Hosted OpenClaw bots can now use private tailnet web chat without giving up the normal public web path.
That means you can keep one bot in three different shapes:
- public web chat on Cloudflare
- private web chat on your own Tailscale tailnet
- both public and private web chat at the same time
What Changed
The important detail is that this does not move your whole hosted bot product behind Tailscale.
Instead, OpenClaw now keeps a clean split:
- Cloudflare for public web access
- your customer-owned tailnet for private web access
- Telegram still on the public path
So if your team needs an internal-only web URL, you can have that without changing how public web chat or Telegram work for everyone else.
Why This Matters
Some teams want a bot that can:
- reach an internal dashboard
- call a private API
- stay visible only to devices already on the company tailnet
Before this, public web chat was the default answer. Now you can keep that public path if it is useful, or remove it if the workflow should stay internal.
What Stays The Same
- public hosted bots still work the same way
- Telegram stays public-only
- custom domains still apply only to the public web path
- OpenClaw’s own internal ops tailnet stays separate from customer bot traffic
The Safe Way To Roll It Out
If you want to try it without breaking your current bot setup, start with:
- keep public web chat on
- connect your Tailscale workspace
- switch web exposure to
both - verify the private tailnet URL works for your team
- move to
privateonly if you actually want to remove the public path
That gives you the new private path without turning your current hosted workflow upside down.