Daniel Rosehill Hey, It Works!
Open-Claw-Stack: A Self-Hosted AI Assistant Infrastructure in One Docker Compose
· Daniel Rosehill

Open-Claw-Stack: A Self-Hosted AI Assistant Infrastructure in One Docker Compose

A unified Docker Compose stack combining OpenClaw (AI gateway) and MetaMCP (MCP aggregator) with PostgreSQL, Watchtower auto-updates, and Cloudflare Tunnel for secure remote access.

Self-Hosted Docker AI Infrastructure MCP OpenClaw MetaMCP Open Source

I've been running an increasing number of MCP servers and AI tools on my home server, and the configuration sprawl was getting out of hand. Open-Claw-Stack is my answer: a single Docker Compose file that stands up a complete AI assistant infrastructure — an AI gateway, an MCP aggregator, a database, automatic container updates, and secure remote access — all wired together and ready to go.

What's in the Stack

The stack combines two open-source tools into a unified deployment:

  • OpenClaw — A personal AI assistant providing both a web UI gateway (port 18789) and a CLI bridge (port 18790)

  • MetaMCP — An MCP server aggregator that orchestrates multiple MCP services through a single proxy endpoint (port 12008)

  • PostgreSQL 17 — Backend storage for MetaMCP configuration and state

  • Watchtower — Automatic container image updates on a 24-hour polling cycle

  • Cloudflare Tunnel — Secure remote access without exposing ports to the public internet

The Architecture

The design supports a hybrid dual-access topology:

Local network access — on-LAN clients connect directly to the home server by IP. No tunnel latency, direct access to both OpenClaw and MetaMCP.

Remote access — external clients go through the Cloudflare Tunnel with edge authentication. No ports exposed, no dynamic DNS hassles.

The MetaMCP layer can also be distributed: a local instance manages LAN-based MCP servers (home automation, local databases, internal services), while a remote VPS instance provides cloud-based MCP services (SaaS integrations, external APIs). Both get aggregated through a central coordinator.

Six Services, One Compose File

The docker-compose.yml defines six services:

  1. OpenClaw Gateway — the web interface and main entry point. Configurable timezone, bind address (LAN, localhost, etc.), and health checks every 30 seconds. Requires a gateway token for authentication.

  2. OpenClaw CLI — shares the gateway's network stack. Drops NET_RAW and NET_ADMIN capabilities for sandboxing. TTY enabled for interactive use.

  3. MetaMCP — the MCP aggregator. Key config: TRANSFORM_LOCALHOST_TO_DOCKER_INTERNAL: true for proper Docker networking. Waits for PostgreSQL health verification before starting.

  4. PostgreSQL 17 — persistent named volume, health checks every 10 seconds, configurable credentials.

  5. Watchtower — polls for new container images every 24 hours (configurable). Mounts the Docker socket for management.

  6. Cloudflare Tunnel — requires a tunnel token from the Cloudflare Zero Trust dashboard. Waits for gateway and MetaMCP readiness before starting.

Deployment

Clone the repo, copy example.env to .env, fill in your OpenClaw gateway token and Cloudflare tunnel token, and run docker compose up -d. The environment file exposes configuration for:

  • OpenClaw ports, timezone, bind address, config and workspace directories

  • MetaMCP port and app URL

  • PostgreSQL user, password, and database name

  • Watchtower poll interval

  • Cloudflare tunnel token

Then configure your Cloudflare ingress rules in the Zero Trust dashboard for remote routing.

Why This Exists

Running AI infrastructure at home usually means juggling disconnected services. This stack solves several problems at once: a unified gateway instead of scattered tools, MetaMCP consolidating all your MCP servers (local and cloud), hybrid local/remote access without port exposure, automatic updates so you're not manually pulling images, and local data staying on-premises while cloud integrations stay cloud-side.

The repo is at github.com/danielrosehill/Open-Claw-Stack.