Cloudflare Workers Deployment

Deploy OpenClaw on Cloudflare’s edge network using the moltworker container runtime.

Overview

Item	Value
Repository	github.com/strataga/moltworker
Monthly Cost	~$5 (Workers) + API costs
Setup Time	5-10 minutes
Control UI	`/_admin/`

We recommend the strataga/moltworker fork instead of the official cloudflare/moltworker. The fork adds the public webhook routes and control-plane fixes used by these deployment examples.

Architecture


                    Cloudflare Workers
┌─────────────────────────────────────────────────────────┐
│                                                         │
│  ┌───────────────┐    ┌─────────────────────────────┐  │
│  │ Hono Router   │───▶│ Public Routes (no auth)     │  │
│  │               │    │ - /slack/events             │  │
│  │               │    │ - /slack/interactions       │  │
│  │               │    │ - /discord/interactions     │  │
│  │               │    │ - /telegram-webhook         │  │
│  │               │    └─────────────────────────────┘  │
│  │               │                                     │
│  │               │    ┌─────────────────────────────┐  │
│  │               │───▶│ Protected Routes (CF Access)│  │
│  │               │    │ - /_admin/*                 │  │
│  │               │    │ - /api/*                    │  │
│  └───────────────┘    └─────────────────────────────┘  │
│                              │                         │
│                              ▼                         │
│                    ┌─────────────────┐                 │
│                    │ Sandbox Container│                │
│                    │ (OpenClaw Gateway)│               │
│                    │ Port 18789        │               │
│                    └─────────────────┘                 │
│                                                         │
└─────────────────────────────────────────────────────────┘

Prerequisites

Cloudflare account with Workers Paid plan ($5/mo)
BYOK provider key
Bun installed locally
Wrangler CLI (bun add -g wrangler)

Deployment Steps

Clone the Repository


git clone https://github.com/strataga/moltworker.git
cd moltworker
bun install

Configure Worker Name

Edit wrangler.jsonc to set your worker name:


{
  "name": "your-worker-name",  // Change this
  // ... rest of config
}

Build and Deploy


bun run build
bunx wrangler deploy

Configure Secrets

Required secrets:


bunx wrangler secret put OPENROUTER_API_KEY
bunx wrangler secret put MOLTBOT_GATEWAY_TOKEN
bunx wrangler secret put CF_ACCESS_TEAM_DOMAIN
bunx wrangler secret put CF_ACCESS_AUD

Set Up Cloudflare Access

Go to Zero Trust Dashboard
Create an Access Application for your worker
Set path to /_admin/* (NOT /)
Configure authentication (email OTP is simplest)
Note the Application Audience (AUD) tag
Add the AUD to secrets: CF_ACCESS_AUD

Messaging Integrations

Slack (Coming Soon for Hosted OpenClaw VPS)

For the current public product path, start with web chat or Telegram. If you are experimenting with self-managed Workers, Slack uses HTTP Mode (not Socket Mode).

Create Slack App

Go to api.slack.com/apps
Create a new app from scratch
Select your workspace

Enable Event Subscriptions

Request URL: https://YOUR-WORKER.workers.dev/slack/events
Subscribe to bot events:
- message.channels
- message.im
- app_mention

Enable Interactivity

Request URL: https://YOUR-WORKER.workers.dev/slack/interactions

Add OAuth Scopes

Under “OAuth & Permissions”, add:

chat:write
channels:history
im:history
users:read

Install and Configure

Install app to workspace
Copy Bot Token (starts with xoxb-)
Add to Worker secrets:


bunx wrangler secret put SLACK_BOT_TOKEN

Discord

Discord is still coming soon for the hosted public flow. If you are experimenting with self-managed Workers, the manual steps below are the starting point.

Create Discord Application

Go to discord.com/developers
Create a new application

Configure Interactions Endpoint

URL: https://YOUR-WORKER.workers.dev/discord/interactions

Add Bot to Server

Generate OAuth2 URL with bot scope
Select required permissions
Authorize in your server

Add Secret


bunx wrangler secret put DISCORD_BOT_TOKEN

Telegram (Limited Support)

Telegram has fundamental limitations on Cloudflare Workers due to container hibernation. For reliable Telegram support, use VPS deployment.

Why Telegram is unreliable:

OpenClaw uses long-polling by default for Telegram
Cloudflare containers hibernate when idle
Hibernated containers can’t receive poll responses
New messages can’t wake the container

If you must use Telegram:

Set the webhook manually:


curl -X POST "https://api.telegram.org/bot<TOKEN>/setWebhook" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://YOUR-WORKER.workers.dev/telegram-webhook"}'

Do NOT set TELEGRAM_DM_POLICY - it causes gateway crashes.

Environment Variables

Required

Variable	Description
`OPENROUTER_API_KEY`	BYOK provider API key
`MOLTBOT_GATEWAY_TOKEN`	Token for Control UI access
`CF_ACCESS_TEAM_DOMAIN`	Cloudflare Access team domain
`CF_ACCESS_AUD`	Cloudflare Access application audience

Optional

Variable	Description
`SLACK_BOT_TOKEN`	Slack bot token (xoxb-…)
`DISCORD_BOT_TOKEN`	Discord bot token
`TELEGRAM_BOT_TOKEN`	Telegram bot token (limited support)
`DEV_MODE`	Set to ‘true’ to skip auth (local dev only)
`SANDBOX_SLEEP_AFTER`	Duration before sleep (‘never’, ‘10m’, ‘1h’)

Cost Breakdown

Item	Monthly Cost
Cloudflare Workers (Paid plan)	$5
Provider API usage	$10-50 (usage-based)
R2 Storage (optional)	~$0.015/GB
Total	~$15-55/mo

Need Help?

Contact our team if you run into any issues.