This repo packages OpenClaw for Railway with a comprehensive /setup web wizard so users can deploy and onboard without running any commands.
- OpenClaw Gateway + Control UI (served at
/and/openclaw) - A powerful Setup Wizard at
/setup(protected by a password) with:- Debug Console - Run openclaw commands without SSH
- Config Editor - Edit openclaw.json with automatic backups
- Pairing Helper - Approve devices via UI
- Plugin Management - List and enable plugins
- Import/Export Backup - Migrate configurations easily
- Persistent state via Railway Volume (so config/credentials/memory survive redeploys)
- Public health endpoint at
/healthzfor monitoring - Custom provider support for Ollama, vLLM, and other OpenAI-compatible APIs
- Flexible OpenClaw version control via environment variable
- Smart Railway proxy detection for proper client IP handling
- Deploy to Railway using this template
- Set required environment variables (see below)
- Visit
https://your-app.up.railway.app/setup - Complete the setup wizard
- Start chatting at
/openclaw
SETUP_PASSWORD- Password to access/setupwizard
OPENCLAW_STATE_DIR=/data/.openclaw- Config and credentials directoryOPENCLAW_WORKSPACE_DIR=/data/workspace- Agent workspace directoryOPENCLAW_GATEWAY_TOKEN- Stable auth token (auto-generated if not set)OPENCLAW_VERSION=v2026.2.15- Pin to a stable OpenClaw release (see Version Control)
OPENCLAW_PUBLIC_PORT=8080- Wrapper HTTP port (default: 8080)PORT- Fallback if OPENCLAW_PUBLIC_PORT not setINTERNAL_GATEWAY_PORT=18789- Gateway internal portOPENCLAW_ENTRY- Path to openclaw entry.js (default: /openclaw/dist/entry.js)OPENCLAW_TEMPLATE_DEBUG=true- Enable debug logging (logs sensitive tokens)OPENCLAW_TRUST_PROXY_ALL=true- Trust all proxies (Railway auto-detected by default)
CLAWDBOT_*variables automatically migrate toOPENCLAW_*MOLTBOT_*variables automatically migrate toOPENCLAW_*
The template supports flexible version control to prevent breakage from unstable OpenClaw releases:
Set the OPENCLAW_VERSION environment variable to control which OpenClaw version to build:
- With
OPENCLAW_VERSIONset: Uses that specific tag/branch (e.g.,v2026.2.15) - Without
OPENCLAW_VERSION: Usesmainbranch (may be unstable)
OPENCLAW_VERSION=v2026.2.15
This pins your deployment to a known stable release, protecting you from upstream breakage.
Pin to Stable Release (Recommended)
OPENCLAW_VERSION=v2026.2.15
Use when main branch is broken or to ensure consistent deployments.
Use Latest Main (Advanced)
(Leave OPENCLAW_VERSION unset)
Automatically uses latest main branch. Good for testing but may break unexpectedly.
Test Specific Branch
OPENCLAW_VERSION=feature-branch-name
Useful for testing unreleased features.
List all OpenClaw releases:
git ls-remote --tags https://github.com/openclaw/openclaw.git | grep -v '\^{}' | sed 's|.*refs/tags/||'See OPENCLAW-VERSION-CONTROL.md for detailed documentation.
Run openclaw commands without SSH access:
- Gateway lifecycle: restart, stop, start
- OpenClaw CLI: version, status, health, doctor, logs
- Config inspection: get any config value
- Device management: list and approve pairing requests
- Plugin management: list and enable plugins
- Strict allowlist: Only 13 safe commands permitted
- Edit
openclaw.jsondirectly in the browser - Automatic timestamped backups before each save (
.bak-YYYY-MM-DDTHH-MM-SS-SSSZ) - Gateway auto-restart after changes
- Syntax highlighting (monospace font)
- 500KB safety limit with validation
- List pending device pairing requests
- One-click approval via UI
- No SSH required
- Fixes "disconnected (1008): pairing required" errors
- Export: Download
.tar.gzof config + workspace - Import: Restore from backup file (250MB max)
- Path traversal protection
- Perfect for migration or disaster recovery
Add OpenAI-compatible providers during setup:
- Ollama (local LLMs)
- vLLM (high-performance serving)
- LM Studio (desktop GUI)
- Any OpenAI-compatible API endpoint
- Support for environment variable API keys
- Public
/healthzendpoint (no auth required) /setup/api/debugfor comprehensive diagnostics- Automatic
openclaw doctoron failures (5min rate limit) - Detailed error messages with troubleshooting hints
- TCP-based gateway health probes (more reliable)
- Auto-detects Railway environment via
RAILWAY_*env vars - Configures trusted proxies automatically for correct client IPs
- Secure localhost-only proxy trust (127.0.0.1)
- Optional override with
OPENCLAW_TRUST_PROXY_ALL
- 60-second gateway readiness timeout (was 20s)
- Background health monitoring with automatic diagnostics
- Graceful shutdown handling (SIGTERM β SIGKILL escalation)
- Secret redaction in debug output (5 token patterns)
- Credentials directory with strict 700 permissions
- Click "Deploy on Railway" button (if available)
- Configure environment variables:
Required:
SETUP_PASSWORDβ Your chosen password for/setup
Recommended:
OPENCLAW_VERSION=v2026.2.15β Pin to stable releaseOPENCLAW_STATE_DIR=/data/.openclawOPENCLAW_WORKSPACE_DIR=/data/workspace
- Railway will automatically:
- Create a volume at
/data - Build from the Dockerfile
- Enable public networking
- Generate a domain like
your-app.up.railway.app
- Create a volume at
- Create new project from GitHub repo
- Add a Volume service mounted at
/data - Set environment variables (see above)
- Enable Public Networking
- Deploy
Then:
- Visit
https://<your-app>.up.railway.app/setup(password: yourSETUP_PASSWORD) - Complete setup wizard
- Visit
/openclawto start chatting
- Open Telegram and message @BotFather
- Run
/newbotand follow the prompts - BotFather will give you a token like:
123456789:AA... - Paste that token into
/setup
- Go to Discord Developer Portal
- New Application β pick a name
- Open the Bot tab β Add Bot
- Copy the Bot Token and paste into
/setup - IMPORTANT: Enable MESSAGE CONTENT INTENT in Bot settings (required)
- Invite the bot to your server (OAuth2 URL Generator β scopes:
bot,applications.commands)
Solution 1: Use Pairing Helper (UI)
- Visit
/setup - Scroll to "Pairing helper" section
- Click "Refresh pending devices"
- Click "Approve" for each device
Solution 2: Use Debug Console
- Select
openclaw.devices.list - Note the requestId
- Select
openclaw.devices.approve - Enter requestId and click Run
- Visit
/healthzto check gateway status - Visit
/setupβ Debug Console - Run
openclaw doctorcommand - Check
/setup/api/debugfor full diagnostics
Common causes:
- Gateway not started (check
/healthzβgateway.processRunning) - Volume not mounted at
/data - Missing
OPENCLAW_STATE_DIRorOPENCLAW_WORKSPACE_DIRvariables
- Verify volume is mounted at
/data - Check environment variables:
OPENCLAW_STATE_DIR=/data/.openclaw OPENCLAW_WORKSPACE_DIR=/data/workspace - Run
openclaw doctor --fixin Debug Console - Check
/setup/api/debugfor detailed error info - Verify credentials directory exists with 700 permissions
- Set
OPENCLAW_GATEWAY_TOKENin Railway Variables - Use
/setupto reset and reconfigure - Or edit config via Config Editor to ensure
gateway.auth.tokenmatches
- Check if OpenClaw main branch is broken
- Set
OPENCLAW_VERSION=v2026.2.15to pin to stable release - Check Railway build logs for specific errors
- Verify all required files are in the repository
"File too large: X.XMB (max 250MB)"
- Reduce workspace files before exporting
- Split large data into multiple imports
"Import requires both STATE_DIR and WORKSPACE_DIR under /data"
- Set in Railway Variables:
OPENCLAW_STATE_DIR=/data/.openclaw OPENCLAW_WORKSPACE_DIR=/data/workspace
"Config file too large: X.XKB (max 500KB)"
- Config exceeds safety limit
- Remove unnecessary data from config
docker build -t openclaw-railway-template .
docker run --rm -p 8080:8080 \
-e PORT=8080 \
-e SETUP_PASSWORD=test \
-e OPENCLAW_STATE_DIR=/data/.openclaw \
-e OPENCLAW_WORKSPACE_DIR=/data/workspace \
-e OPENCLAW_VERSION=v2026.2.15 \
-v $(pwd)/.tmpdata:/data \
openclaw-railway-template
# Open http://localhost:8080/setup (password: test)# Set environment variables
export SETUP_PASSWORD=test
export OPENCLAW_STATE_DIR=/tmp/openclaw-test/.openclaw
export OPENCLAW_WORKSPACE_DIR=/tmp/openclaw-test/workspace
export OPENCLAW_GATEWAY_TOKEN=$(openssl rand -hex 32)
# Run the wrapper
npm run dev
# or
node src/server.js
# Visit http://localhost:8080/setup (password: test)docker build --build-arg OPENCLAW_VERSION=v2026.2.16 -t openclaw-test .- CLAUDE.md - Developer documentation and architecture notes
- CONTRIBUTING.md - Contribution guidelines and development setup
- MIGRATION.md - Migration guide from older versions
- OPENCLAW-VERSION-CONTROL.md - Version control feature details
- DAY7-TEST-REPORT.md - Comprehensive test results
- QA-SANITY-CHECK-REPORT.md - Local validation results
- Report Issues: https://github.com/codetitlan/moltbot-railway-template/issues
- Discord: https://discord.com/invite/clawd
- OpenClaw Docs: https://docs.openclaw.com
Based on clawdbot-railway-template with significant enhancements.
- Debug Console, Config Editor, Pairing Helper - Enhanced onboarding workflow
- Import/Export Backup - Migration and disaster recovery
- Custom Provider Support - Ollama, vLLM, and more
- Smart Railway Integration (PR #12 by @ArtificialSight) - Proxy detection
- OpenClaw Version Control - Flexible version management
- Enhanced Diagnostics - Better error messages and troubleshooting
- Automatic Migration - Legacy env var support
- β SSH-free command execution via Debug Console
- β Browser-based configuration editing
- β One-click device pairing approval
- β Complete backup import/export system
- β Support for custom AI providers
- β Flexible OpenClaw version pinning
- β Smart Railway environment detection
- β Comprehensive health monitoring
- β Automatic migration from legacy templates
- β Security hardening (secret redaction, path validation)