OpenClaw.ai how to install on a virtual server (VPS/VDS) - step-by-step

This guide explains a practical, VPS-friendly way to install OpenClaw.ai and run it reliably 24/7: you will prepare the OS, install the CLI, enable a background service, and apply basic security so the web access is not exposed carelessly. Ubuntu LTS is usually the easiest choice because package updates are predictable and tooling is widely documented. If you still need a server, start with Virtual Servers (VPS/VDS). For most deployments, 2 vCPU, 2–4 GB RAM and SSD storage is a reasonable baseline. If you plan heavy logging, integrations, or larger workloads, allocate extra RAM and disk to avoid instability.

Prepare the VPS

Connect via SSH, update the system, and install common utilities: curl, CA certificates, git, and ufw (a simple firewall). Avoid working as root long-term: create a separate user, grant sudo, and use SSH keys when possible. Enable the firewall early and keep only SSH open; add 80/443 later when you have a reverse proxy and HTTPS in place. These steps reduce accidental exposure and make the server easier to maintain.

sudo apt update && sudo apt -y upgrade
sudo apt -y install curl ca-certificates git ufw
sudo ufw allow OpenSSH
sudo ufw enable

Install OpenClaw.ai

The fastest path is the official installer script, which typically checks dependencies and installs the OpenClaw CLI. After the script finishes, restart your shell session so PATH changes are applied correctly. Then run onboarding. On a VPS, it is recommended to install a daemon/systemd service so OpenClaw automatically starts after a reboot and logs are collected in a consistent place for debugging.

curl -fsSL https://openclaw.ai/install.sh | bash
openclaw onboard --install-daemon

Service checks and troubleshooting

Verify the systemd service status and read recent logs. If the service fails, the most common causes are missing environment variables, incorrect file permissions, or a port conflict. Use ss to inspect listening ports, and ensure the service runs under the intended user with access to the working directory and configuration files. A clean service setup is what keeps the deployment stable during upgrades and restarts.

systemctl status openclaw
journalctl -u openclaw -n 100 --no-pager
sudo ss -tulpn | head

Publish the dashboard safely

If OpenClaw exposes a local web UI (for example on 127.0.0.1:PORT), do not bind it directly to the public internet. Use Nginx as a reverse proxy, enforce HTTPS, and add access controls. A minimum setup is TLS + Basic Auth; stronger options include IP allow-listing or SSO. Use a dedicated hostname (subdomain) to keep routing, certificates, and security policies simple. Consider rate limiting and access logs to reduce brute-force risk and improve observability.

Updates and operations

Apply OS security updates regularly, back up configuration and any persistent data, and rotate tokens/keys instead of keeping permanent secrets. Grant integrations only the permissions they truly need. Be conservative with third-party extensions/skills: prefer trusted sources and pin versions so updates are controlled. For production-like usage, add basic monitoring: uptime checks for the service endpoint and notifications when the process restarts or becomes unavailable.

FAQ

• CLI not found: reconnect to SSH, check which openclaw and your PATH.
• Port is in use: find the process with sudo ss -tulpn | grep :PORT and adjust config.
• Service keeps restarting: inspect journalctl -u openclaw -e, verify permissions/env.
• Need a VPS for deployment: pick a plan on Virtual Servers.