New Stack

How to Deploy OpenClaw Gateway Privately with Tailscale

We’re excited to introduce OpenClaw on Wodby – a ready-to-deploy stack that lets you run an OpenClaw Gateway on your own infrastructure with private access through Tailscale.

Why install OpenClaw gateway on a server?

Running OpenClaw Gateway on a server gives you an always-on setup that isn’t tied to a single laptop or workstation. Your gateway remains available even when your local machine is offline, asleep, or disconnected, making it a better fit for shared use, remote access, and long-running workloads.

OpenClaw on Wodby is private by default through Tailscale. Instead of exposing your gateway to the public internet, Wodby connects it to your tailnet so it can be accessed only by authorized devices on your Tailscale network. To enable this, you add a Tailscale integration in Wodby using your Tailscale OAuth credentials. During deployment, Wodby automatically attaches the Tailscale service and makes the gateway available inside the selected tailnet. Each OpenClaw deployment gets its own dedicated Tailscale auth key.

With Wodby, you can deploy OpenClaw Gateway to your own server using K3S, a lightweight Kubernetes distribution. This works with dedicated servers, virtual machines, and infrastructure from virtually any cloud provider.

If you’re using your own server, the free plan includes up to 5 OpenClaw apps (10 app services total).

What you'll need

Before you start, make sure you have:

  • Wodby account
  • Tailscale account
  • Tailscale client installed on your machine, so you can access the OpenClaw service inside your Tailnet
  • A server (if you want to use K3S) or a cloud account if you want to use managed Kubernetes (e.g. DigitalOcean). Alternatively, you can use Wodby Cloud (paid subscriptions only)
  • OpenAI, Anthropic (recommended if you get API rate limit errors) , or Google Gemini account if you plan to use one of them as agents for your OpenClaw
  • OpenClaw client on your machine to connect it as an OpenClaw node or communicate with the gateway via CLI

Follow the steps below to deploy OpenClaw Gateway from the Wodby dashboard:

  1. In Stacks add OpenClaw stack from the catalog to your organization.
  2. In Integrations click New integration, choose Tailscale and follow the instructions
  3. If you plan to use OpenClaw with OpenAI, Anthropic, or Google Gemini, create an integration for the provider you want to use and add its API credential. You can also do this later.
  4. Choose where you want to run OpenClaw: your own server or Wodby Cloud. If you want to use your own server, create the server with your preferred provider, then open Kubernetes in Wodby and click New K3S server. If you want to use Wodby Cloud instead, you can go straight to app creation. Wodby Cloud is available on paid plans.
  5. Next, create the app in the Wodby dashboard:
    • Go to Apps and click Create new app. On Step 1, select your OpenClaw stack
    • On Step 2, select your K3S server, Kubernetes cluster, or Wodby Cloud.
    • On Step 3, enter your app name and preferred environment such as prod or dev.
    • On Step 4, under Integrations > Tailscale, select your previously created Tailscale integration.
    • Also on Step 4, expand OpenClaw section under Integrations and select for Variable your previously created OpenAI, Anthropic, or Gemini integration to add the API key environment variable.
    • Create and wait until the deployment completed.
  6. When the app reaches OK status, open the generated *.ts.net URL to access your OpenClaw Gateway dashboard. Make sure the Tailscale client is installed on your computer and that you are connected to your tailnet, otherwise the URL will not work.
  7. At first, you’ll see this expected message unauthorized: gateway token missing (open the dashboard URL and paste the token in Control UI settings)
  8. To connect the OpenClaw Gateway dashboard, copy the generated gateway token from Wodby – go to "Apps > [Your OpenClaw app] > App Service > OpenClaw > Tokens" and click Reveal for the gateway token and copy it
  9. Return to the OpenClaw gateway dashboard and open 
    Control > Overview
    from your side menu. Paste the token into "Gateway Token" input and click Connect
  10. Next, you’ll see another expected message pairing required This device needs pairing approval from the gateway host. This means your device must be approved before it can connect to the gateway.
  11. To approve the device pairing return to Wodby Dashboard. Go to "Apps > [Your OpenClaw app] > App Service > OpenClaw > Overview" and click " Connect via web terminal"
  12. In the opened terminal type 
    $ openclaw devices list
    You should see only one request pending, you can approve it with 
    $ openclaw devices approve --latest
  13. Return to your OpenClaw dashboard gateway and press Connect again, the status should now be OK
  14. Optionally, connect your local OpenClaw CLI for convenience. On your local computer run:
    $ openclaw configure
    • Choose Remote as the gateway destination.
    • Respond No to the LAN discovery question.
    • Enter your *.ts.net URL, but replace https with wss
    • Enter your gateway token

    Approve the new device via the web terminal as before.


    Now, return to your local console and check that the connection to the gateway works:

    $ openclaw devices list
    If you see your devices list and no errors, then now you can talk to your gateway using your local CLI!
  15. To use your computer as one of the OpenClaw nodes run:
    $ openclaw node install --host [your-tailscale-host]
  16. Check your node status:
    $ openclaw node status

Ready to Try OpenClaw?

Deploy OpenClaw with private-by-default access through Tailscale and keep it available only inside your tailnet.

Deploy OpenClaw