Implementation:Openclaw Openclaw FlyToml RenderYaml

Overview

Concrete tool for declaring cloud deployment infrastructure provided by the Fly.io TOML configuration files and the Render YAML blueprint.

Description

OpenClaw ships three cloud deployment configuration files in the repository root:

• fly.toml -- Standard Fly.io deployment with public HTTPS ingress, suitable for webhook-based messaging channels. Defines the app name, primary region, Dockerfile build, environment variables, process command, HTTP service with health checks, VM sizing, and persistent volume mount.

• fly.private.toml -- Hardened Fly.io deployment with no public IP exposure. Omits the [http_service] block so the gateway is only accessible via fly proxy, WireGuard, or SSH. Suitable for outbound-only deployments or those using ngrok/Tailscale tunnels.

• render.yaml -- Render Blueprint that declares a Docker web service with health check path, environment variables (including auto-generated gateway token), and a 1GB persistent disk.

All three configurations share the same core pattern: they build from the repository Dockerfile, set OPENCLAW_STATE_DIR to point at the mounted persistent volume, and run the gateway with --bind lan to accept connections within the container network.

Usage

Use fly.toml or fly.private.toml when deploying to Fly.io (copy the desired variant to fly.toml and run fly deploy). Use render.yaml when deploying to Render (connect the repository and Render auto-detects the blueprint).

Code Reference

Source Location

• Repository: openclaw
• Files:
  • fly.toml (lines 1-35)
  • fly.private.toml (lines 1-40)
  • render.yaml (lines 1-22)

Signature

fly.toml (standard public deployment):

app = "openclaw"
primary_region = "iad"

[build]
dockerfile = "Dockerfile"

[env]
NODE_ENV = "production"
OPENCLAW_PREFER_PNPM = "1"
OPENCLAW_STATE_DIR = "/data"
NODE_OPTIONS = "--max-old-space-size=1536"

[processes]
app = "node dist/index.js gateway --allow-unconfigured --port 3000 --bind lan"

[http_service]
internal_port = 3000
force_https = true
auto_stop_machines = false
auto_start_machines = true
min_machines_running = 1
processes = ["app"]

[[vm]]
size = "shared-cpu-2x"
memory = "2048mb"

[mounts]
source = "openclaw_data"
destination = "/data"

fly.private.toml (private deployment, no public ingress):

app = "my-openclaw"
primary_region = "iad"

[build]
dockerfile = "Dockerfile"

[env]
NODE_ENV = "production"
OPENCLAW_PREFER_PNPM = "1"
OPENCLAW_STATE_DIR = "/data"
NODE_OPTIONS = "--max-old-space-size=1536"

[processes]
app = "node dist/index.js gateway --allow-unconfigured --port 3000 --bind lan"

# No [http_service] block = no public ingress

[[vm]]
size = "shared-cpu-2x"
memory = "2048mb"

[mounts]
source = "openclaw_data"
destination = "/data"

render.yaml (Render Blueprint):

services:
  - type: web
    name: openclaw
    runtime: docker
    plan: starter
    healthCheckPath: /health
    envVars:
      - key: PORT
        value: "8080"
      - key: SETUP_PASSWORD
        sync: false
      - key: OPENCLAW_STATE_DIR
        value: /data/.openclaw
      - key: OPENCLAW_WORKSPACE_DIR
        value: /data/workspace
      - key: OPENCLAW_GATEWAY_TOKEN
        generateValue: true
    disk:
      name: openclaw-data
      mountPath: /data
      sizeGB: 1

Import

# No import needed; these are declarative configuration files.
# Fly.io: fly deploy (reads fly.toml from current directory)
# Render: auto-detected from render.yaml in repository root

I/O Contract

Inputs

Outputs

Usage Examples

Basic Usage

# Deploy to Fly.io (standard public deployment)
fly deploy

# Deploy to Fly.io (private, no public IP)
cp fly.private.toml fly.toml
fly deploy

# Set secrets on Fly.io
fly secrets set OPENCLAW_GATEWAY_TOKEN="$(openssl rand -hex 32)"

# Access private deployment via proxy
fly proxy 3000:3000 -a my-openclaw

Related Pages

Implements Principle

• Principle:Openclaw_Openclaw_Cloud_Deployment_Configuration

Requires Environment

• Environment:Openclaw_Openclaw_Docker_Deployment_Environment
• Environment:Openclaw_Openclaw_Gateway_Network_Ports