00:00:00Good news for Cloudflare fans, you can now run the very popular OpenClaw tool on their
00:00:05infrastructure using a combination of workers, sandboxes, browser rendering and even R2.
00:00:10They actually have a very detailed article on how everything is put together and for the most part,
00:00:15it works really well. But do the advantages of running OpenClaw and a serverless infrastructure
00:00:21outweigh the flexibility you get from running it on your own VPS?
00:00:24Hit subscribe and let's get into it.
00:00:28So here is OpenClaw or ClawedBot running from Cloudflare.
00:00:31If I show you the URL, you can see it's running in the sandbox
00:00:34and I'm getting access to it from my worker.
00:00:37I can give it a prompt like "tell me everything about the system that you're running on".
00:00:42And you can see it gives me details about the infrastructure.
00:00:45Now I'll wait for it to finish and I'll scroll up a tiny bit.
00:00:48And we can see here that it's running on a Cloudflare cloud chamber.
00:00:52It's in San Jose, Florida and we can get all the specific information about it.
00:00:56But we also have access to channels, so this is where we can add WhatsApp, Telegram or Discord.
00:01:01We can see we've got access to skills.
00:01:02I haven't installed any, but I could if I wanted to.
00:01:05And we get the full access to the configuration, debug and all the logs.
00:01:10No service to manage or update.
00:01:12You only pay for the computer you use and you benefit from Cloudflare's global edge network.
00:01:18Very cool.
00:01:18We'll go through how to set this up later on in the video.
00:01:22But before we do, let's talk about how the different bits of technology
00:01:26work together to make this work.
00:01:28So when you first try to visit your instance of OpenClaw,
00:01:31you'll be hit with Cloudflare access for authentication.
00:01:34So then you have to sign up with your username and password or OAuth.
00:01:38And then from there, Cloudflare will use JWT tokens to authenticate you to the worker.
00:01:44Now this worker isn't quite yet the OpenClaw gateway.
00:01:47This has a HONO router, which has the roots for the admin that I'll show you a bit later.
00:01:52But it also has the Chrome Developer Tools Protocol and also a JWT validation section.
00:01:59There are a few more things here, but I've decided to keep it brief
00:02:01and just show you the three main parts that I think are worth talking about.
00:02:05Now, this Chrome Developer Tools Protocol gives access to a browser renderer.
00:02:10And this is something very cool from Cloudflare providing a headless Chromium instance,
00:02:15which can be used when OpenClaw does web browsing or research or anything else.
00:02:19Now from here, we have a Cloudflare sandbox that uses Docker.
00:02:23So to build this locally, you'll need to have Docker or Colima installed.
00:02:27And this is essentially the OpenClaw gateway.
00:02:29Now, if you've watched the previous video of mine talking about how to secure MontSpot or OpenClaw,
00:02:34you'll know that the gateway contains the kind of brains of the system.
00:02:38So it contains the dashboard, the web socket access for nodes and clients.
00:02:42It also has the agent runtime, a session manager, channel manager.
00:02:46And this is on port 18789 for the web socket access and also HTTP for channels.
00:02:53So the Cloudflare or MopWork equivalent of that is in a sandbox.
00:02:58So it can run code in isolation, making it extra safe.
00:03:01Now, this doesn't use the direct access from AI providers, so API keys to their systems.
00:03:08I mean, you can use OpenAI or Anthropic, so your own API key,
00:03:13but you can also use Cloudflare's AI gateway, which gives you access to all of these providers.
00:03:20But because this is running in the Cloudflare system,
00:03:22you can't of course have your own local LLM.
00:03:25So that'll be something to consider.
00:03:26But again, you can use channels like Telegram, WhatsApp, Discord,
00:03:30and connect to your sandbox in Cloudflare, which actually communicates.
00:03:33So it should be an arrow over here to your worker.
00:03:36Now, when it comes to session management, so managing the storage and configuration,
00:03:40that is done in an R2 bucket.
00:03:43Now it's important to note that if you restart the sandbox, if you rebuild the container,
00:03:48anything you saved inside the sandbox will be wiped.
00:03:51And therefore you'd need to save things in an R2 bucket to make it persistent.
00:03:56So that is a very brief overview of how everything works.
00:03:59Of course, I could go into more detail, but that's what the article written by Cloudflare is for.
00:04:04Now let's go into how to set this up.
00:04:06Okay, the first thing to do is to make sure that you have a paid workers plan
00:04:10for $5 a month plus additional usage.
00:04:13Yes, it's probably cheaper to have a Het'sna VPS than this,
00:04:17but you do get a lot of usage for the price you get.
00:04:21You also need to have something like Docker installed locally.
00:04:24I use Kalima personally, but Docker desktop is fine.
00:04:27And finally, you'll need to have an anthropic or OpenAI API key.
00:04:31Now, once you have those three things, you'll need to get access
00:04:34to this GitHub repo and clone it locally to your system.
00:04:38Of course, you could click this button to deploy straight to Cloudflare,
00:04:42eliminating the need for you to clone it.
00:04:44But I tried it and it didn't work well for me.
00:04:47So I'd recommend cloning the repo.
00:04:48Now, once you've cloned it, they have some really helpful steps down here,
00:04:52telling you exactly what to do.
00:04:54So I'd recommend going through these steps and remember to keep track of your
00:04:58malt bot gateway token, because this is really important. Put it inside a notebook,
00:05:02save it to a text file, just make sure you don't lose it.
00:05:05Then after you deploy your malt worker, there are a few things you have to do
00:05:09that are listed in the readme, but are a bit difficult to find
00:05:13since they're all over the place. So let me walk you through that.
00:05:16Now, inside your worker, you should be able to see in the binding section,
00:05:20a double object, which is the sandbox, the R2 bucket and the browser renderer.
00:05:25If you don't, you may need to rebuild your Docker container and deploy it again.
00:05:29But once you've got this, click on domains and rules,
00:05:32and then make sure you have Cloudflare access enabled.
00:05:35I already have it enabled, but the first time you do, you should see a pop-up over here.
00:05:40Now we need to populate two secret variables before we can run our malt worker.
00:05:44The first is the cfaccess_aud, and the second is the cfaccess_teen_domain.
00:05:50You can get the first value by managing your Cloudflare access,
00:05:52and that is down here, and you'd need to add that to Wrangler as a secret.
00:05:56The second value you have to get is in the settings, which you can find over here.
00:06:01This is your Cloudflare access domain.
00:06:03And once you've done that, the documentation asks you to run deploy again.
00:06:07Now, if you already have a sandbox environment,
00:06:09then building it again could cause you this issue.
00:06:12So I would recommend running this command to list your containers.
00:06:16Then once you have the ID of the container that already exists,
00:06:19all you have to do is run delete followed by that ID.
00:06:23Now, because I don't want to delete that container, I'm going to leave it as is.
00:06:26But you should delete an existing container before rebuilding or redeploying to add a new one.
00:06:31Once you've done that, you should have access to the Malt Spot admin page.
00:06:35That should look something like this.
00:06:37Now, don't worry about this warning unless you want to persist your information.
00:06:41In that case, you need to add these missing secrets.
00:06:44But if this is the first time you're running this,
00:06:46you should see a device to pair over here, so a pending pairing request.
00:06:50And you'll have to click on a button here to pair it.
00:06:54Now, because I've already done that, you'll see it here.
00:06:56So this is the device that I've paired.
00:06:58And this happens when we connect a browser to our Cloudbot gateway.
00:07:02So now with that in place, we need to go to our worker URL and add the token as a query param.
00:07:08So this is the token that I asked you to save earlier to the URL.
00:07:12And this is something you'd have to do just the first time you access Cloudbots from your browser.
00:07:17And once you've done that, you should hopefully have okay health
00:07:20and be able to communicate with your agents.
00:07:23Of course, this gives you the full flexibility of having OpenClaw as if it was on a VPS.
00:07:29And if I scroll down here, the Cloudflare team even managed to connect it to Slack.
00:07:35So you can see over here some screenshots of somebody talking to Maltbot in Slack
00:07:40and getting responses from it.
00:07:41Now, if you don't want to get your hands dirty with all the things that involve setting up
00:07:46a fresh Linux server or Mac Mini, then using a Malt worker from Cloudflare could be a good option
00:07:52since the team have put security first and they've essentially done all the hard work for you.
00:07:57But if you don't mind doing a bit of research, SSHing into a server and running a few terminal
00:08:03commands, then I think that the option of going with a VPS or Mac Mini in the long term is more
00:08:10secure if you know what you're doing and is very, very flexible.
00:08:13And besides, you could get a version of OpenClaw that is truly private.
00:08:18If you run Ollama or any local model, you can connect OpenClaw to that model
00:08:22and use it without even needing to connect to the internet.
00:08:26And you may also notice that the Malt worker I ran showed a logo of Clawedbot and not OpenClaw,
00:08:32meaning their version on GitHub is slightly out of date.
00:08:36But I'm sure the team can fix that in no time.
00:08:38In my opinion, it's better to go down the route of a VPS and learn how to set it up properly
00:08:44so that you have the complete flexibility you get from doing whatever you want and privacy.
00:08:49If you want to know how to set up Maltbot, OpenClaw or Clawedbot on a VPS securely,
00:08:55then check out this video I've made earlier, which goes through exactly how to set things up
00:08:59using Tailscale. Security aside, if you're using one of these bots and you're building software with
00:09:05it, then you're going to want to make sure that the software is bug free and has as few errors
00:09:10as possible. This is where BetterStack comes in, giving you the ability to view logs on your
00:09:15backend and know when things go wrong before they do using anomaly detection.
00:09:20There's also AI native error tracking that can track errors no matter the front end framework
00:09:24and give you a prompt on how to fix the errors in your favourite agent harness.
00:09:28So go and check out BetterStack today.