{ "schemaVersion": "1.0", "item": { "slug": "self-host", "name": "Self-Host", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/ivangdavila/self-host", "canonicalUrl": "https://clawhub.ai/ivangdavila/self-host", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/self-host", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=self-host", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/self-host" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/self-host", "agentPageUrl": "https://openagent3.xyz/skills/self-host/agent", "manifestUrl": "https://openagent3.xyz/skills/self-host/agent.json", "briefUrl": "https://openagent3.xyz/skills/self-host/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Before Installing Anything", "body": "Backups first — decide where data lives and how it's backed up before deploying, not after data exists\nCheck resource requirements — many services need more RAM than expected, OOM kills corrupt data\nVerify the project is actively maintained — abandoned projects become security liabilities" }, { "title": "Docker Fundamentals", "body": "Always use named volumes or bind mounts for persistent data — anonymous volumes are lost on container removal\nPin image versions (nginx:1.25.3 not nginx:latest) — latest changes unexpectedly and breaks setups\nSet restart policy (unless-stopped or on-failure) — containers don't auto-start after reboot by default\nUse docker compose down not docker compose rm — down handles networks and volumes properly" }, { "title": "Networking", "body": "Never expose database ports to the internet — only the reverse proxy should be public\nUse a reverse proxy (Traefik, Caddy, Nginx Proxy Manager) — handles SSL, routing, and security in one place\nCreate Docker networks per project — default bridge network lacks DNS resolution between containers\nBind admin interfaces to localhost only (127.0.0.1:8080:8080) — not all traffic needs to be public" }, { "title": "SSL and Domains", "body": "Use automatic SSL with Let's Encrypt — Caddy and Traefik do this natively\nFor local/LAN access, use a real domain with DNS challenge — avoids browser certificate warnings\nWildcard certificates simplify multi-service setups — one cert for *.home.example.com" }, { "title": "Security Essentials", "body": "Change all default passwords immediately — bots scan for default credentials within hours\nEnable automatic security updates for the host OS — unpatched systems get compromised\nUse fail2ban or equivalent — brute force attacks are constant\nKeep services behind authentication (Authelia, Authentik) — not everything has built-in auth\nDisable root SSH, use key-only authentication — password SSH is a vulnerability" }, { "title": "Backups", "body": "Test restores, not just backups — untested backups are wishful thinking\n3-2-1 rule: 3 copies, 2 different media, 1 offsite — local RAID is not backup\nAutomate backup schedules — manual backups get forgotten\nBack up Docker volumes, not containers — containers are ephemeral, data is not" }, { "title": "Monitoring", "body": "Set up uptime monitoring (Uptime Kuma is self-hostable) — know when services die before users tell you\nMonitor disk space — full disks cause silent failures and corruption\nLog rotation is mandatory — Docker logs grow forever by default, fill disks\nConsider resource monitoring (Netdata, Prometheus) — spot problems before they're critical" }, { "title": "Maintenance", "body": "Schedule regular update windows — services need updates, plan for downtime\nDocument everything you deploy — future you won't remember why that container exists\nKeep a compose file repo — reproducibility matters when hardware fails\nTest updates on staging when possible — production surprises are painful" }, { "title": "Home Server Specifics", "body": "Dynamic DNS if ISP doesn't provide static IP — Cloudflare, DuckDNS work well\nUPS protects against power loss corruption — especially important for databases\nConsider power consumption — some hardware costs more in electricity than cloud hosting\nPort forwarding exposes your home network — use VPN (WireGuard, Tailscale) instead when possible" }, { "title": "Common Mistakes", "body": "Putting everything on one machine with no redundancy — single point of failure for all services\nIgnoring updates for months — security vulnerabilities accumulate\nNo firewall rules — assuming \"nobody knows my IP\" is security\nStoring secrets in docker-compose.yml committed to git — use .env files, exclude from version control\nOver-engineering from day one — start simple, add complexity when needed" } ], "body": "Self-Hosting Rules\nBefore Installing Anything\nBackups first — decide where data lives and how it's backed up before deploying, not after data exists\nCheck resource requirements — many services need more RAM than expected, OOM kills corrupt data\nVerify the project is actively maintained — abandoned projects become security liabilities\nDocker Fundamentals\nAlways use named volumes or bind mounts for persistent data — anonymous volumes are lost on container removal\nPin image versions (nginx:1.25.3 not nginx:latest) — latest changes unexpectedly and breaks setups\nSet restart policy (unless-stopped or on-failure) — containers don't auto-start after reboot by default\nUse docker compose down not docker compose rm — down handles networks and volumes properly\nNetworking\nNever expose database ports to the internet — only the reverse proxy should be public\nUse a reverse proxy (Traefik, Caddy, Nginx Proxy Manager) — handles SSL, routing, and security in one place\nCreate Docker networks per project — default bridge network lacks DNS resolution between containers\nBind admin interfaces to localhost only (127.0.0.1:8080:8080) — not all traffic needs to be public\nSSL and Domains\nUse automatic SSL with Let's Encrypt — Caddy and Traefik do this natively\nFor local/LAN access, use a real domain with DNS challenge — avoids browser certificate warnings\nWildcard certificates simplify multi-service setups — one cert for *.home.example.com\nSecurity Essentials\nChange all default passwords immediately — bots scan for default credentials within hours\nEnable automatic security updates for the host OS — unpatched systems get compromised\nUse fail2ban or equivalent — brute force attacks are constant\nKeep services behind authentication (Authelia, Authentik) — not everything has built-in auth\nDisable root SSH, use key-only authentication — password SSH is a vulnerability\nBackups\nTest restores, not just backups — untested backups are wishful thinking\n3-2-1 rule: 3 copies, 2 different media, 1 offsite — local RAID is not backup\nAutomate backup schedules — manual backups get forgotten\nBack up Docker volumes, not containers — containers are ephemeral, data is not\nMonitoring\nSet up uptime monitoring (Uptime Kuma is self-hostable) — know when services die before users tell you\nMonitor disk space — full disks cause silent failures and corruption\nLog rotation is mandatory — Docker logs grow forever by default, fill disks\nConsider resource monitoring (Netdata, Prometheus) — spot problems before they're critical\nMaintenance\nSchedule regular update windows — services need updates, plan for downtime\nDocument everything you deploy — future you won't remember why that container exists\nKeep a compose file repo — reproducibility matters when hardware fails\nTest updates on staging when possible — production surprises are painful\nHome Server Specifics\nDynamic DNS if ISP doesn't provide static IP — Cloudflare, DuckDNS work well\nUPS protects against power loss corruption — especially important for databases\nConsider power consumption — some hardware costs more in electricity than cloud hosting\nPort forwarding exposes your home network — use VPN (WireGuard, Tailscale) instead when possible\nCommon Mistakes\nPutting everything on one machine with no redundancy — single point of failure for all services\nIgnoring updates for months — security vulnerabilities accumulate\nNo firewall rules — assuming \"nobody knows my IP\" is security\nStoring secrets in docker-compose.yml committed to git — use .env files, exclude from version control\nOver-engineering from day one — start simple, add complexity when needed" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ivangdavila/self-host", "publisherUrl": "https://clawhub.ai/ivangdavila/self-host", "owner": "ivangdavila", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/self-host", "downloadUrl": "https://openagent3.xyz/downloads/self-host", "agentUrl": "https://openagent3.xyz/skills/self-host/agent", "manifestUrl": "https://openagent3.xyz/skills/self-host/agent.json", "briefUrl": "https://openagent3.xyz/skills/self-host/agent.md" } }