What I use Unraid for: Self hosting OpenClaw

OpenClaw is an agentic AI framework — basically it lets you run and orchestrate AI agents on your own infrastructure. I have been running it as a Docker container on Unraid and it works pretty well. As with most things I self host, I wanted to get it behind an Apache2 reverse proxy with a proper domain and SSL certificate.

Getting the basic proxy working wasn’t too bad, but the GUI kept showing a broken WebSocket connection — specifically it was trying to connect to wss:// and failing. The problem is that OpenClaw’s gateway is fundamentally WebSocket based, and a standard ProxyPass setup just silently drops the WebSocket upgrade handshake and the whole thing falls apart.

The fix is to use mod_proxy_wstunnel and mod_rewrite together to detect the Upgrade: websocket header and route those connections differently to normal HTTP traffic. You also need to tell OpenClaw itself to trust your proxy’s IP in its gateway config, otherwise it will throw 1008 unauthorised errors on the WebSocket connections.

First make sure you have the required modules enabled:

a2enmod proxy proxy_http proxy_wstunnel headers rewrite
systemctl restart apache2

Then the Apache config:

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName your.domain.com
  ServerAlias www.your.domain.com
  ServerAdmin admin@your.domain.com

  ProxyPreserveHost On
  ProxyRequests Off

  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
  Header always set Referrer-Policy "no-referrer"

  RequestHeader set X-Real-IP %{REMOTE_ADDR}s
  RequestHeader append X-Forwarded-For %{REMOTE_ADDR}s
  RequestHeader set X-Forwarded-Proto "https"

  # WebSocket + HTTP routing
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} websocket [NC]
  RewriteRule /(.*) ws://xx.xx.xx.xx:18789/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*) http://xx.xx.xx.xx:18789/$1 [P,L]

  ErrorLog ${APACHE_LOG_DIR}/openclaw_error.log
  CustomLog ${APACHE_LOG_DIR}/openclaw_access.log combined

  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/your.domain.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/your.domain.com/privkey.pem
</VirtualHost>
</IfModule>

<VirtualHost *:80>
  ServerName your.domain.com
  Redirect permanent / https://your.domain.com/
</VirtualHost>

Replace xx.xx.xx.xx with the IP of your OpenClaw Docker container (or the Unraid host IP if you’re using port mapping), and swap in your actual domain.

The other thing you need to do is configure OpenClaw’s gateway to trust your proxy IP, and set the allowed origin for the Control UI. You can do this via the OpenClaw config or CLI:

openclaw config set gateway.trustedProxies '["your.proxy.ip"]'
openclaw config set gateway.controlui.allowedOrigins '["https://your.domain.com"]'
openclaw gateway restart

Once that’s all in place it should connect cleanly with no WebSocket errors. Remove the Let’s Encrypt section at the bottom and let Certbot add that for you if you’re setting it up fresh.

What I use Unraid for: Self hosting Audiobookshelf

If, like me, you like being in control of your own data. Or, you like hoarding loads of data. Or, better yet, both of those. Then you will probably be interested in Audiobookshelf as it a pretty good podcasting and audio bool self hosted server.

I love both podcasts and audiobooks, and spend a lot of time listening. So I was very excited to find a server for podcasts and audiobooks that I could self host. Setup using docker in Unraid is fairly painless and you can then download and keep all your favourite podcasts etc onto your own server. When it comes to listening to them then there is a pretty good iOS app that can either download or stream episodes or books. I am sure there is an Android app and it’s probably pretty much the same.

Is it as slick as the best podcast apps? No, maybe not, but it is pretty good, and the fact that I know the episodes and books are stored on my server and cannot be taken off me randomly is great.

I have found the setup very reliable, I must have been running it for over two years now and I think it has perhaps needed maintenance about 2 or maybe 3 times. One of those times was because I change the URL of the server.

Once again one thing I needed to right for my setup was the apache2 reverse proxy. So I have included my setup below incase that is useful to you.

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName pods.example.com
        ServerAlias www.pods.example.com

        ProxyPreserveHost On
        RequestHeader set X-Forwarded-Proto "https"

        ProxyPass / http://xx.xx.xx.xx:13378/
        ProxyPassReverse / http://xx.xx.xx.xx:13378/

	RewriteEngine on
	RewriteCond %{HTTP:Upgrade} websocket [NC]
    	RewriteCond %{HTTP:Connection} upgrade [NC]
    	RewriteRule ^/?(.*) "ws://xx.xx.xx.xx:13378/$1" [P,L]

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/pods.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pods.example.com/privkey.pem
</VirtualHost>
</IfModule>

What I use Unraid for: Self hosting Karakeep

I get asked sometimes what I use my Unraid server for that is sat in my garage using power. The answer is loads of things, and I figured I would start documenting them here. I will skip over backups for now, but I do use it for that.

I run a load of Dockers in Unraid to self host lots of useful web apps and other tools. I have got way more interested in self hosting these days for a couple of reasons. The two main ones being that I am keen to control as much of my own data as possible, and that I think that self-hosting is actually a lot easier these days and probably more interesting.

Karakeep

Karakeep (formally called Hoarder I think) is a really useful book marking tool. It actually does a lot more than simply store a link, as it will take a snapshot of the site and also generate tags and even summaries of the site using AI (which can also be locally hosted, e.g. Ollama).

You can read about the many features of Karakeep over on the GitHub, but for me just being able to collect bookmarks, tag them automatically, and the be able to search them is really useful. Additionally, the fact that it takes a snapshot is also very handy. The one thing that I would love is if could keep multiple snapshots from different times, this would be really helpful for academic work. But there are other tools that can do that… more on those later perhaps.

Getting it working

Installing it via docker is a breeze, and there are a load of guides out there that will help you do that. However I use an Apache2 reverse proxy to make Karakeep available via the internet, and that did need a little bit of work to get configured correctly. The thing that was missing for ages was the ‘nocanon’, this stops a weird bug where the preview of a bookmark would not load first time. If you use this I suggest you remove the lets encrypt section at the bottom and have cerbot make that for you, and don’t forget to put in your domains and IPs etc.

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName example.net
    ServerAlias www.example.net
    ServerAdmin admin@email.email

    # Proxy settings
    ProxyPreserveHost On
    ProxyRequests Off

    # Tell Karakeep it's being accessed over HTTPS
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"

    # WebSocket support
    ProxyPass /ws/ ws://xx.xx.xx.xx:3333/ws/
    ProxyPassReverse /ws/ ws://xx.xx.xx.xx:3333/ws/

    ProxyPass / http://xx.xx.xx.xx:3333/ nocanon
    ProxyPassReverse / http://xx.xx.xx.xx:3333/

    # Connection and timeout settings - KEY CHANGES HERE
    ProxyTimeout 60
    Timeout 60

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.net/privkey.pem
</VirtualHost>
</IfModule>

So that is Karakeep, great web app, use it all the time and a great tool to self host. Especially now that search is crap and you might want to keep track of interesting websites yourself.

Part 3: Building Direct Attached Storage

Part 3 of building the DAS storage. I repaired the workstation and got the direct attached storage (DAS) connected. 8*4TB SAS drives configured for now as a BTRFS Raid 1 mirror. Gives me 15TB of usable space. I will do a full parts list soon and also revisit this when I have tested it a bit.

Part 2: Building Direct Attached Storage

Part two of the creation of the 32TB external direct attached storage (DAS) box. I want to keep the costs down, its a bit homemade. Here I just cover the the assembly, as the motherboard in the computer I was intended to connect it to failed on the same day!

Building a homemade direct attached storage (DAS/NAS)

Part 1: Building Direct Attached Storage

I have fourteen 4TB SAS drives, 8 of which I am going to use in a homemade 32TB external direct attached storage (DAS) box. I will be using an old case that I have going spare. To connect it up a bunch of cables I found on eBay. This is part one, the cables.

Building a direct attached storage unit to upgrade the capacity of my workstation.

UNRAID GPU Passthrough – needed a tweak

To get my NVidia GT710 to passthrough to a Windows VM in UNRAID I had to tweak my boot options. I needed to add “video=efifb:off” to the UNRAID OS boot config. Now the GPU passes through no problems.

UNRAID – What do I use it for!? Neo4J Network visualisation.

Quick video on what I use my UNRAID server for. I introduce using the UNRAID to serve the Neo4J database that runs some network visualisation for the website Algorithmic Indexing. Neo4J network visualisations form an important part of my academic research.