Skip to content

Runbook: Add New OpenClaw Machine

Prerequisites

  • Node.js >= 22.12.0
  • pnpm 10.x
  • cloudflared installed
  • Cloudflare API token (stored securely)

Steps

1. Install OpenClaw

git clone https://github.com/openclaw/openclaw.git
cd openclaw
pnpm install
pnpm ui:build
pnpm build

2. Configure Environment

cp .env.example .env
# Edit .env — set at minimum:
# - OPENCLAW_GATEWAY_TOKEN (generate with: openssl rand -hex 32)
# - OPENCLAW_GATEWAY_PASSWORD (generate with: openssl rand -hex 32)
# - OPENAI_API_KEY and/or ANTHROPIC_API_KEY

3. Create Cloudflare Tunnel

Replace <machine> with the machine name (lowercase, no spaces).

# If not already logged in:
cloudflared tunnel login

# Create tunnel
cloudflared tunnel create openclaw-<machine>

# Add DNS route
cloudflared tunnel route dns openclaw-<machine> openclaw-<machine>.bigleagueinc.com

4. Configure Tunnel

Create ~/.cloudflared/config.yml:

tunnel: <TUNNEL_ID_FROM_STEP_3>
credentials-file: <HOME>/.cloudflared/<TUNNEL_ID>.json

ingress:
  - hostname: openclaw-<machine>.bigleagueinc.com
    service: http://127.0.0.1:18888
  - service: http_status:404

5. Create Cloudflare Access Policy

curl -s -X POST \
  "https://api.cloudflare.com/client/v4/accounts/34b8e072efa0800baf6216c4d07f7c52/access/apps" \
  -H "Authorization: Bearer <CF_API_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "OpenClaw - <MACHINE>",
    "domain": "openclaw-<machine>.bigleagueinc.com",
    "type": "self_hosted",
    "session_duration": "24h",
    "auto_redirect_to_identity": true,
    "policies": [{
      "name": "Only Me",
      "decision": "allow",
      "include": [{"email": {"email": "Ajay@bigleagueinc.com"}}]
    }]
  }'

6. Start Everything

# Start OpenClaw gateway
pnpm start gateway

# Start tunnel
cloudflared tunnel run openclaw-<machine>

# Optional: install as service
cloudflared service install

7. Verify

# Should return 302 (Cloudflare Access redirect)
curl -s -o /dev/null -w "%{http_code}" https://openclaw-<machine>.bigleagueinc.com/

8. Update This Knowledge Base

Add the new machine to:

  • docs/index.md — Machines table
  • docs/infrastructure/overview.md — URL naming table
  • docs/infrastructure/cloudflare-tunnels.md — Active tunnels table
  • docs/infrastructure/cloudflare-access.md — Access applications table
  • docs/services/openclaw.md — Instances table