OpenClaw VPS Setup: Deploy on DigitalOcean, AWS, Hostinger & More (2026)

Quick Answer: Deploy OpenClaw on a VPS for $5-24/month with 24/7 uptime. SSH into an Ubuntu 22.04 server, run curl -sSL https://get.openclaw.ai/install.sh | bash --install-daemon, and your AI agent runs independently. Oracle Cloud offers a free tier with 4 ARM CPUs and 24 GB RAM.

This guide compares six VPS providers, walks through generic and provider-specific setup steps, covers reverse proxy options (Cloudflare Tunnel, Nginx, Caddy, Tailscale), security hardening, and provides a full cost breakdown.

Why Use a VPS for OpenClaw?

Your AI agent needs to run 24/7 to handle incoming messages, scheduled automations, and time-sensitive workflows. Here is how the three deployment options compare.

Laptop / Desktop

Limited
  • Stops when your computer sleeps or shuts down
  • Missed follow-ups, dead automations, lost leads
  • Fine for testing — not for production

Dedicated Device (Pi / Mini PC)

Moderate
  • Runs 24/7 if home internet and power stay up
  • No datacenter-grade uptime or redundancy
  • Good budget option if you accept some risk

VPS (Cloud Server)

Recommended
  • Datacenter uptime (99.9%+), redundant power and network
  • Security isolation — separate from your personal devices
  • Remote access from anywhere, easy backups and snapshots

Which VPS Provider Should You Choose?

All six providers work with OpenClaw. Choose based on budget, free tier availability, and whether you want a 1-click deployment option.

ProviderStarting PriceRAMCPU1-Click DeployFree Tier
Oracle CloudFree24 GB4 ARMNoYes (Always Free)
Hostinger$5/mo2 GB1 vCPUDockerNo
DigitalOcean$4/mo1 GB1 vCPUOpenClaw AppNo
AWS Lightsail$5/mo1 GB2 vCPUNo3 mo free
Vultr$4/mo1 GB1 vCPUNoNo
Hetzner€4/mo2 GB1 vCPUNoNo

How Do You Set Up OpenClaw on a VPS Step by Step?

These steps work on any VPS provider. From zero to a running OpenClaw agent in about 20 minutes.

Step 1: Create Ubuntu 22.04/24.04 VPS (2 GB+ RAM)

Sign up with your chosen provider, create an Ubuntu 22.04 or 24.04 instance, and add your SSH public key. Select at least 2 GB RAM and 10 GB disk. Enable automatic backups if available.

  • Choose Ubuntu 22.04 LTS or 24.04 LTS as the OS
  • Select a plan with 2 GB+ RAM (4 GB recommended)
  • Add your SSH public key during instance creation
  • Note the server's public IP address after provisioning

Step 2: SSH into your server

Connect to your new VPS over SSH. Use the root user or the default user provided by your cloud provider.

  • Run: ssh root@YOUR_IP
  • Accept the host fingerprint on first connection
  • If using a non-root user: ssh ubuntu@YOUR_IP (then prefix with sudo)
  • Tip: Add an SSH alias in ~/.ssh/config for convenience

Step 3: Run the OpenClaw installer

Execute the one-line installer that downloads OpenClaw, installs Node.js 22+, and registers a systemd daemon for automatic start on boot.

  • Run: curl -sSL https://get.openclaw.ai/install.sh | bash --install-daemon
  • The script installs Node.js 22+ if not present
  • Registers openclaw as a systemd service (auto-restarts on crash)
  • Takes 2-5 minutes depending on server speed

Step 4: Complete the setup wizard

The interactive wizard guides you through selecting your AI provider, entering your API key, and optionally pairing a messaging platform.

  • Select AI provider: Anthropic (Claude), OpenAI, or OpenRouter
  • Paste your API key when prompted
  • Optionally pair Telegram, WhatsApp, or Discord
  • The wizard writes your configuration to ~/.openclaw/openclaw.json

Step 5: Verify the installation

Confirm the daemon is running and send a test message to make sure everything works end to end.

  • Run: openclaw status (should show 'running')
  • Run: openclaw test (sends a test message)
  • Access dashboard: http://YOUR_IP:18789?token=YOUR_TOKEN
  • Check logs: journalctl -u openclaw -f

Step 6: Harden security

Lock down your VPS so OpenClaw is not exposed directly to the internet. Bind to localhost, enable a firewall, and use Tailscale or a Cloudflare Tunnel for remote access.

  • Bind gateway to 127.0.0.1 in openclaw.json (not 0.0.0.0)
  • Run: sudo ufw allow 22 && sudo ufw enable
  • Install Tailscale for private remote access (or Cloudflare Tunnel)
  • See the Security Hardening section below for full details

Provider-Specific Setup Guides

Each provider has slightly different interfaces and options. Follow the guide for your chosen provider.

DigitalOcean Setup

1-Click App or manual Droplet

  1. 1Create a DigitalOcean account at digitalocean.com
  2. 2Option A: Search the Marketplace for "OpenClaw" and deploy the 1-Click App
  3. 3Option B: Create a Droplet — Ubuntu 22.04, Basic plan, $4/mo (1 GB RAM)
  4. 4Add your SSH key during Droplet creation
  5. 5SSH in: ssh root@YOUR_DROPLET_IP
  6. 6If using Option B, run the installer: curl -sSL https://get.openclaw.ai/install.sh | bash --install-daemon
  7. 7Complete the setup wizard and verify with openclaw status

AWS Lightsail / EC2 Setup

3 months free on Lightsail

  1. 1Go to lightsail.aws.amazon.com and create an instance
  2. 2Select Linux/Unix, OS Only, Ubuntu 22.04 LTS
  3. 3Choose the $5/mo plan (1 GB RAM, 2 vCPU) — first 3 months free
  4. 4Create and download your SSH key pair
  5. 5SSH in: ssh -i YOUR_KEY.pem ubuntu@YOUR_IP
  6. 6Run: curl -sSL https://get.openclaw.ai/install.sh | bash --install-daemon
  7. 7For EC2: use a t3.small or t3.medium instance with the same Ubuntu AMI
  8. 8Open port 22 in the Lightsail firewall (SSH only — keep 18789 closed)

Hostinger VPS Setup

1-Click Docker template available

  1. 1Purchase a Hostinger VPS plan (KVM 1 at $5/mo or higher)
  2. 2Select Ubuntu 22.04 as the operating system
  3. 3Option A: Use the 1-Click Docker template, then pull the OpenClaw image
  4. 4Option B: Use plain Ubuntu and run the standard installer
  5. 5SSH in using the credentials from your Hostinger dashboard
  6. 6Run: curl -sSL https://get.openclaw.ai/install.sh | bash --install-daemon
  7. 7If using Docker: docker run -d --name openclaw --restart unless-stopped openclaw/openclaw:latest

Oracle Cloud Free Tier

Always Free — 4 ARM CPUs, 24 GB RAM

  1. 1Create an Oracle Cloud account at cloud.oracle.com (credit card required for verification, never charged)
  2. 2Navigate to Compute > Instances > Create Instance
  3. 3Select Ampere (ARM) shape: VM.Standard.A1.Flex
  4. 4Configure: 4 OCPUs, 24 GB RAM (within Always Free limits)
  5. 5Choose Ubuntu 22.04 as the image, add your SSH public key
  6. 6SSH in: ssh ubuntu@YOUR_ORACLE_IP
  7. 7Run: curl -sSL https://get.openclaw.ai/install.sh | bash --install-daemon
  8. 8Note: Oracle's default firewall blocks all ports — open port 22 in both the subnet security list and iptables

How Do You Set Up a Reverse Proxy and SSL?

You need a reverse proxy for SSL, custom domains, and webhook endpoints. Here are the four main options — Cloudflare Tunnel is recommended for most users.

Cloudflare Tunnel (Recommended)

RECOMMENDED

Zero-config SSL, DDoS protection, and no open ports required. Cloudflare Tunnel creates an outbound connection from your VPS to Cloudflare's edge network — no public IP exposure needed.

  1. 1Install cloudflared: curl -sSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflared
  2. 2Authenticate: cloudflared tunnel login
  3. 3Create tunnel: cloudflared tunnel create openclaw
  4. 4Configure: route your domain to http://localhost:18789
  5. 5Run as service: cloudflared service install

Nginx + Let's Encrypt

Traditional reverse proxy with free SSL from Let's Encrypt. Requires a domain name pointed at your VPS IP and port 80/443 open.

  1. 1Install: sudo apt install nginx certbot python3-certbot-nginx
  2. 2Create /etc/nginx/sites-available/openclaw with proxy_pass to localhost:18789
  3. 3Enable: sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
  4. 4Get SSL: sudo certbot --nginx -d your-domain.com
  5. 5Auto-renewal is configured by certbot automatically

Caddy (Auto-HTTPS)

Caddy automatically provisions and renews SSL certificates. Minimal configuration — just specify your domain and the upstream address.

  1. 1Install Caddy: sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg && echo 'deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main' | sudo tee /etc/apt/sources.list.d/caddy-stable.list && sudo apt update && sudo apt install caddy
  2. 2Edit /etc/caddy/Caddyfile: your-domain.com { reverse_proxy localhost:18789 }
  3. 3Reload: sudo systemctl reload caddy
  4. 4Caddy provisions SSL automatically on first request

Tailscale (Private Access)

No public exposure at all. Tailscale creates an encrypted mesh VPN between your devices. Access OpenClaw through a private Tailscale IP — no domain, no ports, no firewall rules needed.

  1. 1Install on VPS: curl -fsSL https://tailscale.com/install.sh | sh && sudo tailscale up
  2. 2Install on your local device: tailscale.com/download
  3. 3Access OpenClaw at http://100.x.x.x:18789 (Tailscale IP)
  4. 4Optional: Enable Tailscale HTTPS for automatic certs on *.ts.net domains
  5. 5Combine with Cloudflare Tunnel if you also need public webhook endpoints

How Do You Harden VPS Security for OpenClaw?

A VPS connected to the internet requires security hardening. The first two items are critical — everything else is strongly recommended.

Bind to localhost

CRITICAL

Set the gateway bind address to 127.0.0.1 in openclaw.json. This ensures the dashboard and API are only accessible from the server itself — not from the public internet.

"bindAddress": "127.0.0.1"

UFW Firewall

CRITICAL

Enable the Uncomplicated Firewall and allow only SSH. Block all other inbound traffic by default. If using a reverse proxy on the same server, allow ports 80 and 443.

sudo ufw allow 22 && sudo ufw enable

Tailscale for Remote Access

Instead of exposing ports, install Tailscale to create a private encrypted network between your VPS and your devices. Access the dashboard through the Tailscale IP.

curl -fsSL https://tailscale.com/install.sh | sh && sudo tailscale up

Docker Isolation

Run OpenClaw inside a Docker container with no-new-privileges, dropped capabilities, and a non-root user. This limits blast radius if a malicious skill is installed.

docker run -d --security-opt no-new-privileges --cap-drop ALL openclaw/openclaw:latest

Fail2Ban for SSH

Install fail2ban to automatically block IPs that fail SSH login attempts. This prevents brute-force attacks on your VPS.

sudo apt install fail2ban && sudo systemctl enable fail2ban
Read the full OpenClaw Security Guide

How Much Does It Cost to Run OpenClaw on a VPS?

Total monthly cost depends on your VPS provider and AI API usage. OpenClaw itself is free (MIT license). Here is a full breakdown.

ItemMonthlyAnnualNotes
Oracle Cloud VPS (free tier)$0$04 ARM CPUs, 24 GB RAM — Always Free
Hostinger VPS (KVM 1)$5$602 GB RAM, 1 vCPU
DigitalOcean Droplet (Basic)$6$721 GB RAM, 1 vCPU, 25 GB SSD
AWS Lightsail$5$601 GB RAM, 2 vCPU (first 3 mo free)
AI API tokens (light use)$5-10$60-120Claude Haiku or GPT-4o Mini
AI API tokens (heavy use)$30-50$360-600Claude Sonnet or GPT-4o
Domain name (optional)~$1$10-15Required only for public webhooks
Cloudflare (free plan)$0$0DNS, CDN, Tunnel, DDoS protection

Bottom Line

Free option: Oracle Cloud free tier + Claude Haiku or local Ollama models = $0-5/month total. Budget option: Hostinger VPS + Claude Haiku = $10-15/month. Performance option: DigitalOcean 4 GB droplet + Claude Sonnet = $30-75/month. OpenClaw itself is always free.

Stop Wasting 40-60% of Your AI Budget

Download the free '6 Token Drains' guide — identify the hidden patterns burning through your tokens and get copy-paste fixes for each one.

Read the Free Guide
See what we've built for real businesses →

Want Step-by-Step Guidance?

Our workshop walks you through VPS setup, configuration, and security hardening. One payment, no subscriptions, 30-day guarantee.

Save 10+ hours/week Cut AI costs by 97% Deploy in under 20 min

Get the Automation Playbook (Free)

One deploy-ready automation every week. Same strategies our clients pay thousands for. 400+ business owners already inside.

Need it done for you?

Book a Free Strategy Call See what we've built for real businesses →

Frequently Asked Questions

Related Guides

How to Install OpenClaw OpenClaw Setup Guide Docker Setup Guide Ollama Local Models Guide Security Guide API Integration Guide WhatsApp Automation Telegram Automation
Is OpenClaw Safe? Pricing Guide Custom Build (clawrevops.ai) Done-For-You Builds

Related Setup Guides Guides

OpenClaw Setup GuideHow To Install OpenClawOpenClaw Mac SetupOpenClaw Windows SetupWhat Is OpenClaw?Is OpenClaw Safe?