a message in a group that is not in your <code>groups</code> config. The bot should ignore it.</p> <p><strong>3. Right group, no mention.</strong> Send a normal message in the target group without mentioning the bot. If <code>requireMention</code> is true, the bot should stay quiet. The message still gets stored for context though.</p> <p><strong>4. Right group, with mention.</strong> Send "<a class="mentioned-user" href="https://dev.to/openclaw">@openclaw</a> what's the weather?" in the target group. The bot should respond.</p> <p><strong>5. Check logs.</strong> Run <code>openclaw logs --follow</code> and watch for:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Blocked group message (group not in allowlist) </code></pre> </div> <p>or<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Skipped (no mention) </code></pre> </div> <p>These confirm each layer is working.</p> <p><strong>6. Run the doctor.</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openclaw doctor </code></pre> </div> <p>This surfaces risky or misconfigured DM policies and group settings. If anything looks off, it'll tell you.</p> <h2> Quick Reference </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>What you want</th> <th>Config</th> </tr> </thead> <tbody> <tr> <td>Only I can DM the bot</td> <td><code>allowFrom: ["+1555..."]</code></td> </tr> <tr> <td>Unknown people get pairing flow</td> <td><code>dmPolicy: "pairing"</code></td> </tr> <tr> <td>Bot only active in one group</td> <td> <code>groups: { "JID@g.us": { ... } }</code> (no <code>"*"</code> entry)</td> </tr> <tr> <td>Bot requires @mention in group</td> <td><code>requireMention: true</code></td> </tr> <tr> <td>Anyone in the group can trigger</td> <td><code>groupPolicy: "open"</code></td> </tr> <tr> <td>Only specific people can trigger</td> <td> <code>groupPolicy: "allowlist"</code> + <code>groupAllowFrom</code> </td> </tr> <tr> <td>Bot reacts when processing</td> <td><code>ackReaction: { emoji: "👀" }</code></td> </tr> </tbody> </table></div> <h2> What's Next </h2> <p>In the next article, I'll cover how to switch AI models in OpenClaw without losing your conversation history. Useful when you want Claude for complex tasks and Gemini Flash for quick replies to save on API costs.</p> <h2> Need Help Setting This Up? </h2> <p>I deploy and maintain OpenClaw professionally. AWS, Docker, Nginx, Telegram, WhatsApp, multi-agent, the works.</p> <p>150+ projects delivered. 100% job success rate. Top Rated Plus on Upwork.</p> <p>→ <a href="https://www.upwork.com/freelancers/muhammadasimh2" rel="noopener noreferrer">Hire me on Upwork</a> → Email: <a href="mailto:chaudhryasim5@gmail.com">chaudhryasim5@gmail.com</a></p> openclaw tutorial automation beginners Asim Hayat Sat, 28 Feb 2026 01:09:27 +0000 https://dev.to/asim07/stop-exposing-port-18789-how-i-secure-openclaw-on-aws-ec2-with-nginx-and-ssl-do9 https://dev.to/asim07/stop-exposing-port-18789-how-i-secure-openclaw-on-aws-ec2-with-nginx-and-ssl-do9 <p>I've set up OpenClaw on EC2 multiple times now — for myself and for clients. And every single time I take over someone else's setup, I find the same thing: port 18789 wide open to the internet, no SSL, no reverse proxy, running as root.</p> <p>Bitsight found over 30,000 exposed OpenClaw instances. Attackers aren't even bothering with prompt injection — they're connecting directly to the gateway WebSocket and getting full access.</p> <p>This is how I deploy OpenClaw properly. Gateway on loopback, Nginx in front, SSL via Let's Encrypt, and EC2 security groups that only allow what's necessary. Takes about 30 minutes.</p> <h2> Why 0.0.0.0 Binding Will Get You Hacked </h2> <p>When you run through OpenClaw's onboarding wizard, it asks you about the gateway bind mode. A lot of people pick "LAN" because they want to access the dashboard from their browser. That binds the gateway to <code>0.0.0.0</code> — meaning every network interface on the machine.</p> <p>On an EC2 instance, that means anyone on the internet can hit port 18789 directly. Your gateway is now a public endpoint. Even with token auth enabled, you're one misconfiguration away from someone controlling your AI agent, reading your sessions, and executing commands on your server.</p> <p>The OpenClaw docs are clear about this: <em>never expose the gateway unauthenticated on 0.0.0.0</em>.</p> <p>Here's what we're going to do instead:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Internet → Port 443 (HTTPS) → Nginx → 127.0.0.1:18789 → OpenClaw Gateway </code></pre> </div> <p>The gateway only talks to localhost. Nginx handles SSL termination and proxies requests. Nothing else is exposed.</p> <h2> Prerequisites </h2> <ul> <li>An AWS EC2 instance running Ubuntu 24.04 (t3.medium or bigger — OpenClaw needs at least 4GB RAM for comfortable operation)</li> <li>A domain name pointed to your EC2 instance's public IP (I'll use <code>openclaw.yourdomain.com</code> as an example)</li> <li>SSH access to your instance</li> <li>An API key from your LLM provider (Anthropic, OpenAI, Gemini, etc.)</li> </ul> <h2> Step 1: Install OpenClaw </h2> <p>SSH into your EC2 instance and install OpenClaw:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Make sure Node 22+ is installed</span> node <span class="nt">--version</span> <span class="c"># Install OpenClaw</span> curl <span class="nt">-fsSL</span> https://openclaw.ai/install.sh | bash <span class="c"># Run the onboarding wizard</span> openclaw onboard <span class="nt">--install-daemon</span> </code></pre> </div> <p>During onboarding, when it asks about the gateway bind mode, pick <strong>loopback</strong>. This is critical. It binds the gateway to <code>127.0.0.1</code> only.</p> <p>If you've already set up OpenClaw with a different bind mode, fix it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openclaw config <span class="nb">set </span>gateway.bind loopback </code></pre> </div> <p>Verify it's running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openclaw gateway status </code></pre> </div> <p>You should see the gateway running on <code>127.0.0.1:18789</code>. If you try to access <code>http://your-ec2-ip:18789</code> from your browser right now, it should refuse the connection. That's exactly what we want.</p> <h2> Step 2: Set Up Gateway Authentication </h2> <p>Even though we're binding to loopback, set up token auth. Defense in depth:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate a strong random token</span> <span class="nv">TOKEN</span><span class="o">=</span><span class="si">$(</span>openssl rand <span class="nt">-hex</span> 32<span class="si">)</span> <span class="nb">echo</span> <span class="s2">"Your gateway token: </span><span class="nv">$TOKEN</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Save this somewhere safe."</span> <span class="c"># Set the token</span> openclaw config <span class="nb">set </span>gateway.auth.mode token openclaw config <span class="nb">set </span>gateway.auth.token <span class="s2">"</span><span class="nv">$TOKEN</span><span class="s2">"</span> </code></pre> </div> <p>Also configure trusted proxies so OpenClaw correctly reads the real client IP from Nginx:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openclaw config <span class="nb">set </span>gateway.trustedProxies <span class="s1">'["127.0.0.1"]'</span> </code></pre> </div> <p>Without this, OpenClaw sees Nginx's IP for every request instead of the actual client IP. That breaks rate limiting and IP-based access controls.</p> <p>Restart the gateway to apply changes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart openclaw </code></pre> </div> <h2> Step 3: Install and Configure Nginx </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> nginx </code></pre> </div> <p>Create the Nginx config for OpenClaw:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/nginx/sites-available/openclaw </code></pre> </div> <p>Paste this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">upstream</span> <span class="s">openclaw_gateway</span> <span class="p">{</span> <span class="kn">server</span> <span class="nf">127.0.0.1</span><span class="p">:</span><span class="mi">18789</span><span class="p">;</span> <span class="p">}</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">openclaw.yourdomain.com</span><span class="p">;</span> <span class="c1"># Redirect all HTTP to HTTPS (we'll set up SSL next)</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$server_name$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">openclaw.yourdomain.com</span><span class="p">;</span> <span class="c1"># SSL certs will be added by Certbot in the next step</span> <span class="c1"># ssl_certificate /etc/letsencrypt/live/openclaw.yourdomain.com/fullchain.pem;</span> <span class="c1"># ssl_certificate_key /etc/letsencrypt/live/openclaw.yourdomain.com/privkey.pem;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://openclaw_gateway</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="c1"># WebSocket support — required for OpenClaw dashboard</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">"upgrade"</span><span class="p">;</span> <span class="c1"># Pass real client IP to OpenClaw</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="c1"># Longer timeouts for WebSocket connections</span> <span class="kn">proxy_read_timeout</span> <span class="mi">86400</span><span class="p">;</span> <span class="kn">proxy_send_timeout</span> <span class="mi">86400</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Replace <code>openclaw.yourdomain.com</code> with your actual domain.</p> <p>Enable the site and test the config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/ <span class="nb">sudo rm</span> /etc/nginx/sites-enabled/default <span class="c"># Remove default site</span> <span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="nb">sudo </span>systemctl reload nginx </code></pre> </div> <p>If <code>nginx -t</code> shows errors, fix them before moving on. Don't skip this.</p> <h2> Step 4: SSL with Let's Encrypt </h2> <p>Install Certbot and get your certificate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> certbot python3-certbot-nginx <span class="nb">sudo </span>certbot <span class="nt">--nginx</span> <span class="nt">-d</span> openclaw.yourdomain.com </code></pre> </div> <p>Certbot will ask for your email, agree to terms, and then automatically modify your Nginx config to add the SSL certificate paths. It also sets up auto-renewal.</p> <p>Verify auto-renewal works:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>certbot renew <span class="nt">--dry-run</span> </code></pre> </div> <p>Now uncomment the SSL lines in your Nginx config (Certbot usually does this automatically, but double-check):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="nb">sudo </span>systemctl reload nginx </code></pre> </div> <p>Test it: open <code>https://openclaw.yourdomain.com</code> in your browser. You should see the OpenClaw Control UI with a valid SSL certificate and no browser warnings.</p> <h2> Step 5: Configure OpenClaw for the Reverse Proxy </h2> <p>Since we're accessing the Control UI through a domain now (not localhost), OpenClaw needs to know about the allowed origin:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openclaw config <span class="nb">set </span>gateway.controlUi.allowedOrigins <span class="s1">'["https://openclaw.yourdomain.com"]'</span> </code></pre> </div> <p><strong>Watch out for a known gotcha</strong>: if you see an error about <code>controlUI</code> (capital UI), ignore that — the correct config key uses lowercase <code>controlUi</code>. This is a known bug in the error message as of version 2026.2.24.</p> <p>Restart the gateway:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart openclaw </code></pre> </div> <h2> Step 6: systemd Service with Auto-Restart </h2> <p>If you used <code>openclaw onboard --install-daemon</code>, systemd should already be configured. But let's make sure it's set up properly for production:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/systemd/system/openclaw.service </code></pre> </div> <p>It should look something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="nn">[Unit]</span> <span class="py">Description</span><span class="p">=</span><span class="s">OpenClaw Gateway</span> <span class="py">After</span><span class="p">=</span><span class="s">network-online.target</span> <span class="py">Wants</span><span class="p">=</span><span class="s">network-online.target</span> <span class="nn">[Service]</span> <span class="py">Type</span><span class="p">=</span><span class="s">simple</span> <span class="py">User</span><span class="p">=</span><span class="s">ubuntu</span> <span class="py">Environment</span><span class="p">=</span><span class="s">NODE_ENV=production</span> <span class="py">ExecStart</span><span class="p">=</span><span class="s">/usr/local/bin/openclaw gateway --port 18789</span> <span class="py">Restart</span><span class="p">=</span><span class="s">always</span> <span class="py">RestartSec</span><span class="p">=</span><span class="s">10</span> <span class="py">StandardOutput</span><span class="p">=</span><span class="s">journal</span> <span class="py">StandardError</span><span class="p">=</span><span class="s">journal</span> <span class="nn">[Install]</span> <span class="py">WantedBy</span><span class="p">=</span><span class="s">multi-user.target</span> </code></pre> </div> <p>Key settings:</p> <ul> <li> <strong>Restart=always</strong> — if it crashes, systemd brings it back</li> <li> <strong>RestartSec=10</strong> — waits 10 seconds before restart (avoids crash loops)</li> <li> <strong>User=ubuntu</strong> — don't run as root</li> </ul> <p>Enable and start:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl daemon-reload <span class="nb">sudo </span>systemctl <span class="nb">enable </span>openclaw <span class="nb">sudo </span>systemctl start openclaw </code></pre> </div> <p>Verify it's running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl status openclaw journalctl <span class="nt">-u</span> openclaw <span class="nt">-f</span> <span class="c"># Live logs</span> </code></pre> </div> <p>After a server reboot, OpenClaw will start automatically. Test this by running <code>sudo reboot</code> and checking after the instance comes back up.</p> <h2> Step 7: Lock Down EC2 Security Groups </h2> <p>Go to your AWS Console → EC2 → Security Groups → select the group attached to your instance.</p> <p>Set inbound rules to:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Port</th> <th>Protocol</th> <th>Source</th> <th>Why</th> </tr> </thead> <tbody> <tr> <td>22</td> <td>TCP</td> <td>Your IP only</td> <td>SSH access</td> </tr> <tr> <td>80</td> <td>TCP</td> <td>0.0.0.0/0</td> <td>HTTP → redirects to HTTPS</td> </tr> <tr> <td>443</td> <td>TCP</td> <td>0.0.0.0/0</td> <td>HTTPS (Nginx + SSL)</td> </tr> </tbody> </table></div> <p>That's it. Three ports. Everything else is blocked.</p> <p>Specifically, make sure port 18789 is <strong>NOT</strong> in your security group rules. There's zero reason for it to be accessible from the internet since Nginx proxies everything through 443.</p> <p>If you want to be extra careful with SSH, restrict port 22 to only your IP address instead of <code>0.0.0.0/0</code>. You can find your IP at <code>whatismyip.com</code>.</p> <h2> Final Checklist </h2> <p>Run through this before you call it done:</p> <ul> <li>[ ] <code>openclaw gateway status</code> shows running on 127.0.0.1:18789</li> <li>[ ] <code>curl http://localhost:18789</code> from the server returns a response</li> <li>[ ] <code>curl http://YOUR_EC2_PUBLIC_IP:18789</code> from your laptop returns connection refused</li> <li>[ ] <code>https://openclaw.yourdomain.com</code> loads the dashboard with valid SSL</li> <li>[ ] WebSocket connection works (dashboard is interactive, not just static)</li> <li>[ ] <code>sudo systemctl status openclaw</code> shows active</li> <li>[ ] <code>sudo reboot</code> → wait → OpenClaw comes back automatically</li> <li>[ ] EC2 security group only has ports 22, 80, 443</li> <li>[ ] <code>openclaw security audit</code> runs clean (or with only expected warnings)</li> </ul> <h2> What This Setup Looks Like </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Internet │ ▼ ┌──────────────────────┐ │ EC2 Security Group │ │ Only 22, 80, 443 │ └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ Nginx (:443) │ │ SSL termination │ │ WebSocket proxy │ └──────────┬───────────┘ │ proxy_pass ▼ ┌──────────────────────┐ │ OpenClaw Gateway │ │ 127.0.0.1:18789 │ │ Token auth enabled │ └──────────────────────┘ </code></pre> </div> <p>No exposed ports. SSL everywhere. Auto-restart on crash or reboot. Gateway only talks to localhost.</p> <p>This is the same setup I run for myself and deploy for clients. Nothing fancy, just proper infrastructure that doesn't leave your AI agent exposed to the internet.</p> <h2> Need Help Setting This Up? </h2> <p>I deploy and maintain OpenClaw professionally — AWS, Docker, Nginx, Telegram, WhatsApp, multi-agent, the works.</p> <p>150+ projects delivered. 100% job success rate. Top Rated Plus on Upwork.</p> <p>→ <a href="https://www.upwork.com/freelancers/~01a4546b4bd4769843?mp_source=share" rel="noopener noreferrer">Hire me on Upwork</a><br> → Email: <a href="mailto:chaudhryasim5@gmail.com">chaudhryasim5@gmail.com</a></p> openclaw aws devops security