Run OpenClaw on a VPS: Complete Setup Guide
Deploy OpenClaw on a VPS for 24/7 availability. SSH tunneling, Tailscale, and remote access configuration.
Overview
Running OpenClaw on a VPS (Virtual Private Server) gives you 24/7 availability without needing your personal computer to stay on. This guide covers VPS deployment, persistent service setup, and remote access.
Why Run on a VPS?
- Always-on — your laptop can sleep, the agent stays available
- 24/7 availability — respond to messages anytime
- Remote access — connect from anywhere via SSH/Tailscale
- Home IP privacy — don't expose your home IP address
- Better performance — dedicated CPU/memory
Quick Start
Spin up a VPS
Choose a provider below and create a VM with:
- Ubuntu 20.04+ or Debian
- 2+ CPU cores
- 2GB+ RAM
Install Node.js
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt-get install -y nodejsInstall OpenClaw
npm install -g openclaw@latestOnboard and install daemon
openclaw onboard --install-daemonStart the gateway
openclaw gateway --port 18789Persistent Service (systemd)
Ensure OpenClaw starts automatically on boot and restarts if it crashes:
# Create systemd service file
sudo tee /etc/systemd/system/openclaw.service > /dev/null << 'EOF'
[Unit]
Description=OpenClaw Gateway
After=network.target
[Service]
Type=simple
User=node
WorkingDirectory=/home/node
ExecStart=/usr/bin/openclaw gateway --port 18789
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
# Enable and start
sudo systemctl daemon-reload
sudo systemctl enable openclaw
sudo systemctl start openclawUseful commands:
# Check status
sudo systemctl status openclaw
# View logs
sudo journalctl -u openclaw -f
# Restart
sudo systemctl restart openclawInitial Configuration
Create a basic config on your VPS:
mkdir -p ~/.openclaw
cat > ~/.openclaw/openclaw.json << 'EOF'
{
"gateway": {
"bind": "loopback",
"auth": {
"mode": "token",
"token": "generate-a-secure-token-here"
}
},
"session": {
"dmScope": "per-channel-peer"
}
}
EOFopenssl rand -base64 32Recommended Providers
These providers work well with OpenClaw:
Hetzner (CPX11)
Excellent value, EU-based, 2 vCPU / 2GB RAM for ~€5/mo.
Best pick for most users.
See docsDigitalOcean
Easy setup, good docs, global regions. From $5/mo.
AWS / GCP
Enterprise-grade, free tiers available. Pay-as-you-go.
Accessing Your VPS Gateway
Once the gateway is running on your VPS, access it remotely:
SSH tunnel (recommended)
ssh -N -L 18789:127.0.0.1:18789 user@your-vps-ipNow use ws://127.0.0.1:18789 locally.
Or use Tailscale
Install Tailscale on both machines:
# On VPS
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up
# On your local machine
tailscale upAccess at http://100.x.x.x:18789 (your Tailscale IP).
Docker on VPS
Run OpenClaw in Docker on your VPS for easier management:
docker run -d --name openclaw -v openclaw-data:/home/node/.openclaw -p 127.0.0.1:18789:18789 --restart unless-stopped openclaw/openclaw:latestOr use docker-compose for persistent storage:
version: '3.8'
services:
openclaw:
image: openclaw/openclaw:latest
volumes:
- ./data:/home/node/.openclaw
ports:
- "127.0.0.1:18789:18789"
restart: unless-stoppedBackup Strategy
Regularly backup your OpenClaw data:
# Backup script - run via cron
#!/bin/bash
DATE=$(date +%Y%m%d)
tar -czf openclaw-backup-$DATE.tar.gz ~/.openclaw
# Upload to cloud storage (AWS S3, Backblaze, etc.)
aws s3 cp openclaw-backup-$DATE.tar.gz s3://your-bucket/What to backup:
~/.openclaw/openclaw.json— config~/.openclaw/credentials/— channel credentials~/.openclaw/agents/— agent memory & sessions
Security for VPS
- Keep loopback binding — never expose Gateway to public internet
- Use SSH keys — disable password authentication
- Run security audit —
openclaw security auditregularly - Consider firewall — only allow SSH (port 22) from your IP
- UFW example:
ufw allow from YOUR_IP to any port 22
Alternatives
VPS isn't the only option:
- Home server — always-on desktop or old laptop
- Docker on VPS — see Docker Setup
- macOS app remote mode — use the macOS app's built-in remote access
See the official remote access docs for complete details.