2026 self-hosted gateway risks (before you automate)
Three issues recur in 2026 self-hosted setups. Bind address: 0.0.0.0 without proxy, mTLS, or firewall rules exposes an accidental public API—prefer 127.0.0.1 plus SSH or VPN, or TLS with allowlists. Tokens: never leave bearer secrets in shell history, world-readable plists, or CI logs; use chmod 600 files and launchd EnvironmentVariables; rotate on departures. Updates: auto-upgrading every reboot can break MCP paths or Node ABI—pin semver, document windows, run openclaw doctor before turning pre-pull back on.
| Decision | Production-leaning choice | When it hurts |
|---|---|---|
| Listen address | 127.0.0.1 + controlled ingress |
LAN scanners and brute-force hit 0.0.0.0 listeners fast |
| Token storage | Service user + locked env file | Shared login shells leak exports; logs echo headers |
| Upgrade cadence | Weekly or gated CI promote | Latest on every boot surprises automation |
Prerequisites and environment variables
Pin Node 22+, install the OpenClaw CLI, and use a dedicated user on shared hosts. Export OPENCLAW_GATEWAY_TOKEN (verify names in your build), host, and port. Keep workspace paths stable for MCP absolute paths. Set HTTPS_PROXY and NO_PROXY so patrol does not flap when proxies rotate.
Minimal env checklist (copy into runbooks)
- Node version frozen in
.node-versionor nvm default for the service account - Token file mode
600, owned by the LaunchAgent user - Log directory
~/Library/Logs/OpenClaw/created ahead of first boot - Health endpoint path documented (for example
/healthor/v1/statusper your build)
Gateway startup and binding strategy
Boot once by hand: lsof -nP -iTCP on the port, curl with Authorization: Bearer, confirm MCP tools register, then add launchd. On the same Mac as CI, gate pre-pull jobs on a green patrol so registries are not hit while the gateway is down—that is the concrete tie to pull acceleration.
- Stop any stray node processes on the same port to avoid silent conflicts.
- Export the same variables you will later inject via plist.
- Run the documented OpenClaw gateway command and capture stdout/stderr paths.
- Validate one authenticated request and one intentional 401 without the header.
- Record semver and build time in your internal changelog entry.
Patrol script template and LaunchAgent install
Place a user LaunchAgent under ~/Library/LaunchAgents/: RunAtLoad, KeepAlive with ThrottleInterval (try 30s), StandardOutPath and StandardErrorPath. Load with launchctl bootstrap gui/$UID (or launchctl load on older macOS). Schedule patrol via StartInterval or CI over SSH: curl health, assert status, non-zero on failure.
#!/bin/bash
set -euo pipefail
# Patrol template — set HOST, PORT, TOKEN, HEALTH_PATH from your deployment
HOST="${OPENCLAW_GATEWAY_HOST:-127.0.0.1}"
PORT="${OPENCLAW_GATEWAY_PORT:-18789}"
TOKEN="${OPENCLAW_GATEWAY_TOKEN:?set token}"
HEALTH_PATH="${OPENCLAW_HEALTH_PATH:-/health}"
CODE=$(curl -s -o /tmp/oc_health.json -w "%{http_code}" \
-H "Authorization: Bearer ${TOKEN}" \
"http://${HOST}:${PORT}${HEALTH_PATH}")
test "$CODE" = "200" || { echo "health HTTP $CODE"; exit 1; }
if grep -q '"ok"' /tmp/oc_health.json 2>/dev/null; then
grep -q '"ok":true' /tmp/oc_health.json || exit 1
fi
exit 0
Match JSON checks to your payload or rely on HTTP 200 plus latency. Alert before ClawHub CI pre-pull queues stall.
Logs and minimal triage checklist
On failure: read StandardErrorPath, then access logs; check disk space for log volume; confirm listen port after reboot; repeat manual boot before blaming registries.
Common errors FAQ
Another node or stale LaunchAgent instance holds the port. Run lsof -i :PORT, unload the duplicate plist, and kill orphaned PIDs. Reload once only.
CI may hit a different DNS or proxy path. Compare curl -v from the runner user versus your admin shell; align NO_PROXY for RFC1918 hosts.
macOS privacy controls or wrong file owner after copying plists. Fix ownership with chown for the service user and grant Full Disk Access only when strictly required.
Summary and next steps
Summary: Stable OpenClaw means tight bind posture, locked tokens, pinned updates, a logging LaunchAgent, and a failing health check. Gate dependency pre-pull on green patrol so the gateway stays in the critical path without mystery network blame—what MacPull renters expect from Apple Silicon CI nodes.
Rent hardware (no login to browse): compare MacPull pricing, open remote Mac purchase, read help and getting started, or return to the MacPull homepage to pick a node region that matches your CI latency budget.
Run OpenClaw on a Dedicated Remote Mac
Stable gateways and scheduled pre-pull need SSD headroom and predictable SSH access. View MacPull pricing and purchase without logging in.