openclaw vpsopenclaw vps setupopenclaw vps hostingopenclaw vps vs mac miniopenclaw server requirementsrun openclaw locallyopenclaw self hosted

OpenClaw VPS Setup: Complete Guide to Self-Hosting OpenClaw

March 22, 202610 min readBy OneClaw Team

TL;DR

  • Minimum specs: 1 vCPU, 1 GB RAM, 10 GB SSD, Ubuntu 22.04 LTS
  • Best value VPS: Hetzner CX22 (€3.79/mo) or DigitalOcean Basic Droplet ($18/mo for 4 GB)
  • Stack: OpenClaw + Nginx (or Caddy) + Let's Encrypt + systemd
  • Time to deploy: 2–4 hours if you follow this guide
  • Easier alternative: OneClaw managed hosting — live in minutes, zero maintenance

Why Self-Host OpenClaw on a VPS?

Self-hosting OpenClaw gives you full control over your data, your infrastructure, and your costs. There are no per-seat limits, no vendor lock-in, and no data leaving your own servers. For teams with compliance requirements or developers who simply enjoy owning their stack, running OpenClaw on a VPS is an excellent choice.

That said, self-hosting is not free in terms of time. You are responsible for provisioning, securing, updating, and monitoring the server. This guide covers every step so you can make an informed decision — and if you decide the operational overhead is not worth it, OneClaw managed hosting saves you 2–4 hours of setup and eliminates ongoing maintenance entirely.

If you prefer containers, see our Docker guide for a containerised approach.

Choosing a VPS Provider

Four providers dominate the self-hosted OpenClaw conversation. Here is how they compare on the specs that matter most:

ProviderPlanvCPUsRAMSSDMonthly price
HetznerCX2224 GB40 GB~€3.79
HetznerCX3248 GB80 GB~€5.90
DigitalOceanBasic24 GB80 GB~$18
Linode (Akamai)4 GB24 GB80 GB~$18
VultrCloud Compute24 GB80 GB~$20

Hetzner wins on price-per-core by a wide margin and is the go-to choice for European data residency. Their Nuremberg and Helsinki data centers have excellent latency across Europe.

DigitalOcean costs more but offers a polished control panel, managed databases, and a large library of tutorials — useful if you are newer to Linux administration.

Linode (now Akamai Cloud) has been a reliable independent provider for over two decades and offers 11 global regions with competitive network throughput.

Vultr matches Linode closely and has data centers in more cities, which is valuable if latency to a specific region matters to you.

Recommendation: Start with Hetzner CX22 for personal projects or small teams. Upgrade to CX32 when you have more than five concurrent users or heavy background processing.

VPS vs Mac Mini: Which Should You Choose?

A Mac Mini — particularly an M2 or M4 model — is a surprisingly capable OpenClaw host. The single-thread performance of Apple Silicon exceeds most VPS tiers, and 16–32 GB unified memory handles significant workloads. If you already own one and it sits idle, the marginal cost is just electricity.

However, there are real drawbacks to running a server on-premises:

  • Static IP: Most home ISPs assign dynamic IPs. You will need a static IP add-on (~$10–15/mo) or a dynamic DNS service plus frequent updates.
  • Port forwarding: You must open ports 80 and 443 on your router, which exposes your home network.
  • Uptime: Power cuts, router reboots, and ISP outages all become your problem.
  • Heat and noise: A Mac Mini running 24/7 generates heat and fans will spin under load.
  • Physical security: Your server is in your home, not in a locked data center.

Summary: If you need maximum performance per dollar and already own an M-series Mac Mini, on-premises can work. For everyone else — especially teams or anyone without a static IP — a VPS is simpler, more reliable, and cheaper than adding a static IP to a home plan.

Initial Server Setup

Provision a fresh Ubuntu 22.04 LTS instance. Once you have SSH access as root, run the following:

```bash

Update the system

apt update && apt upgrade -y

Create a non-root user

adduser deploy usermod -aG sudo deploy

Copy your SSH key to the new user

rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy

Switch to the new user for all subsequent steps

su - deploy ```

Firewall

```bash sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow OpenSSH sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw enable ```

Fail2ban

```bash sudo apt install fail2ban -y sudo systemctl enable --now fail2ban ```

Installing Dependencies

OpenClaw requires Node.js (v20 LTS or later), Git, and optionally PostgreSQL if you are not using the embedded SQLite backend.

```bash

Node.js via NodeSource

curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - sudo apt install -y nodejs git build-essential

Verify versions

node -v # should print v20.x.x npm -v ```

If you want PostgreSQL:

```bash sudo apt install -y postgresql postgresql-contrib sudo systemctl enable --now postgresql sudo -u postgres createuser --interactive sudo -u postgres createdb openclaw ```

Deploying OpenClaw

Clone the repository and install dependencies:

```bash cd /opt sudo git clone https://github.com/openclaw/openclaw.git sudo chown -R deploy:deploy /opt/openclaw cd /opt/openclaw npm ci --production ```

Copy and edit the environment file:

```bash cp .env.example .env nano .env ```

Key variables to set:

```env NODE_ENV=production PORT=3000 DATABASE_URL=postgresql://deploy:password@localhost:5432/openclaw SECRET_KEY=your-long-random-secret TELEGRAM_BOT_TOKEN=your-telegram-token AI_PROVIDER=anthropic AI_API_KEY=your-api-key ```

Run a quick smoke test:

```bash npm run start

Visit http://<your-vps-ip>:3000 to confirm it loads

Then stop it with Ctrl+C — systemd will manage it next

```

systemd Service

Create a service file so OpenClaw starts automatically and restarts on failure:

```bash sudo nano /etc/systemd/system/openclaw.service ```

```ini [Unit] Description=OpenClaw Server After=network.target postgresql.service

[Service] Type=simple User=deploy WorkingDirectory=/opt/openclaw ExecStart=/usr/bin/node /opt/openclaw/src/index.js Restart=on-failure RestartSec=5 EnvironmentFile=/opt/openclaw/.env StandardOutput=journal StandardError=journal

[Install] WantedBy=multi-user.target ```

Enable and start:

```bash sudo systemctl daemon-reload sudo systemctl enable --now openclaw sudo systemctl status openclaw ```

Reverse Proxy with Nginx

Install Nginx and create a site configuration:

```bash sudo apt install nginx -y sudo nano /etc/nginx/sites-available/openclaw ```

```nginx server { listen 80; server_name yourdomain.com;

location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_cache_bypass $http_upgrade;
}

} ```

```bash sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl reload nginx ```

Caddy alternative: If you prefer Caddy, it handles SSL automatically. A two-line Caddyfile:

``` yourdomain.com { reverse_proxy localhost:3000 } ```

Caddy will obtain and renew Let's Encrypt certificates without any additional steps.

SSL with Let's Encrypt (Nginx path)

```bash sudo apt install certbot python3-certbot-nginx -y sudo certbot --nginx -d yourdomain.com ```

Certbot will modify your Nginx config, redirect HTTP to HTTPS, and schedule automatic renewal. Test renewal with:

```bash sudo certbot renew --dry-run ```

Monitoring

Logs

```bash

Live application logs

sudo journalctl -u openclaw -f

Nginx access and error logs

sudo tail -f /var/log/nginx/access.log sudo tail -f /var/log/nginx/error.log ```

Uptime monitoring

Sign up for a free tier of UptimeRobot or Better Uptime and add an HTTP monitor pointing to your domain. You will receive alerts if the service goes down.

Resource monitoring

```bash sudo apt install htop -y htop ```

For persistent metrics, consider installing Netdata (free, self-hosted) for comprehensive monitoring.

Backup Strategy

Never run a production service without backups.

Database backup (PostgreSQL):

```bash

Add to crontab: sudo crontab -e

0 3 * * * pg_dump openclaw | gzip > /var/backups/openclaw-$(date +%F).sql.gz ```

Off-site copy:

Use rclone to sync /var/backups/ to Backblaze B2 or an S3-compatible bucket daily. Hetzner Object Storage works well if you are already on Hetzner.

Retention:

Keep daily backups for 7 days, weekly for 4 weeks. Test a restore at least once a month.

Maintenance Checklist

  • OS patches: `sudo apt update && sudo apt upgrade -y` weekly
  • OpenClaw updates: `cd /opt/openclaw && git pull && npm ci --production && sudo systemctl restart openclaw`
  • SSL renewal: Certbot auto-renews; verify with `certbot renew --dry-run` monthly
  • Log rotation: Nginx and journald handle this automatically
  • Firewall review: Run `sudo ufw status` after any infrastructure change

Is Managed Hosting Right for You?

Self-hosting OpenClaw is rewarding if you enjoy infrastructure work. But it is not free — expect to invest 2–4 hours getting everything right and a recurring time budget for patches, restarts, and incident response.

OneClaw managed hosting handles all of the above for you: provisioning, SSL, updates, backups, and 24/7 monitoring are included. Your instance is live in minutes, not hours. For teams, startups, or anyone whose time is better spent on their product than on sysadmin tasks, managed hosting is the more practical choice.

Explore more self-hosting topics in our guides section, or follow the Docker guide if you prefer a containerised deployment.

Frequently Asked Questions

What are the minimum server requirements to run OpenClaw?
OpenClaw requires at minimum 1 vCPU, 1 GB RAM, and 10 GB SSD storage. For production workloads handling multiple users, 2 vCPUs and 2–4 GB RAM is recommended. A 64-bit Linux OS (Ubuntu 22.04 LTS is preferred) and a static IP address are also required.
Which VPS provider is best for OpenClaw hosting?
Hetzner is the best value for most users, offering 2 vCPUs and 4 GB RAM for around €3.79/month. DigitalOcean and Linode are good alternatives with more mature ecosystems, while Vultr offers competitive pricing with global data centers. All four providers work well with OpenClaw.
Can I run OpenClaw on a Mac Mini?
Yes, a Mac Mini (especially the M-series models) is a capable OpenClaw host with excellent single-thread performance. However, it requires a static IP or dynamic DNS setup, port forwarding on your router, and you are responsible for power, cooling, and uptime. A VPS eliminates all of these concerns.
How long does it take to set up OpenClaw on a VPS?
From provisioning a fresh VPS to having OpenClaw live behind SSL typically takes 2 to 4 hours for someone comfortable with Linux. This includes OS hardening, dependency installation, reverse proxy configuration, and SSL setup. OneClaw managed hosting (/pricing) gets you running in minutes with zero configuration.
Do I need a domain name to self-host OpenClaw?
You do not strictly need a domain name — you can access OpenClaw via its public IP address. However, a domain name is required to obtain a free SSL certificate from Let's Encrypt and is strongly recommended for any production deployment.
How do I keep my self-hosted OpenClaw up to date?
Pull the latest release from the OpenClaw repository, rebuild or replace the binary, and restart the systemd service. Setting up a simple cron job or a GitHub Actions workflow to watch for new releases can automate the notification process.
Is self-hosting OpenClaw secure?
Self-hosting is secure when configured correctly. This means keeping the OS and dependencies patched, running OpenClaw as a non-root user, using a firewall (ufw), enabling fail2ban, and terminating TLS at the reverse proxy layer. Missing any of these steps introduces risk, which is one reason many teams choose OneClaw managed hosting (/pricing).

Ready to Deploy OpenClaw?

Get your AI assistant running in under 60 seconds with OneClaw.

Get Started Free
Back to all posts