launchthatbot
The Security You Get Without Thinking About It
Container isolation, Cloudflare tunnels, subdomain boundaries, and edge ingress -- all handled before you touch a single config file.
Ready to apply this in your own deployment?
Read the full security overviewThe previous article in this series walked through what happens when an OpenClaw instance is exposed. The short version: most operators end up with a publicly reachable control plane without realizing it, because the defaults do not protect them.
This article is about what LaunchThatBot does differently -- not as a sales pitch, but as a concrete explanation of the architectural decisions that remove those risks before you ever log in.
The core principle: eliminate exposure by default
Most security problems in self-hosted OpenClaw come from one pattern: the operator's instance is reachable from the public internet in ways they did not intend.
LaunchThatBot's architecture is designed so that your OpenClaw instance is never directly exposed to the internet. There is no port to scan, no WebSocket to connect to, no control plane endpoint that an attacker can reach by knowing your IP address.
This is not accomplished through configuration guides or hardening checklists. It is structural. The exposure path does not exist.
Container isolation
Every OpenClaw deployment through LaunchThatBot runs inside an isolated container. This means:
- Process isolation: your OpenClaw instance cannot see or interact with other processes on the host, or with other users' deployments
- Network isolation: the container's network is not directly bound to the host's public interfaces
- Filesystem isolation: your agent's data, configs, and runtime state are scoped to the container boundary
When you deploy OpenClaw directly on a VPS, the process shares the host's network stack. That is why 0.0.0.0:18789 results in public exposure -- there is nothing between the process and the internet.
In a containerized deployment, the process binds inside the container's network namespace. External access only happens through explicitly configured pathways.
Cloudflare tunnels as the ingress layer
Instead of exposing ports on a public IP, LaunchThatBot routes traffic through Cloudflare Tunnels.
Here is what that means in practice:
- No inbound ports open on the host. The tunnel client makes an outbound connection to Cloudflare's edge network. Traffic flows back through that connection.
- DDoS protection and rate limiting happen at the edge, before traffic reaches your deployment.
- TLS termination is handled by Cloudflare, so your instance never deals with certificate management.
- Access policies can be applied at the Cloudflare level, adding authentication gates before traffic even reaches the tunnel.
The critical security property here is that an attacker cannot connect to your instance by scanning IP ranges. There is no listening port to find. The only path to your deployment goes through Cloudflare's edge, which means it goes through their security stack first.
Per-user subdomain isolation
Each LaunchThatBot user gets their own subdomain for managing their deployments. This is not cosmetic -- it creates real operational boundaries:
- Routing isolation: traffic for one user's management surface never touches another user's deployment
- Cookie and session scoping: authentication tokens are scoped to the user's subdomain, preventing cross-tenant leakage
- Incident containment: if something goes wrong with one deployment, the blast radius is contained to that user's subdomain and resources
- Audit clarity: every request is attributable to a specific user context through the subdomain alone
In a typical self-hosted setup, the operator's management UI and their bot's public-facing endpoints often share the same domain, port, or even the same authentication context. That blurring of boundaries is a recurring source of security incidents.
LaunchThatBot keeps these surfaces separated by design.
Edge ingress policy
Beyond tunnels and subdomains, LaunchThatBot applies ingress policies at the network edge:
- Operator surfaces (dashboard, management UI, deployment controls) are behind authenticated access. They are not publicly reachable.
- Bot-facing routes (the paths your agent exposes to external users or services) are separated from operator routes and can be independently configured.
- No direct SSH or shell access to the underlying host is required or provided. All operations happen through the management plane.
This separation means that even if an attacker somehow compromises a bot-facing route, they do not automatically gain access to the operator's control surface.
What you do not have to configure
Here is a partial list of things LaunchThatBot handles that you would need to set up manually in a self-hosted deployment:
Handled by default in LaunchThatBot
- Bind address restricted to prevent public exposure
- Container isolation for process, network, and filesystem
- Cloudflare Tunnel ingress with no public ports
- TLS certificate provisioning and renewal
- Per-user subdomain routing and session isolation
- Operator UI separated from bot-facing endpoints
- DDoS protection and rate limiting at the edge
- No direct host-level access required for operations
Each of these items is a potential failure point in a self-hosted deployment. Not because operators are careless, but because each one requires specific knowledge, configuration, and ongoing maintenance. Skip one, and you have a gap.
This is not about trust -- it is about architecture
We are not asking you to trust that LaunchThatBot is secure. We are showing you the architecture and letting you evaluate it.
The security properties described here are structural. They come from how the system is built, not from promises or policies. Container isolation, tunnel-based ingress, and subdomain separation are verifiable properties that you can reason about and test.
If you want to understand the threat landscape this architecture addresses, read the first article in this series: What Actually Happens When You Expose OpenClaw to the Internet.
If you want a practical checklist for securing a self-hosted instance, the next article covers exactly that.
References
- OpenClaw docs, "Remote access (SSH, tunnels, and tailnets)": docs.openclaw.ai
- OpenClaw docs, "Security": docs.openclaw.ai
- Cloudflare Tunnel documentation: developers.cloudflare.com
Ready to apply this in your own deployment?
Read the full security overviewRelated articles
Feb 21, 2026
Tailscale and UFW Are a Good Start. Here Is Why They Are Not Enough.
You set up Tailscale, enabled UFW, installed Fail2ban, and ran a security audit. That is better than 135,000 exposed instances. But it still leaves gaps that compound the more agents you run.
Feb 15, 2026
A Practical Security Checklist for Solo OpenClaw Operators
Running OpenClaw on your own VPS? Here are the specific things to check, fix, and monitor -- whether or not you ever use LaunchThatBot.
Feb 13, 2026
What Actually Happens When You Expose OpenClaw to the Internet
135,000 OpenClaw instances are exposed right now. Here is what attackers see, what they can do, and why most operators never notice.