Back to Details

openclaw-secure-linux-cloud

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

OpenClaw Secure Linux Cloud

OpenClaw Linux云环境安全部署

Overview

概述

Use this skill for the conservative "deploy first, expose later" pattern for OpenClaw on a Linux cloud host.
Default to a private control plane:
  • Harden the Linux host before exposing anything.
  • Keep the gateway bound to 
    127.0.0.1
    .
  • Reach the Control UI through an SSH tunnel first.
  • Keep token authentication, pairing, and sandboxing enabled.
  • Start with a narrow tool profile and loosen only with an explicit need.
This skill is for secure Linux cloud hosting. If the user only wants the fastest generic OpenClaw install on a local machine, prefer the official OpenClaw onboarding docs instead of forcing this flow.
Open 
references/REFERENCE.md
 when you need the command matrix, baseline config shape, checklist, or access-path comparison.
本技能适用于在Linux云主机上采用保守的「先部署,后暴露」模式部署OpenClaw。
默认采用私有控制平面:
  • 在暴露任何内容之前先加固Linux主机。
  • 将网关绑定到
    127.0.0.1
  • 首先通过SSH隧道访问控制UI。
  • 保持令牌认证、配对功能和沙箱处于启用状态。
  • 从狭窄的工具配置文件开始,仅在明确需要时才放宽权限。
本技能针对的是Linux云主机的安全托管场景。如果用户只是想在本地机器上快速完成通用的OpenClaw安装,建议优先使用官方OpenClaw入门文档,而非强制采用本流程。
当需要命令矩阵、基准配置模板、检查清单或访问路径对比时,请打开
references/REFERENCE.md

When To Use

适用场景

Use this skill when the user mentions any of the following:
  • OpenClaw on a Linux server, VPS, VM, or cloud instance
  • Secure self-hosting, hardening, or "run it privately"
  • Podman, loopback binding, SSH tunneling, or remote Control UI access
  • Tailscale vs reverse proxy for OpenClaw
  • Pairing, sandboxing, token auth, or locked-down tool permissions
  • Reviewing whether an existing OpenClaw host is too exposed
Do not use this skill for:
  • General Linux hardening with no OpenClaw component
  • Local single-machine onboarding where remote access is irrelevant
  • Pure local onboarding with no remote-host hardening questions
  • Non-Linux hosting unless the user explicitly wants this Linux-first pattern adapted
当用户提及以下任一内容时,可使用本技能:
  • 在Linux服务器、VPS、虚拟机或云实例上部署OpenClaw
  • 安全自托管、加固或「私密运行」需求
  • Podman、环回绑定、SSH隧道或远程控制UI访问
  • OpenClaw的Tailscale与反向代理选择
  • 配对功能、沙箱、令牌认证或受限工具权限
  • 检查现有OpenClaw主机是否暴露过度
以下场景请勿使用本技能:
  • 不涉及OpenClaw的通用Linux加固
  • 远程访问无关的本地单机入门部署
  • 无远程主机加固需求的纯本地入门部署
  • 非Linux主机部署,除非用户明确要求适配这种Linux优先的模式

Workflow

工作流程

1. Classify the request

1. 对请求进行分类

Put the task in one of these buckets before giving detailed guidance:
  1. Fresh deploy: the user wants to stand up OpenClaw securely on a Linux cloud host from scratch.
  2. Hardening review: the user already has OpenClaw running and wants to reduce exposure or audit risky defaults.
  3. Access-model decision: the user is choosing between SSH tunneling, Tailscale, or a reverse proxy.
在提供详细指导之前,先将任务归入以下类别之一:
  1. 全新部署:用户希望从零开始在Linux云主机上安全部署OpenClaw。
  2. 加固审查:用户已部署OpenClaw,希望减少暴露面或检查高风险默认设置。
  3. 访问模型决策:用户需要在SSH隧道、Tailscale或反向代理之间做选择。

2. Start from the secure baseline

2. 从安全基准开始

Unless the user clearly asks for something else, recommend this baseline:
  • Harden the Linux host first: updates, SSH keys, SSH lock-down, and a default-deny inbound firewall matched to the distro.
  • Run OpenClaw under rootless Podman rather than as a root-owned long-lived process.
  • Keep the gateway on loopback only.
  • Keep the Control UI private and access it through an SSH tunnel.
  • Require token authentication.
  • Keep pairing enabled for inbound messaging channels.
  • Start with a minimal tool set and sandbox sessions by default.
Treat these as explicit red flags:
  • Binding the gateway to 
    0.0.0.0
  • Opening port 
    18789
    to the public internet
  • Turning on broad runtime, filesystem, automation, or browser access by default
  • Leaving 
    ~/.openclaw
    readable by other local users
除非用户明确要求其他配置,否则推荐以下基准配置:
  • 先加固Linux主机:更新系统、配置SSH密钥、锁定SSH、根据发行版配置默认拒绝入站的防火墙。
  • 以无root权限的Podman运行OpenClaw,而非以root身份运行长期进程。
  • 仅将网关绑定到环回地址。
  • 保持控制UI私有,通过SSH隧道访问。
  • 要求令牌认证。
  • 为入站消息通道启用配对功能。
  • 默认从最小工具集开始,并启用会话沙箱。
以下情况属于明确的风险信号:
  • 将网关绑定到
    0.0.0.0
  • 向公网开放
    18789
    端口
  • 默认开启广泛的运行时、文件系统、自动化或浏览器访问权限
  • 允许其他本地用户读取
    ~/.openclaw
    目录

3. Separate local and server actions

3. 区分本地与服务器操作

Always distinguish between:
  • Local machine actions: SSH key generation, tunnel setup, browser access
  • Server actions: Linux hardening, Podman install path, OpenClaw service setup, config permissions, service restarts
Do not blur the two execution contexts together. The user should be able to tell which commands run on their laptop and which run on the Linux host.
始终明确区分:
  • 本地机器操作:SSH密钥生成、隧道设置、浏览器访问
  • 服务器操作:Linux加固、Podman安装、OpenClaw服务配置、文件权限设置、服务重启
请勿混淆这两个执行环境。用户应能清楚区分哪些命令在笔记本电脑上运行,哪些在Linux主机上运行。

4. Ask only for blocking facts

4. 仅询问关键必要信息

Only stop for missing facts that change the safe path, such as:
  • Linux distro and host access details when package-manager or firewall commands matter
  • Whether OpenClaw is already installed
  • Whether the user truly needs repeated remote private access or public access
  • Whether an existing deployment is already reachable from the internet
If a detail is not safety-critical, make the reasonable secure assumption and state it.
仅在缺少会影响安全路径的关键信息时才暂停询问,例如:
  • 当包管理器或防火墙命令有差异时,需要Linux发行版和主机访问细节
  • OpenClaw是否已安装
  • 用户是否确实需要重复的远程私有访问或公网访问
  • 现有部署是否已能从互联网访问
如果某一细节对安全无关紧要,请做出合理的安全假设并明确说明。

5. Use the access escalation ladder

5. 采用访问升级阶梯

Recommend remote access in this order:
  1. SSH tunnel: default for first deployment and personal use
  2. Tailscale: next step when the user needs repeated private access across trusted devices
  3. Reverse proxy: only when the user explicitly needs public exposure and accepts the extra hardening burden
If the user asks for Tailscale or reverse proxy, still explain why the loopback binding and private-first model remain the baseline.
按以下顺序推荐远程访问方式:
  1. SSH隧道:全新部署和个人使用的默认选择
  2. Tailscale:当用户需要跨可信设备重复私有访问时的下一步选择
  3. 反向代理:仅当用户明确需要公网暴露并接受额外加固负担时才推荐
如果用户询问Tailscale或反向代理,仍需解释为何环回绑定和私有优先模式仍是基准配置。

Output Expectations

输出预期

For a fresh deployment, provide:
  • A short architecture summary
  • Local-vs-server steps
  • A conservative config baseline
  • A pre-launch checklist
  • A short "what not to expose" warning
For a hardening review, provide:
  • The likely risks in the current setup
  • A prioritized remediation sequence
  • Any immediate exposure concerns to fix before anything else
For an access-path decision, provide:
  • A recommendation
  • Why it is the lowest-risk fit
  • What extra safeguards are required if the user chooses a broader exposure model
对于全新部署,需提供:
  • 简短的架构概述
  • 本地与服务器操作步骤区分
  • 保守的基准配置模板
  • 启动前检查清单
  • 简短的「请勿暴露内容」警告
对于加固审查,需提供:
  • 当前部署中可能存在的风险
  • 按优先级排序的修复步骤
  • 需要立即修复的暴露问题
对于访问路径决策,需提供:
  • 推荐方案
  • 为何该方案风险最低
  • 如果用户选择更广泛的暴露模型,需要额外采取的安全措施

Common Mistakes

常见错误

  • Treating OpenClaw like a normal public web app on day one
  • Assuming auth alone replaces network boundaries
  • Turning on more tool power before the user has a clear workflow that needs it
  • Disabling pairing just to save time during early setup
  • Skipping follow-up audits after changing config or sandbox settings
  • 第一天就将OpenClaw当作普通公网Web应用处理
  • 认为仅靠认证就能替代网络边界防护
  • 在用户明确需要之前就开启更多工具权限
  • 为了节省早期设置时间而禁用配对功能
  • 修改配置或沙箱设置后跳过后续审计

Reference Usage

参考文档使用

Use 
references/REFERENCE.md
 when you need:
  • The cross-distro hardening flow and Debian/Ubuntu example commands
  • The Podman-based OpenClaw setup outline
  • The baseline config skeleton
  • The pre-launch checklist
  • The day-to-day audit commands
  • The SSH tunnel vs Tailscale vs reverse-proxy comparison
当需要以下内容时,请使用
references/REFERENCE.md
  • 跨发行版加固流程及Debian/Ubuntu示例命令
  • 基于Podman的OpenClaw部署大纲
  • 基准配置模板
  • 启动前检查清单
  • 日常审计命令
  • SSH隧道、Tailscale与反向代理的对比