I wanted to let a few friends get a hosted OpenClaw setup without each of them dealing with Docker, reverse proxy, SSL certs, etc. So I built a small toolkit that turns one Linux box into a multi-tenant hosting setup. Each person gets their own isolated instance on a unique subdomain.
What each person gets:
1. Their own OpenClaw dashboard.
2. A password-protected web terminal (HMAC tokens, 24h TTL)
3. Isolated CPU, memory, and PID limits so one person can't take down the box
Stack: Docker containers + Traefik for routing and auto SSL (Let’s Encrypt DNS-01) + a tiny forward-auth service (~90 lines of JS) for terminal token validation.
You can try it locally with one command, no server needed.
That spins up 2 instances on localhost using localtest.me. For real server deploys, there’s a provision script that sets up Docker + Traefik and a create-instance script to add more users and give them their own OpenClaws.
Rough sizing: each instance needs ~4 GB RAM, so an 8 GB VPS fits ~2, 16 GB fits ~4, etc. If you’ve already got a VPS sitting around, you just need a domain pointed at it (wildcard DNS A record) and the provision script handles the rest: installs Docker, sets up Traefik, automates SSL. Way cheaper than managed OpenClaw hosting and you actually own the infra.
Open to hearing feedback, anyone else self-hosting this vs using managed hosting?
This feels like something internal teams could use to spin up multiple OpenClaw environments fast. The wildcard DNS + provisioning script combo sounds convenient. I like that users still get isolated resources instead of sharing one big instance. It might be helpful to include a simple monitoring dashboard though. Visibility becomes important once you scale past a few users.
At the moment it's more of a demo for hobby users setting up for themselves and friends, but if it's an enterprise use case where you need more control, we have https://www.agent37.com/openclaw offering that works better.
This is a neat idea, especially for people who already have a VPS lying around. I like that you didn’t try to hide the complexity behind too much magic. The sizing notes are useful. Curious how painful upgrades are once multiple tenants are running.
The forward-auth piece caught my attention. Keeping it small and readable is a nice touch. Security-wise, this looks decent, but I wonder how it holds up once multiple people start poking at it.
Yeah the auth here is simple intentionally. This is just an example of what's possible, but you could extend the node server to do forward auth or anything else you have in mind
I’m a bit torn on this. On one hand, owning the infra is great. On the other, 4GB per instance is not cheap anymore. Curious if that number comes from real usage or just safe defaults.
This seems perfect for people who already self-host things. Probably not beginner-friendly, but that’s fine. The value here is avoiding all the annoying glue work most people mess up.
I wanted to let a few friends get a hosted OpenClaw setup without each of them dealing with Docker, reverse proxy, SSL certs, etc. So I built a small toolkit that turns one Linux box into a multi-tenant hosting setup. Each person gets their own isolated instance on a unique subdomain.
What each person gets:
1. Their own OpenClaw dashboard. 2. A password-protected web terminal (HMAC tokens, 24h TTL) 3. Isolated CPU, memory, and PID limits so one person can't take down the box
Stack: Docker containers + Traefik for routing and auto SSL (Let’s Encrypt DNS-01) + a tiny forward-auth service (~90 lines of JS) for terminal token validation.
You can try it locally with one command, no server needed.
That spins up 2 instances on localhost using localtest.me. For real server deploys, there’s a provision script that sets up Docker + Traefik and a create-instance script to add more users and give them their own OpenClaws.
Rough sizing: each instance needs ~4 GB RAM, so an 8 GB VPS fits ~2, 16 GB fits ~4, etc. If you’ve already got a VPS sitting around, you just need a domain pointed at it (wildcard DNS A record) and the provision script handles the rest: installs Docker, sets up Traefik, automates SSL. Way cheaper than managed OpenClaw hosting and you actually own the infra.
Open to hearing feedback, anyone else self-hosting this vs using managed hosting?
This feels like something internal teams could use to spin up multiple OpenClaw environments fast. The wildcard DNS + provisioning script combo sounds convenient. I like that users still get isolated resources instead of sharing one big instance. It might be helpful to include a simple monitoring dashboard though. Visibility becomes important once you scale past a few users.
At the moment it's more of a demo for hobby users setting up for themselves and friends, but if it's an enterprise use case where you need more control, we have https://www.agent37.com/openclaw offering that works better.
This is a neat idea, especially for people who already have a VPS lying around. I like that you didn’t try to hide the complexity behind too much magic. The sizing notes are useful. Curious how painful upgrades are once multiple tenants are running.
That would basically be as simple as updating the Docker image and entry point file and then restarting the container.
The forward-auth piece caught my attention. Keeping it small and readable is a nice touch. Security-wise, this looks decent, but I wonder how it holds up once multiple people start poking at it.
Yeah the auth here is simple intentionally. This is just an example of what's possible, but you could extend the node server to do forward auth or anything else you have in mind
I’m a bit torn on this. On one hand, owning the infra is great. On the other, 4GB per instance is not cheap anymore. Curious if that number comes from real usage or just safe defaults.
The 4GB is just from my personal profiling and using OpenClaw
This seems perfect for people who already self-host things. Probably not beginner-friendly, but that’s fine. The value here is avoiding all the annoying glue work most people mess up.