Secure OpenClaw with HTTPS - Caddy Reverse Proxy on AWS EC2 (No Domain)

Original author：KGP Talkie

Original source：https://www.youtube.com/embed/EddjTJMT83Y

Access your OpenClaw dashboard over real, trusted HTTPS — no more "connection is not secure" warnings, no SSH tunnel, and no domain to buy. In this step-by-step tutorial you'll put a Caddy reverse proxy in front of OpenClaw on your AWS EC2 instance, get a free auto-renewing SSL certificate using nip.io, and reach your dashboard securely from anywhere. This is the security video in the OpenClaw series. It assumes OpenClaw is already installed on AWS and connected to a free AI API (earlier videos — linked below). Here we focus on one thing: a proper, production-grade HTTPS setup. The gateway stays private on loopback, only Caddy is exposed, and device pairing means even with the token no unapproved browser can connect. I left the secure-context error and device-pairing prompt in on purpose so you know exactly how to handle them. ⏱ Chapters: 0:00 The problem: insecure dashboard & why HTTPS 1:33 What we're building (Caddy reverse proxy on EC2) 1:56 Connect to EC2 & install Caddy 2:35 Write the Caddyfile (nip.io host) 4:14 Let OpenClaw automate the gateway + origin config 6:49 Update the AWS security group (open 80 & 443) 9:24 Reverse proxy working — access over HTTPS 10:16 Stop the SSH tunnel & connect with the token 11:48 Fix the allowed-origin issue (via the Discord bot) 13:20 Restart the gateway & approve the device 14:19 Live HTTPS dashboard — no tunnel, no domain 15:04 Why this is the production-grade way + wrap-up 🔗 Commands & setup (replace 3-87-144-160 with YOUR EC2 IP, dots → dashes): ⚠️ Use an Elastic IP first. If your IP isn't elastic it changes on reboot and the cert + Caddyfile + origin all break. EC2 → Elastic IPs → Allocate → Associate. 1) Install Caddy sudo apt-get update && sudo apt-get install -y caddy 2) Write the Caddyfile → sudo nano /etc/caddy/Caddyfile 3-87-144-160.nip.io { reverse_proxy 127.0.0.1:18789 } 3) Point OpenClaw's gateway + origin openclaw config set gateway.bind loopback openclaw config set gateway.controlUi.allowedOrigins '["https://3-87-144-160.nip.io"]' --strict-json openclaw gateway restart 4) Restart Caddy & watch the cert issue sudo systemctl restart caddy sudo journalctl -u caddy -f (wait for "certificate obtained successfully", then Ctrl+C) 5) AWS Security Group Open 80 → 0.0.0.0/0 | Open 443 → 0.0.0.0/0 | Remove 18789 | Keep 22 → My IP 6) Open the dashboard https://3-87-144-160.nip.io/ ✅ Verify sudo systemctl status caddy --no-pager # active (running) curl -I https://3-87-144-160.nip.io # HTTP/2 200 openclaw status # gateway running 📺 Watch first / Full series: • Part 1 — Set up OpenClaw on AWS EC2 with a Free AI API: https://www.youtube.com/watch?v=IV3t-MD8AaM • Part 2 — Connect OpenClaw to Discord (free AI bot): https://youtu.be/Kzvmbt0nFDA • Full OpenClaw series playlist: https://www.youtube.com/playlist?list=PLc2rvfiptPSQMZf3rlYZZ8vwUBcm6jv4d 💬 Join our Discord community (ask questions, get help): https://discord.gg/Nv7zm39rPC 🎓 Go deeper — my Udemy courses: • Build & own AI agents → Master LangChain v1 and Ollama: https://kgptalkie.com/langchain • Connect tools the right way → MCP Mastery (Claude, LangChain, Ollama): https://kgptalkie.com/mcp If this helped you secure your OpenClaw dashboard, hit 👍 and drop a comment telling me what to secure or automate next. I read every comment. Subscribe and turn on the 🔔 — the OpenClaw series drops step by step. #OpenClaw #Caddy #HTTPS