How to Install OpenClaw on a VPS: Setup Guide

What if you could have your own AI assistant running 24/7 in the cloud, ready to answer you from Telegram at any time, and it only costs less than a Netflix subscription? That's exactly what we're building.

Follow the interactive guide: installopenclawnow.com

Pre-Setup: Everything You Need Before Installing OpenClaw on a VPS

Gather everything first. Think of this as your shopping list.

1. Choose a VPS Provider for Your AI Agent

A VPS (Virtual Private Server) is a computer in the cloud that you rent. Think of it like a tiny apartment for your AI agent.

Provider	Starting Price	Best For
Hetzner	~$4.50/mo	Best value in Europe
DigitalOcean	~$6/mo	Beginner-friendly docs
AWS Lightsail	~$5/mo	If you already use AWS
Vultr	~$6/mo	Worldwide locations
Hostinger	~$4/mo	Budget-friendly

Detailed Provider Comparison

Hetzner (Recommended): European company, excellent bang for buck. Their CX22 (2 vCPU, 4GB RAM) costs around $4.50/month. Data centers in Germany, Finland, and the US (Ashburn). Network performance is outstanding for the price. The control panel is clean and simple. If you're in Europe or don't care about geographic proximity, Hetzner wins on value.

DigitalOcean: The "developer friendly" choice. Their documentation is the best in the industry. Every tutorial is step-by-step with screenshots. The $6/month Basic Droplet (1 vCPU, 1GB RAM) works for OpenClaw, but I'd recommend the $12/month tier (2 vCPU, 2GB RAM) for comfortable headroom. Data centers worldwide. Great support.

AWS Lightsail: Amazon's simplified VPS offering. Starts at $5/month. The advantage: if you already have an AWS account, you're set up in minutes. The disadvantage: AWS pricing can be confusing, and if you accidentally spin up resources outside Lightsail, your bill can spike. Stick to Lightsail only.

Vultr: Strong contender with data centers in 32 locations globally. Good for users in Asia, South America, or anywhere Hetzner/DO doesn't have presence. Pricing is competitive. The API is solid if you want to automate server management later.

Contabo (Budget Pick): Not in the table above, but worth mentioning. Contabo offers absurd specs for the price: 4 vCPU, 8GB RAM for about $6.50/month. The catch: network performance can be inconsistent, and support is slower. But for raw compute per dollar, nothing beats it.

My recommendation: Hetzner CX22 for most people. Best balance of price, performance, and reliability.

2. Recommended Server Specs for OpenClaw

Spec	Requirement
OS	Ubuntu 24.04 LTS
CPU	2 vCPUs
RAM	4GB minimum (2GB + swap works)
Storage	40GB SSD
Cost	$4-12/month

3. Get an Anthropic API Key

This is how your agent talks to Claude. Go to console.anthropic.com, create an account, navigate to API Keys, and create one. Typical cost: $20-50/month. You can set spending limits.

4. Create a Dedicated Gmail Account

Create a brand new Gmail for your agent. Keep your personal email separate.

5. Prepare Telegram

Download Telegram on your phone. We'll create the bot in Step 5.

6. Choose Your AI Model

Step 1: Create and Secure Your VPS for OpenClaw

Create Your Server on Hetzner

1. Go to hetzner.com/cloud and create an account
2. Click "Add Server"
3. Location: Choose the closest to you
4. Image: Select Ubuntu 24.04
5. Type: Choose CX22 (2 vCPU, 4GB RAM, ~$4.50/month)
6. SSH Key: Set up below
7. Click Create & Buy Now

Set Up SSH Key Authentication

Check if you already have a key:

ls ~/.ssh/id_ed25519.pub

If not, create one:

ssh-keygen -t ed25519 -C "your-email@example.com"

Copy your public key and paste it into the provider's SSH Key section:

cat ~/.ssh/id_ed25519.pub

First SSH Login to Your VPS

ssh root@YOUR_SERVER_IP

Type yes when asked about authenticity. Update the system:

apt update && apt upgrade -y

Create a Non-Root User for OpenClaw

adduser agentuser
usermod -aG sudo agentuser
mkdir -p /home/agentuser/.ssh
cp ~/.ssh/authorized_keys /home/agentuser/.ssh/
chown -R agentuser:agentuser /home/agentuser/.ssh
chmod 700 /home/agentuser/.ssh
chmod 600 /home/agentuser/.ssh/authorized_keys

Test in a new terminal: ssh agentuser@YOUR_SERVER_IP

Set Up the UFW Firewall

sudo ufw allow OpenSSH
sudo ufw enable

Add Swap Space (If 2GB RAM)

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Step 2: Install OpenClaw on Your Ubuntu VPS

Make sure you're logged in as agentuser.

# Install Node.js 22+
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejs

# Install pnpm
sudo npm install -g pnpm

# Install OpenClaw
curl -fsSL https://openclaw.ai/install.sh | bash

Verify:

openclaw --help
openclaw doctor

Step 3: Run the OpenClaw Onboarding Wizard

openclaw onboard --install-daemon

The wizard walks you through: QuickStart mode → Anthropic provider → API key → Claude Opus 4.6 → Telegram channel → Skills → Heartbeat.

Verify: openclaw health should show "Gateway: running".

Step 4: Keep OpenClaw Running with systemd (Linux Service Manager)

Check if the service is running:

systemctl --user status openclaw-gateway

If it doesn't exist, create it manually:

mkdir -p ~/.config/systemd/user

cat > ~/.config/systemd/user/openclaw-gateway.service << 'SVC'
[Unit]
Description=OpenClaw Gateway
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=%h/.openclaw/bin/openclaw gateway
Restart=on-failure
RestartSec=5
Environment=NODE_ENV=production

[Install]
WantedBy=default.target
SVC

systemctl --user daemon-reload
systemctl --user enable openclaw-gateway
systemctl --user start openclaw-gateway

OpenClaw VPS Management Commands

# Check status
systemctl --user status openclaw-gateway

# View live logs (Ctrl+C to stop)
journalctl --user -u openclaw-gateway -f

# Restart / Stop / Start
openclaw gateway restart
openclaw gateway stop
openclaw gateway start

Step 5: Connect Your Telegram Bot to OpenClaw

1. Open Telegram, search for @BotFather
2. Send /newbot, enter your agent's name, choose a username ending in bot
3. Copy the bot token (keep it secret!)

Add to your config if the wizard didn't ask:

nano ~/.openclaw/openclaw.json

{
  "channels": {
    "telegram": {
      "enabled": true,
      "botToken": "YOUR_BOT_TOKEN_HERE",
      "dmPolicy": "pairing"
    }
  }
}

Restart and pair:

openclaw gateway restart
# Send any message to your bot on Telegram
openclaw pairing list telegram
openclaw pairing approve telegram ABCD1234

Step 6: Write Your AI Agent's First Prompt (SOUL.md)

cd ~/.openclaw/workspace
nano SOUL.md

# SOUL.md

You are [Agent Name], a personal AI assistant.

## Who You Are
- Helpful, proactive, and reliable
- Speak in a [casual/professional] tone

## Your Mission
[What should your agent do?]

## Rules
- Always ask before sending external messages
- Never share personal information
- Keep a daily log in memory/YYYY-MM-DD.md

Step 7: Your First Conversation with Your AI Agent

Message your bot on Telegram. Try these:

• "Hey! Who are you and what can you do?"
• "What files are in your workspace?"
• "Search the web for today's top news"
• "Create a file called test.txt with 'Hello World'"

Step 8: VPS Security Hardening for Your AI Agent

Your VPS is exposed to the internet. Without hardening, bots will find it and try to break in within hours. This is not optional.

8.1: OpenClaw Built-In Security Audit

# Run the deep audit
openclaw security audit --deep

# Auto-fix what it can
openclaw security audit --fix

This checks your OpenClaw config for common mistakes: exposed API keys, overly permissive file access, missing daemon security.

8.2: Lock Down SSH Access

# Disable root login and password authentication
sudo nano /etc/ssh/sshd_config

Find and set these values:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3

sudo systemctl restart sshd

This means: only your SSH key can log in. No passwords. No root. This alone blocks 99% of automated attacks.

8.3: Install fail2ban (Brute Force Protection)

sudo apt install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

fail2ban watches your SSH logs. If someone tries too many wrong passwords (even though we disabled passwords), it bans their IP. Default: 5 failed attempts = 10 minute ban. You can tighten this.

8.4: Automatic Security Updates

sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

This ensures critical security patches install automatically. Your VPS stays patched even if you forget to log in for weeks.

8.5: Lock OpenClaw File Permissions

chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/openclaw.json

Your API keys live in openclaw.json. These permissions mean only your user can read them. No other user on the system (if there were any) could access your credentials.

8.6: Optional but Recommended: Change SSH Port

sudo nano /etc/ssh/sshd_config
# Change: Port 22 to Port 2222 (or any number between 1024-65535)
sudo ufw allow 2222/tcp
sudo ufw delete allow OpenSSH
sudo systemctl restart sshd

Most automated attacks target port 22. Changing the port to something non-standard eliminates 95% of automated login attempts. Not real security (an attacker can scan ports), but it dramatically reduces noise in your logs.

Step 9: Secure Remote Access with Tailscale (Mandatory)

# On your VPS
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# On your local computer: install from tailscale.com/download
# Then SSH via Tailscale IP
ssh agentuser@100.x.x.x

Step 10: Set Up Your First OpenClaw Cron Job Automation

Message your agent on Telegram:

"Set up a daily cron job at 8 AM that sends me a morning brief with today's weather, a motivational quote, and a summary of the top 3 tech news stories."

Or create one via terminal:

openclaw cron add --schedule "0 8 * * *" \
  --prompt "Send me a morning brief with weather and news" \
  --channel telegram

Mac Mini vs VPS: Which Should You Choose for OpenClaw?

	VPS (Cloud)	Mac Mini
Upfront cost	$0	$500-800+
Monthly cost	$4-12/mo	$5-10/mo (electricity)
Setup difficulty	Medium (CLI)	Easy (has a screen)
Always on	Yes (99.9%)	Yes (if configured)
Data privacy	Provider's servers	Your hardware
macOS features	No	Yes (iMessage, etc)
Scaling	Upgrade in minutes	Buy new hardware

Alternative: Docker Setup for OpenClaw on VPS

If you prefer containerized deployments, OpenClaw runs great in Docker. This isolates it from your system and makes updates cleaner.

# Install Docker
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
# Log out and back in for group change to take effect

# Create a docker-compose.yml
mkdir ~/openclaw-docker && cd ~/openclaw-docker
cat > docker-compose.yml << 'EOF'
version: '3.8'
services:
  openclaw:
    image: openclaw/openclaw:latest
    restart: unless-stopped
    volumes:
      - ./data:/root/.openclaw
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
EOF

# Start it
docker compose up -d

# View logs
docker compose logs -f

The Docker approach has three advantages:

1. Clean updates. Pull the new image, restart the container. No dependency conflicts.
2. Isolation. OpenClaw can't accidentally modify system files.
3. Portability. Move your data/ folder to any machine with Docker and you're running.

The downside: Docker adds a small memory overhead (~100MB). On a 2GB RAM VPS, that matters. On 4GB+, it's negligible.

Monitoring Your VPS Agent

Your agent runs 24/7. You need to know when something breaks.

Basic Health Checks

# Check if OpenClaw is running
openclaw health

# Check system resources
htop

# Check disk space (agents can fill disks with logs)
df -h

Set Up a Simple Uptime Alert

The cheapest monitoring: have your agent check its own health. Add a cron job that pings you on Telegram if something's wrong:

openclaw cron add --schedule "0 */4 * * *" \
  --prompt "Run openclaw health. If anything looks wrong, message me immediately. Otherwise stay quiet." \
  --channel telegram

This runs every 4 hours. If OpenClaw itself is down, the cron won't fire, and you'll notice the silence. For more robust monitoring, use an external service like UptimeRobot (free tier) pointed at your VPS IP.

What to Build Next with Your OpenClaw VPS

Your agent is alive. Here's where to go:

• Add more channels (WhatsApp, Discord, Slack)
• Install skills for new abilities
• Set up cron automations
• Refine SOUL.md as you learn what works
• Run openclaw security audit --deep monthly

Inside OpenClaw Lab, 250+ founders share their exact agent configurations, multi-agent setups, and automation playbooks. The fastest way to go from "it works" to "it runs my business."

Frequently Asked Questions

How do I install OpenClaw on a VPS?

SSH into your VPS, install Node.js v18+, then run 'npm install -g openclaw@latest' and 'openclaw onboard --install-daemon'. The process takes about 10 minutes. Any Linux VPS with at least 1GB RAM works, including $5/month options from DigitalOcean or Hetzner.

What is the cheapest VPS for running OpenClaw?

A $5/month VPS from providers like DigitalOcean, Hetzner, or Contabo is enough to run OpenClaw. You need at least 1GB RAM and a modern Linux distribution. OpenClaw itself is lightweight since the AI processing happens on the LLM provider's servers.

Is a VPS better than a Mac Mini for OpenClaw?

A VPS is better if you want low cost and no hardware maintenance. A Mac Mini is better if you want full control, faster local operations, and no monthly hosting fees. Both work well for running OpenClaw 24/7.

How do I keep OpenClaw running on a VPS after I disconnect?

Install OpenClaw as a daemon using 'openclaw onboard --install-daemon'. This creates a systemd service that runs automatically on boot and restarts if it crashes. You can also use tools like pm2 or screen as alternatives.

Can I run OpenClaw on a free VPS?

Some providers offer free VPS tiers (Oracle Cloud, Google Cloud free tier) that can run OpenClaw. However, free tiers often have limited resources and may not be reliable for 24/7 operation. A $5/month VPS is recommended for consistent performance.