Subs -30%
Subscriptions 30% off
SUB30
Subs -30%
Subscriptions 30% off
SUB30
Loading...
> docs/web-hosting
Web Hosting Add-on
4 min read
Addons
Last updated April 03, 2026
What the Web Hosting Add-on Does
The web hosting add-on opens port 443 (HTTPS) on your instance and routes incoming traffic to port 3000 inside your OpenClaw container. This lets you run your own web application alongside OpenClaw. You get a ClawHosters subdomain automatically, and SSL certificates are handled for you.
Without this add-on, your instance only accepts traffic for OpenClaw itself. No custom web applications can be reached from the outside.
How It Works
- You deploy your web app so it listens on port 3000 inside the container
- Nginx (running in a separate container) gets an HTTPS server block for your subdomain
- Traffic to your subdomain on port 443 hits nginx, which forwards it to port 3000 in your OpenClaw container
- SSL terminates at nginx using a Cloudflare Origin Certificate
| Component | What it does |
|---|---|
| Your app | Listens on port 3000 inside the container |
| Nginx | Terminates SSL, proxies HTTPS (443) to your app (3000) |
| Cloudflare | DNS, DDoS protection, edge caching |
| Hetzner Firewall | Opens TCP 443 when the add-on is active |
Pricing
The web hosting add-on costs 999 Claws/month for daily billing customers. Monthly billing customers pay via Stripe. The add-on can be enabled and disabled at any time.
Domain Options
There are two modes for accessing your web application.
ClawHosters Subdomain (default)
You get a subdomain like web-{id}-{token}.clawhosters.com. This is set up automatically when you activate the add-on. SSL works immediately via Cloudflare's wildcard certificate.
Custom Domain
You can use your own domain (e.g. dashboard.yourdomain.com). This requires you to provide a Cloudflare Origin Certificate and private key for your domain. Point your domain's DNS to your instance's IP address via Cloudflare.
Setting Up the Web Hosting Add-on
- Open your instance in the ClawHosters dashboard
- Go to Add-ons > Web Hosting
- Choose your domain type (subdomain or custom)
- Accept the security waiver
- Confirm activation
- Deploy your web application so it listens on port 3000
After activation, your subdomain is usually reachable within a few minutes. DNS propagation for custom domains can take up to 24 hours.
Port 3000 Requirement
Your web application must listen on port 3000. This is not configurable. If your framework defaults to a different port, adjust the startup command.
| Framework | Command |
|---|---|
| Node.js/Express | PORT=3000 node server.js |
| Python/Flask | flask run --port 3000 |
| Python/FastAPI | uvicorn main:app --port 3000 |
| Next.js | next start -p 3000 (default) |
| Go | http.ListenAndServe(":3000", handler) |
SSL and HTTPS
SSL is automatic. You don't need to install certificates or configure HTTPS in your application. Nginx handles SSL termination. Your app only needs to serve plain HTTP on port 3000.
For the ClawHosters subdomain, a Cloudflare wildcard Origin Certificate is used. For custom domains, you provide your own Cloudflare Origin Certificate during setup.
Security Responsibilities
Activating web hosting requires accepting a security waiver. Here's what that means:
What ClawHosters handles:
- SSL certificates and HTTPS termination
- Firewall management (port 443 opened/closed with the add-on)
- Nginx reverse proxy configuration
- DDoS protection via Cloudflare
What you're responsible for:
- Authentication and authorization in your web app
- Input validation and protection against common vulnerabilities (XSS, SQL injection, etc.)
- Keeping your dependencies up to date
- Not exposing sensitive OpenClaw data through your app
If your app has a security vulnerability, an attacker could potentially access your OpenClaw container's filesystem and configuration. Build your app as if it's internet-facing, because it is.
Disabling Web Hosting
- Go to Add-ons > Web Hosting in your instance dashboard
- Click disable
- Confirm
Disabling removes the HTTPS server block from nginx, closes port 443 on the firewall, and removes the Cloudflare DNS record (for subdomain mode). Your web app keeps running inside the container but is no longer reachable from the outside.
Troubleshooting
My app isn't reachable after activating
- Verify your app is running and listening on port 3000 (not 3001, 8080, etc.)
- Check that your app binds to
0.0.0.0, not127.0.0.1 - For custom domains, DNS propagation can take up to 24 hours
- Try accessing via the ClawHosters subdomain first to rule out DNS issues
I get a 502 Bad Gateway error
- Your app crashed or isn't running. Check your app's logs inside the container.
- Your app might be starting slowly. Wait a moment and try again.
I get a 504 Gateway Timeout
- Your app is taking too long to respond. Check for performance issues in your code.
SSL certificate errors
- For custom domains: verify your Cloudflare Origin Certificate is valid and matches your domain
- For subdomains: this should work automatically. Open a support ticket if it doesn't.
Related Documentation
- Security FAQ: Port and firewall overview
- SSH Access: How to deploy files to your instance
- Instance Overview: Instance statuses and lifecycle
- Billing Overview: How add-on billing works
Related Documentation
Architecture Overview
How ClawHosters Works ClawHosters is a managed hosting platform for OpenClaw, an open-source AI ...
What is ClawHosters?
Managed OpenClaw Hosting ClawHosters is a managed hosting platform for OpenClaw AI assistants. Y...
Self-hosting vs ClawHosters
Comparing Your Options OpenClaw is open source, which means you can run it on your own infrastru...
