GitHubDiscord

Reverse Proxy for OpenClaw: Caddy Setup

ProxySetup

Reverse Proxy for OpenClaw: Caddy Setup

Configure Caddy as a reverse proxy for OpenClaw with automatic TLS and clean URLs.

6 min readLast updated Feb 18, 2026
Stuck?Check the troubleshooting index or ask in Discord.

Overview

Caddy is a modern web server with automatic HTTPS. It's easier to configure than Nginx and handles SSL certificates automatically. This guide covers setting up Caddy as a reverse proxy for OpenClaw.

Why Caddy?
  • Automatic HTTPS with Let's Encrypt
  • Simpler configuration syntax
  • Built-in WebSocket support
  • Zero-downtime config reloads

Install Caddy

bash
# Install dependencies
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https

# Add Caddy repository
sudo curl -1sL 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable.gpg
sudo curl -1sL 'https://dl.cloudsmith.io/public/caddy/stable/debian-versioned.boulder' | sudo tee /etc/apt/sources.list.d/caddy-stable.list

# Install Caddy
sudo apt update
sudo apt install caddy

Configure Caddyfile

Create or edit your Caddyfile:

/etc/caddy/Caddyfile
openclaw.yourdomain.com {
    # Reverse proxy to OpenClaw
    reverse_proxy localhost:3000

    # Enable WebSocket support
    websocket /api/ws *

    # Optional: customize timeouts
    timeouts {
        read 60s
        write 300s
        idle 60m
    }

    # Optional: log requests
    log {
        output file /var/log/caddy/openclaw.log
    }
}
No SSL config needed
Caddy automatically handles SSL certificates. Just point your domain to your server and Caddy will provision HTTPS.

WebSocket Support

OpenClaw uses WebSockets. Caddy supports WebSockets natively, but you can add explicit support:

text
# The websocket directive enables WebSocket proxying
websocket /api/ws *

For most OpenClaw setups, the basic reverse proxy configuration works fine without additional WebSocket config.

Test & Restart

Validate and reload:

bash
# Validate configuration
caddy validate --config /etc/caddy/Caddyfile

# Reload (zero downtime)
caddy reload

# Or restart
sudo systemctl restart caddy

# Check status
sudo systemctl status caddy
You're done!
Your OpenClaw instance should now be accessible at https://openclaw.yourdomain.com with automatic HTTPS.