How to Install OpenClaw on a VPS
A complete step-by-step walkthrough from a fresh Ubuntu 22.04 server to a running OpenClaw agent connected to your messaging apps.
Steps in This Guide
Prerequisites & Requirements
Gather everything you need before starting — this saves time mid-install.
VPS with Ubuntu 22.04
Min 4 GB RAM, 40 GB NVMe SSD, root access
AI Provider API Key
Anthropic, OpenAI, or Google — have it ready
Messaging App Account
Telegram Bot token is easiest to start with
SSH Client
Terminal on Mac/Linux, PuTTY or Windows Terminal on PC
If you haven’t chosen a hosting provider yet, read our VPS comparison guide first. For the most beginner-friendly experience, Hostinger’s 1-click OpenClaw setup skips most of this guide entirely.
Connect to Your VPS via SSH
Your hosting provider will email you an IP address, username (usually root), and password after provisioning. Use those to connect.
Mac / Linux Terminal SSH command
Replace YOUR_SERVER_IP with the IP address from your hosting provider’s email. Accept the fingerprint prompt by typing yes.
Windows Using Windows Terminal or PowerShell
Once logged in, consider switching from password to SSH key authentication — it’s more secure and eliminates the risk of brute-force attacks. See our security guide for the exact commands.
Create a non-root user (best practice)
Running OpenClaw as root is not recommended. Create a dedicated user:
Update System & Install Docker
Always start with a fully updated system. Then install Docker Engine — the container runtime OpenClaw requires.
Update packages
Install Docker Engine (official method)
Verify Docker is running
Add your user to the docker group (avoids needing sudo)
Ubuntu may suggest installing Docker via snap. Avoid this — use the official Docker repository as shown above. The snap version can have compatibility issues with OpenClaw’s Docker Compose configuration.
Deploy OpenClaw with Docker Compose
Create the OpenClaw directory structure and Docker Compose configuration.
Create the OpenClaw directory and navigate to it
Create the Docker Compose file
The port is bound to 127.0.0.1:3000 (localhost only). This means the OpenClaw Control UI is not publicly accessible by default — you access it via SSH tunnel. This is the correct security posture. Do not change this to 0.0.0.0 without adding authentication first.
Pull the latest OpenClaw image
Configure Environment Variables
The .env file is where you store your API keys and configuration. Treat this file like a password — never share it or commit it to version control.
Create the .env file
Minimum required configuration
Set restrictive permissions on your .env file immediately after creating it:
Anthropic: console.anthropic.com → API Keys | OpenAI: platform.openai.com → API Keys | Google: aistudio.google.com → Get API Key. Set a spending limit before deploying.
Start OpenClaw & Run the Onboarding Wizard
Launch the OpenClaw container and connect to the onboarding interface.
Start the container
Verify it’s running
Access the Control UI via SSH tunnel
On your local machine (not on the server), open a new terminal and run:
Now open http://localhost:3000 in your browser. You should see the OpenClaw setup wizard.
The wizard will guide you through: confirming you understand OpenClaw’s capabilities and risks, choosing your AI provider and model, setting a gateway token for security, and running a first test conversation. Complete all steps before moving on.
Enable auto-start on server reboot
The restart: unless-stopped in your Compose file handles this — Docker will automatically restart OpenClaw after a server reboot as long as Docker itself starts on boot.
Connect Your Messaging Channels
Telegram is the easiest starting point. Here’s how to connect it — then your agent is reachable from your phone.
1. Create a Telegram Bot via BotFather
Open Telegram and search for @BotFather. Send /newbot, choose a name and username for your bot, and copy the API token it gives you.
2. Add the token to your .env file
3. Restart OpenClaw to apply the new configuration
4. Start a conversation with your bot
Search for your bot’s username in Telegram, tap Start, and send your first message. You should see a response within a few seconds.
WhatsApp requires scanning a QR code via OpenClaw’s Control UI, which links your WhatsApp account (or a dedicated number) to the gateway. See the Control UI → Channels section after completing Telegram setup first.
Verify & Test Your Agent
Before setting up automations, confirm everything is working correctly.
- Send “Hello” to your Telegram bot — you should get a response within 5 seconds
- Ask it something simple: “What’s today’s date?” — tests the AI connection
- Ask it to “summarize this URL: [any website]” — tests web browsing capability
- Check Docker logs for any errors:
docker logs openclaw --tail 50 - Verify the container restarts after a reboot:
sudo reboot, wait 2 minutes, send a message - Confirm your AI provider dashboard shows usage (token consumption)
Useful management commands
Post-Install Security Checklist
Before you start using OpenClaw in production, complete these security steps. See our full security hardening guide for detailed instructions on each.
- Set a strong, unique gateway auth token (not the default)
- Enable SSH key authentication and disable password login
- Enable UFW firewall: allow only ports 22, 80, 443
- Set spending limits on your AI provider account
- Set file permissions:
chmod 600 .env - Never expose port 3000 directly to the internet
- Enable automated weekly backups of your
~/openclaw/datadirectory - Schedule the update script:
docker compose pull && docker compose up -dweekly
Installation Complete — What’s Next?
Secure your instance, protect against API cost overruns, and learn how to keep OpenClaw running reliably.
Security Hardening Guide → Prevent Runaway API Costs →