Can You Run OpenClaw on Cloudflare?

OpenClaw cannot run directly on Cloudflare Workers or Pages — it requires a persistent Node.js process, which serverless platforms don't support. However, Cloudflare Tunnel is an excellent tool to securely expose your OpenClaw instance to the internet.

Cloudflare Tunnel (formerly Argo Tunnel) creates an encrypted connection between your server and Cloudflare's edge network. This means you don't need to open any ports on your firewall or configure SSL certificates manually — Cloudflare handles it all.

Install OpenClaw on any VPS or local machine as usual. Then install cloudflared (the Tunnel client) and create a tunnel pointing to your Gateway port. Cloudflare assigns a hostname like openclaw.yourdomain.com that routes through their network.

Benefits: DDoS protection, automatic HTTPS, no exposed ports, Cloudflare Access for authentication (restrict Dashboard access to specific emails), and global CDN for the Dashboard UI.

This setup is especially useful for home servers or Mac Minis behind NAT — you get a public URL without port forwarding. Cloudflare Tunnel is free for most use cases.

For the Gateway API endpoints used by messengers, Cloudflare's network actually reduces latency thanks to its global edge locations.

# Install cloudflared
curl -fsSL https://pkg.cloudflare.com/cloudflared-linux-amd64.deb -o cloudflared.deb
sudo dpkg -i cloudflared.deb

# Create tunnel
cloudflared tunnel create openclaw
cloudflared tunnel route dns openclaw openclaw.yourdomain.com
cloudflared tunnel run --url localhost:18789 openclaw