Stop Exposing Port 18789: How I Secure OpenClaw on AWS EC2 with Nginx and SSL

I've set up OpenClaw on EC2 multiple times now — for myself and for clients. And every single time I take over someone else's setup, I find the same thing: port 18789 wide open to the internet, no SSL, no reverse proxy, running as root. Bitsight found over 30,000 exposed OpenClaw instances. Attackers aren't even bothering with prompt injection — they're connecting directly to the gateway WebSocket and getting full access. This is how I deploy OpenClaw properly. Gateway on loopback, Nginx in front, SSL via Let's Encrypt, and EC2 security groups that only allow what's necessary. Takes about 30 minutes. Why 0.0.0.0 Binding Will Get You Hacked When you run through OpenClaw's onboarding wizard, it asks you about the gateway bind mode. A lot of people pick "LAN" because they want to access the dashboard from their browser. That binds the gateway to 0.0.0.0 — meaning every network interface on the machine. On an EC2 instance, that means anyone on the internet can hit port 18789 directly. Your

Stop Exposing Port 18789: How I Secure OpenClaw on AWS EC2 with Nginx and SSL

Related Articles

Vibe Coding Isn’t for Everyone (And That’s the Point)

Sometimes We Make Mistakes (Meta’s Cost $80 Billion)

Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)

How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode

Clean Code Principles Every Software Engineer Should Follow

Related Articles

How-To
Vibe Coding Isn’t for Everyone (And That’s the Point)
Medium Programming • 7h ago

How-To
Sometimes We Make Mistakes (Meta’s Cost $80 Billion)
Medium Programming • 7h ago

How-To
Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)
Dev.to Beginners • 8h ago

How-To
How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode
Medium Programming • 9h ago

How-To
Clean Code Principles Every Software Engineer Should Follow
Medium Programming • 10h ago