Deploy OpenClaw in Codespaces for Free with Tailscale

This article details how to set up a cloud runtime environment for OpenClaw AI agents for free or at a very low cost. The tutorial demonstrates how to use free GitHub Codespaces as a cloud server, install OpenClaw, and power it using the Gemini Free Tier or Codex credits from ChatGPT Plus. Finally, the guide explains how to configure secure private network access using Tailscale. This allows you to stably manage the OpenClaw dashboard locally, laying a solid foundation for future complex AI workflow automation.

Watch the full video tutorial here:

The workflow relies on GitHub Codespaces acting as the foundational cloud runtime environment, granting up to 60 free hours of compute. Within this environment, OpenClaw operates as the agent runtime. It draws its generative capabilities from one of three distinct model access options (Gemini Free Tier, Google AI Pro, or ChatGPT Plus). Finally, Tailscale bridges the cloud instance to a local machine, establishing a secure, encrypted tunnel for private dashboard access and future callback URL integrations.

1. Establishing the Cloud Runtime: GitHub Codespaces

GitHub Codespaces provides an accessible, cloud-based development environment that serves as an ideal runtime for OpenClaw. For initial testing and educational purposes, a free GitHub account is sufficient.  

Provisioning a standard two-core machine grants up to 60 hours of monthly usage. Alternatively, opting for a four-core machine provides increased performance but consumes the quota faster, yielding approximately 30 hours per month.  

2. Installing and Initializing OpenClaw in Codespaces

OpenClaw can be installed directly within the Codespace terminal. Execute the standard installation command:  

curl -fsSL https://openclaw.com/install.sh | sh

After the installation completes (typically within a minute), initiate the setup sequence in the terminal:

openclaw onboard

Select "Personal Use" and proceed with the "Quick Start" option. The configuration requires selecting a model provider. Based on available accounts, three primary pathways exist:  

• Option A: Gemini Free Tier (Zero Cost): Ideal for basic validation. Generate a free API key via Google AI Studio and supply it to the OpenClaw prompt.  

• Option B: Google AI Pro ($10 API Credit): Subscribers to the $20/month Google AI Pro plan receive $10 in monthly AI credits. By registering a Google Billing account through the Developer Program, these credits can directly offset the usage of higher-tier Gemini models.  

• Option C: ChatGPT Plus (Codex Credits): Active ChatGPT Plus users can utilize Codex credits. Select the OpenAI provider option during onboarding. OpenClaw will generate an authorization URL; navigate to this link, authenticate with the Plus account, and copy the resulting authorization token back into the Codespace terminal.  

3. Configuring Secure Network Access with Tailscale

By default, your local computer and the GitHub Codespaces container operate on completely isolated networks. Furthermore, the public IP address of your Codespace instance changes every time the environment restarts. To establish a stable, permanently valid connection, we use Tailscale to connect both devices to a single private virtual network (Tailnet).

Before executing the commands below, you can interact with the dynamic component below to understand how MagicDNS and Port Binding securely bridge your local physical machine to the cloud runtime environment.

Prerequisite: Register a Tailscale Account and Install the Local App

Before proceeding to the cloud configuration, you must register for a Tailscale account, which is completely free. Once registered, download and install the Tailscale application on your current local physical computer, and ensure you are logged in and connected.  

Step 1: Install Tailscale

Run the official one-click installation script to download and install the network package within the cloud environment:

curl -fsSL https://tailscale.com/install.sh | sh

Step 2: Start the Tailscale Daemon

Because GitHub Codespaces runs on a containerized architecture, the network daemon must be initiated using userspace networking mode. Execute the following command to start the service in the background:

sudo tailscaled --tun=userspace-networking --socks5-server=localhost:1055 &

Step 3: Connect the Device to Your Tailnet

Open a new terminal tab within Codespaces. This step is critical to ensure the daemon from the previous step remains running in the background while you execute the connection command. Run the following command to join the current container to your private network and assign it a dedicated hostname:

sudo tailscale up --hostname=openclaw-codespace

Step 4: Node Authentication and Enabling HTTPS Certificates

After executing the command above, the terminal will output a unique Tailscale authentication URL. Copy this link, open it in your local computer's web browser, log in to your free Tailscale account, and click Connect to approve the node. You will then see openclaw-codespace listed as an active device in your Tailscale Admin Console.

4. Port Forwarding and Accessing the Dashboard

Step 5: Enable Tailscale Serve and HTTPS Certificates

Before we can successfully map the port, we must enable the "Serve" feature for our Tailnet. When you run the port-forwarding command for the first time, Tailscale will pause to request authorization.

Run the following command, attempting to map the internal loopback address (http://127.0.0.1:18789) to Tailscale's secure public port (8443):

sudo tailscale serve --bg --https 8443 http://127.0.0.1:18789

Because this is your first time using this feature, the terminal will output a message stating that Serve is not enabled, along with a configuration URL. Copy and open this URL in your local browser. In the Tailscale settings page that appears, select the first option to enable HTTPS certificates.

(Note: We only need HTTPS certificates for private access; do not enable Tailscale Funnel, as we do not want to expose the dashboard to the public internet.)

Step 6: Finalize the Port Mapping

Once you have enabled HTTPS certificates in your browser, return to your Codespace terminal and execute the exact same command a second time:

sudo tailscale serve --bg --https 8443 http://127.0.0.1:18789

Tailscale will now output a success message and automatically generate a persistent, private HTTPS domain via MagicDNS (e.g., https://openclaw-codespace.YOUR-TAILNET.ts.net:8443/).

Accessing the Dashboard Interface

Now, open this newly generated domain directly in the web browser on your local physical machine. To complete the initial login and security authentication:

1. Navigate to the OpenClaw working directory within your Codespace environment and locate its core configuration file (openclaw.json). Extract the Gateway Auth Token, which is kept secure and hidden by default.

2. Copy this Token string and paste it into the Dashboard login prompt in your local browser.

3. The Codespace terminal will prompt you to approve device pairing. Return to the terminal and press Enter to approve.

Once verified, you can seamlessly and securely manage your cloud-hosted OpenClaw dashboard locally, without ever exposing insecure ports to the public internet.

5. Conclusion

The foundation is now entirely ready. We have successfully used GitHub Codespaces to provision a zero-cost cloud runtime, install and initialize OpenClaw, connect it to a reliable model provider, and fully integrate a secure, hassle-free local access route via Tailscale. This environment is now perfectly prepared to handle advanced Agent workflow orchestration, API integrations, and future automation tasks.