Should I expose port 18789 directly to the internet?

No—bind the gateway loopback-only and terminate TLS on nginx or a mesh tunnel. Raw exposure complicates abuse detection and rotates slower than certificates on 443.

How does this relate to Tailscale-only access?

Many teams combine both: public HTTPS for vendor webhooks that cannot join your tailnet, and Tailscale for admin SSH. See the Tailscale mesh playbook linked below.

AI / Automation April 13, 2026

2026 OpenClaw Webhooks through Nginx Reverse Proxy on a Leased Apple Silicon Cloud Mac

MacXCode Engineering Team April 13, 2026 ~12 min read

SaaS vendors that trigger your OpenClaw workflows—CRM webhooks, issue trackers, or internal job runners—need a stable HTTPS endpoint. Binding the OpenClaw gateway to 127.0.0.1:18789 is the safe default documented across install & deploy, but localhost does not help external callers. This 2026 playbook shows how to put Nginx on a leased Mac mini M4 in Hong Kong, Japan, Korea, Singapore, or the US, terminate TLS on :443, and reverse-proxy to the gateway with correct WebSocket upgrade headers. You will get a comparison table of ingress patterns, a directive checklist, a seven-step runbook, and FAQ entries aligned with JSON-LD. Pair it with Tailscale mesh access, API keys in launchd, gateway troubleshooting, and—when you need two gateways behind one edge—dual gateway ports, state dirs & nginx upstream rollout (2026-05-06) when incidents span multiple layers.

Why Webhooks Almost Always Force a Reverse Proxy

Three engineering realities collide on cloud Macs:

TLS lifecycle — public webhooks expect port 443 with valid certificates rotated every 60–90 days. Letting OpenClaw speak TLS directly couples certificate automation to your agent runtime upgrades.
Header fidelity — upstream services send X-Forwarded-For, X-Request-Id, and sometimes custom HMAC headers. Stripping them breaks audit trails unless nginx forwards them verbatim.
WebSocket fan-out — the gateway upgrades long-lived connections; missing Upgrade plumbing manifests as “works on LAN, 502 in production.”
Operational isolation — nginx reloads are cheaper than restarting the OpenClaw process tree when you tweak TLS ciphers or add IP allowlists for vendor ranges.

Non-negotiable: keep the gateway on loopback. The edge listener belongs to nginx (or a service mesh sidecar), not to 0.0.0.0:18789.

Ingress Topology: Pick the Row That Matches Your Threat Model

Pattern	Who connects	Pros	Cons
Public nginx → 127.0.0.1:18789	Internet webhooks	Simple DNS + ACME; vendors reach you without VPN	Requires disciplined WAF/IP rules; noisy scanners hit :443 constantly.
Tailscale only	Employees on tailnet	No public attack surface; ACLs in Tailscale	Third-party SaaS cannot join your mesh without side channels.
Hybrid	Public vendors + admin mesh	Split control plane vs data plane responsibilities	Two TLS stacks to monitor; document which hostname maps to which path.
SSH tunnel from bastion	Legacy integrations	Zero open inbound ports on Mac	Does not scale to bursty webhook traffic; brittle under reconnect storms.

Nginx Directive Checklist (HTTP/1.1 Upstream)

Before pasting a 200-line config from a gist, validate these directives exist in your server {} block:

Directive / setting	Purpose	Typical pitfall
`proxy_pass http://127.0.0.1:18789;`	Send decrypted traffic to OpenClaw	Accidentally proxying to `localhost` resolved via IPv6 first—pin IPv4 loopback explicitly.
`proxy_set_header Host $host;`	Preserve SNI-derived hostname	Hardcoding `Host` breaks multi-tenant routing when you add staging hostnames.
`client_max_body_size`	Allow vendor payloads > 1 MB	Default 1m causes opaque 413 errors that look like OpenClaw bugs.
`proxy_read_timeout`	Long model round-trips	Too low → 504 while the gateway is still streaming tokens.
`limit_req_zone`	Throttle abusive scanners	Forget to exempt health checks and you flap your own monitors.

map $http_upgrade $connection_upgrade { default upgrade; '' close; }

WebSocket Upgrade Map and Why Order Matters

OpenClaw’s gateway negotiates WebSockets for streaming channels. Nginx must advertise HTTP/1.1 to the upstream and forward the client’s Upgrade token. A minimal pattern is:

proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade;

Latency budget: expect 3–8 ms added RTT per hop inside the same Mac when nginx and the gateway share bare-metal NVMe—far cheaper than hairpinning through an off-box load balancer in another region.

Seven-Step Runbook on a Fresh Leased Cloud Mac

Prove the gateway locally — openclaw gateway status and curl -v http://127.0.0.1:18789/health (path may vary by version—adjust to your installed build).
Install nginx — Homebrew on macOS: brew install nginx; keep config under /opt/homebrew/etc/nginx on Apple Silicon.
Issue TLS material — ACME client of your choice; pin renew hooks in launchd so restarts happen 15 minutes before peak traffic, not during.
Author server block — separate server_name for prod vs staging; never reuse the same upstream port without path prefixes.
Reload nginx — sudo nginx -t && sudo nginx -s reload; capture stderr in CI logs.
External synthetic check — from a non-tailnet vantage, curl -v https://hooks.example.com/openclaw with a signed test body.
Document rollback — symlink previous config version; keep openclaw gateway pinned in upgrade/rollback notes.

Hardening: IP Allowlists, Request IDs, and launchd Ordering

MacXCode nodes sit in well-known colocation prefixes—publishers occasionally hard-block entire ASN ranges when a noisy neighbor misbehaves. If your vendor supports static egress IPs, attach them to nginx allow/deny pairs and log violations to /var/log/nginx/openclaw-denied.log for correlation with structured OpenClaw logs.

launchd should start nginx after the user session that owns OpenClaw completes bootstrap, or use a small wrapper script that waits until TCP 18789 accepts connections—ordering bugs cause nginx to mark upstreams down during cold boot.

FAQ: Nginx + OpenClaw on macOS Cloud Instances

Question	Answer
Can I reuse the same hostname for SSH admin traffic?	Prefer split hostnames—`hooks.` vs `ssh.`—so firewall stories stay simple; see help for SSH baseline.
Do I still need Tailscale?	Optional but recommended for break-glass admin; combine with the mesh playbook linked above.
Where do I rent Mac mini M4 near my webhook users?	Compare regions on pricing; pick SG for APAC SaaS callbacks or US when most vendors terminate on US-East.

Related 2026-04-24 update: once nginx ingress is stable, plan for outbound DNS / TLS / IPv6 to model providers in OpenClaw egress on leased cloud Mac—inbound 200s do not prove egress health.

Why Bare-Metal Mac mini M4 Still Wins for Edge-Adjacent Agents

OpenClaw workloads mix bursty CPU (token streaming), steady NIC usage (webhooks + model calls), and sensitive filesystem I/O under ~/.openclaw. Apple Silicon’s unified memory keeps nginx worker buffers and the Node/Swift gateway processes colocated without the noisy-neighbor DRAM oversubscription you see on small cloud VMs. MacXCode’s bare-metal fleet across Hong Kong, Japan, Korea, Singapore, and the United States lets you place the TLS terminator physically close to the majority of your webhook callers while still administering the box over SSH or VNC when you need to tweak launchd plists interactively.

Bottom line: treat nginx as the public contract surface and OpenClaw as the private implementation. Version both configs, test reloads in staging, and keep observability on par with production API gateways. When you are ready to duplicate the pattern in another region, start from pricing and validate connectivity using help checklists.

Run OpenClaw next to production webhooks

Lease M4 nodes in HK · JP · KR · SG · US with SSH/VNC and predictable NIC.

Compare regions Open deployment docs