Want to harden your openclaw deployment?
0) Disable password based ssh
1) Install Tailscale and set it up (preferably with your own Headscale)
2) Configure Caddy to proxy your nodes tailnet IP to the openclaw web UI (only required if you need the Web UI)
3) Test by ssh-ing on the tailnet ip and accessing the Web UI
4) Diable ALL ingress traffic in your VPS firewall expect for UDP 41641
5) Test again by ssh-ing on the public ip -> should fail
Egge
npub1mh…uc226
2026-02-02 08:14:32 UTC
Author Public Key
npub1mhcr4j594hsrnen594d7700n2t03n8gdx83zhxzculk6sh9nhwlq7uc226Seen on
wss://relay.primal.netPublished at
2026-02-02 08:14:32 UTCEvent JSON
{
"id": "c92bf2adbce1682c948626dbb38be42de9eb437f16ec08aac7b0e26f1dd2d336",
"pubkey": "ddf03aca85ade039e6742d5bef3df352df199d0d31e22b9858e7eda85cb3bbbe",
"created_at": 1770020072,
"kind": 1,
"tags": [
[
"r",
"wss://nos.lol/"
],
[
"r",
"wss://nostr.mom/"
],
[
"r",
"wss://nostr.einundzwanzig.space/"
],
[
"r",
"wss://relay.primal.net/"
],
[
"r",
"wss://nostr.wine/"
],
[
"r",
"wss://relay.damus.io/"
],
[
"r",
"wss://nostr.land/"
],
[
"r",
"wss://nostr21.com/"
],
[
"r",
"wss://nostr-pub.wellorder.net/"
],
[
"r",
"wss://nostr-verified.wellorder.net/"
]
],
"content": "Want to harden your openclaw deployment?\n\n0) Disable password based ssh\n1) Install Tailscale and set it up (preferably with your own Headscale)\n2) Configure Caddy to proxy your nodes tailnet IP to the openclaw web UI (only required if you need the Web UI)\n3) Test by ssh-ing on the tailnet ip and accessing the Web UI\n4) Diable ALL ingress traffic in your VPS firewall expect for UDP 41641\n5) Test again by ssh-ing on the public ip -\u003e should fail\n",
"sig": "37c722623e53ad565950325d64cedae4e0000cfe9abc5a0e4a73cafa64f462f4bbb0aa45a926fa86cc971555d19fc471101a34ff6d481c65565afbf82ee6fa8f"
}