Moltworker: Run OpenClaw on Remote Linux Servers
Moltworker refers to running OpenClaw's Gateway on a remote Linux server. The Gateway is just the control plane—clients (macOS app, CLI, WebChat) can connect from anywhere.
Why Remote?
Running the Gateway on a server gives you:
- Always-on — No need to keep your laptop open
- Accessible everywhere — Connect from any device
- Server-side execution — Tools run where the Gateway lives
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ Remote Gateway Setup │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 📱 macOS App ──────► │
│ 💻 WebChat ──────► 🖥️ Linux Server (Gateway) │
│ ⌨️ CLI ──────► │
│ │
│ Device nodes run locally for camera, screen, notifications │
│ │
└─────────────────────────────────────────────────────────────────┘
- Gateway host: Runs the exec tool and channel connections
- Device nodes: Run device-local actions via
node.invoke
In short: exec runs where the Gateway lives; device actions run where the device lives.
Prerequisites
- Linux server (Ubuntu 22.04+ recommended)
- Node.js 22+
- SSH access
- Optional: Tailscale installed
Step 1: Install OpenClaw
# On your Linux server
npm install -g openclaw@latest
openclaw onboard --install-daemon
Step 2: Configure Gateway
Create ~/.openclaw/openclaw.json:
{
agent: {
model: "anthropic/claude-opus-4-5",
},
gateway: {
bind: "loopback", // Required for Tailscale
},
}
Step 3: Choose Access Method
Option A: Tailscale Serve (Recommended)
Tailscale Serve exposes the Gateway to your tailnet only.
{
gateway: {
tailscale: {
mode: "serve",
},
},
}
Connect from any device on your Tailscale network.
Option B: Tailscale Funnel (Public)
Funnel exposes the Gateway publicly via HTTPS. Requires password auth.
{
gateway: {
tailscale: {
mode: "funnel",
},
auth: {
mode: "password",
password: "your-secure-password",
},
},
}
Option C: SSH Tunnel
Forward the Gateway port over SSH:
# From your local machine
ssh -L 18789:localhost:18789 your-server
Then connect to ws://localhost:18789 locally.
Step 4: Start the Gateway
openclaw gateway --port 18789 --verbose
Or use the daemon:
openclaw gateway start # If using systemd
Connecting Clients
macOS App
- Open System Preferences → OpenClaw
- Set Gateway URL to your Tailscale hostname or
localhost:18789(if tunneling) - Connect
CLI
# If using SSH tunnel
openclaw agent --message "Hello from remote"
# If using Tailscale
openclaw --gateway wss://your-machine.tail-abc.ts.net agent --message "Hello"
WebChat
Navigate to https://your-machine.tail-abc.ts.net/ (if using Tailscale Serve/Funnel) or http://localhost:18789/ (if tunneling).
Device Nodes
Device-local actions (camera, screen recording, notifications) run on your local device, not the server.
To use device features:
- Open the macOS/iOS/Android app
- It registers as a node with the remote Gateway
- Tools like
camera.snaproute to your local device
Details: Nodes documentation
Security Notes
DM Pairing
Remote gateways use the same DM pairing as local ones. Unknown senders get a pairing code.
Password Auth
If using Funnel (public access), always set a strong password:
{
gateway: {
auth: {
mode: "password",
password: "your-very-strong-password",
},
},
}
Reset on Exit
To undo Tailscale Serve/Funnel on Gateway shutdown:
{
gateway: {
tailscale: {
resetOnExit: true,
},
},
}
Troubleshooting
Can't connect?
- Check Gateway is running:
openclaw gateway status - Verify Tailscale:
tailscale status - Check firewall rules
Channels disconnecting?
Channel connections (WhatsApp, Telegram, etc.) run on the server. Check:
- API tokens are valid
- Network connectivity from the server
- Gateway logs:
openclaw gateway logs
Device nodes not working?
Ensure your local app is connected to the remote Gateway and registered as a node.
Next Steps
- Tailscale Guide — Full Tailscale config
- Remote Access — SSH and VPN options
- Nodes — Device-local actions
- Security — Best practices