How to Install OpenClaw on a Psychz cVirtual VPS
Publisher: Psychz Networks, May 16,2026This guide explains how to install OpenClaw on a Psychz cVirtual VPS using Ubuntu 24.04 LTS. OpenClaw can run on a Linux server or cloud VPS, making it a good fit for users who want an always-on AI assistant environment with persistent state, workspace files, remote access, and secure server control.
If you previously saw OpenClaw referred to as Clawdbot or Moltbot in older tutorials, use this updated OpenClaw guide instead. This article is written for users who want to host OpenClaw on a VPS instead of running it only on a local laptop or desktop.
For most OpenClaw users, we recommend starting with a Psychz cVirtual VPS running Ubuntu 24.04 LTS, 2 vCPU, 8 GB RAM, and 40 GB or more of NVMe storage. Heavier browser automation, multiple integrations, larger workspaces, or business use may require 4 vCPU, 16 GB RAM, and additional storage.
What You Will Install
In this guide, you will:
- Deploy a Psychz cVirtual VPS.
- Install Ubuntu 24.04 LTS.
- Secure basic SSH and firewall access.
- Install Docker Engine and Docker Compose v2.
- Install and start OpenClaw.
- Open the OpenClaw Control UI securely through an SSH tunnel.
- Run basic health checks.
- Review update, backup, and troubleshooting commands.
Recommended cVirtual VPS Specs for OpenClaw
OpenClaw can run on different VPS sizes, but the right plan depends on how much automation, browser activity, storage, and background processing you expect to use.
| Use case | Recommended cVirtual specs | Notes |
|---|---|---|
| Testing OpenClaw | 1-2 vCPU, 2-4 GB RAM, 25-40 GB storage | Good for short tests and learning the platform. |
| Personal always-on OpenClaw VPS | 2 vCPU, 8 GB RAM, 40-80 GB NVMe storage | Recommended starting point for most users. |
| Browser automation or multiple integrations | 4 vCPU, 16 GB RAM, 80-160 GB NVMe storage | Better for heavier workflows, browser sessions, and scheduled tasks. |
| Business or team deployment | 4-8 vCPU, 16-32 GB RAM, 160+ GB NVMe storage | Use a dedicated trust boundary, separate credentials, and regular backups. |
OpenClaw's official VPS guidance explains that the Gateway can run on a Linux server or cloud VPS, where the VPS owns the state and workspace while users connect from a laptop or phone through the Control UI, SSH, or Tailscale. Treat the VPS as the source of truth and back up the OpenClaw state and workspace regularly.
Before You Begin
You will need:
- A Psychz cVirtual VPS.
- Ubuntu 24.04 LTS installed on the VPS.
- Root or sudo SSH access.
- A domain name if you plan to configure a reverse proxy later.
- API keys for any AI model providers you want to use with OpenClaw.
- Optional messaging tokens for Telegram, Discord, WhatsApp, Slack, or other channels.
This guide uses a Docker-based OpenClaw deployment because Docker is practical for VPS hosting, upgrades, repeatable setup, and clean service isolation. OpenClaw's Docker documentation lists Docker Engine or Docker Desktop with Docker Compose v2 as prerequisites for containerized Gateway deployments.
Step 1: Order a Psychz cVirtual VPS
Log in to your Psychz Dashboard and order a cVirtual VPS.
- Go to the cVirtual Order Page.
- Select a cVirtual VPS plan and place the order.
- After the order is processed, visit the create page.
- Deploy the VPS.
For most OpenClaw users, start with 2 vCPU, 8 GB RAM, and at least 40 GB of storage. If you expect heavy browser automation or multiple simultaneous workflows, start with a larger plan.
Step 2: Connect to the VPS with SSH
After the VPS is deployed, connect to it over SSH. Replace YOUR_SERVER_IP with the public IP address of your cVirtual VPS.
ssh root@YOUR_SERVER_IP
Step 3: Update Ubuntu
Update the package index and upgrade existing packages:
sudo apt update
sudo apt -y upgrade
Install common utilities that will be useful during the OpenClaw setup:
sudo apt install -y ca-certificates curl gnupg git jq ufw
Step 4: Create a Dedicated OpenClaw User
For better separation, create a dedicated Linux user for OpenClaw instead of running everything directly as root.
sudo adduser openclaw
sudo usermod -aG sudo openclaw
You can continue the setup as this user:
su - openclaw
If you are using SSH keys, add your public key to the new user's ~/.ssh/authorized_keys file before disabling password-based SSH login.
Step 5: Install Docker Engine and Docker Compose v2
OpenClaw's Docker install path requires Docker Engine and Docker Compose v2. The following commands install Docker from Docker's official Ubuntu repository.
sudo apt update
sudo apt install -y ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo ${UBUNTU_CODENAME:-$VERSION_CODENAME}) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Verify Docker and Docker Compose:
docker --version
docker compose version
Allow the openclaw user to run Docker commands:
sudo usermod -aG docker openclaw
Log out and back in so the Docker group change takes effect:
exit
ssh openclaw@YOUR_SERVER_IP
Then test Docker:
docker run hello-world
Step 6: Configure a Basic Firewall
Before starting OpenClaw, configure a simple firewall. In most secure VPS deployments, SSH is the only public service that needs to be reachable. The OpenClaw Gateway should usually remain private and be accessed through an SSH tunnel, VPN, or private network.
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status verbose
Do not open the OpenClaw Gateway port to the public internet unless you understand the security implications and have strong authentication, TLS, firewall restrictions, and monitoring in place.
Step 7: Install OpenClaw
There are two common ways to install OpenClaw on a VPS: the standard installer script or the Docker-based install. For an always-on VPS deployment, Docker is often preferred because it keeps the Gateway easier to manage, replace, and update.
Option A: Docker-Based Install
Clone the OpenClaw repository:
git clone https://github.com/openclaw/openclaw.git
cd openclaw
Run the Docker setup script:
./scripts/docker/setup.sh
The setup process builds or prepares the Gateway container, runs onboarding, prompts for provider API keys, generates a Gateway token, writes that token to the environment file, and starts the Gateway through Docker Compose.
If you prefer to use the prebuilt OpenClaw container image instead of building locally, run:
export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh
Option B: Standard Installer Script
If you do not want to use Docker for the Gateway, OpenClaw also provides an installer script for Linux, macOS, and WSL2. The installer detects the operating system, installs Node if needed, installs OpenClaw, and launches onboarding.
curl -fsSL https://openclaw.ai/install.sh | bash
To install without launching onboarding immediately, use:
curl -fsSL https://openclaw.ai/install.sh | bash -s -- --no-onboard
For most VPS users, the Docker-based install is the better starting point because it is easier to manage as a service and keeps the deployment more repeatable.
Step 8: Open the OpenClaw Control UI Securely
OpenClaw commonly uses the local Control UI at:
http://127.0.0.1:18789/
On a remote VPS, do not expose this directly to the public internet. Use an SSH tunnel from your local computer instead. Run this command on your local machine, not inside the VPS:
ssh -L 18789:127.0.0.1:18789 openclaw@YOUR_SERVER_IP
Then open this URL in your local browser:
http://127.0.0.1:18789/
Paste the configured shared secret or Gateway token when prompted. The Docker setup script writes a token to the environment file by default.
If you need to fetch a dashboard link from the Docker deployment, run this from the OpenClaw repository directory on the VPS:
docker compose run --rm openclaw-cli dashboard --no-open
Step 9: Verify OpenClaw Is Running
Check the running Docker containers:
docker compose ps
View OpenClaw Gateway logs:
docker compose logs -f openclaw-gateway
Check the local health endpoints from the VPS:
curl -fsS http://127.0.0.1:18789/healthz
curl -fsS http://127.0.0.1:18789/readyz
If health checks fail, review the container logs and confirm that Docker Compose started the Gateway correctly.
Step 10: Configure OpenClaw Channels
OpenClaw can connect to messaging channels such as WhatsApp, Telegram, Discord, and others depending on your setup. Use the OpenClaw CLI container to configure channels after the Gateway is running.
Example commands:
# WhatsApp QR login
docker compose run --rm openclaw-cli channels login
# Telegram bot token
docker compose run --rm openclaw-cli channels add --channel telegram --token "YOUR_TELEGRAM_BOT_TOKEN"
# Discord bot token
docker compose run --rm openclaw-cli channels add --channel discord --token "YOUR_DISCORD_BOT_TOKEN"
Only add the channels you actually need. Every connected channel increases the importance of allowlists, permissions, and monitoring.
Step 11: Secure the OpenClaw Gateway
OpenClaw should be treated as a privileged automation system. It may control tools, files, browser sessions, APIs, messaging channels, and agent workflows. Do not expose it like a basic public website.
Recommended security baseline:
- Keep the Gateway private whenever possible.
- Access the Control UI through SSH tunnel, Tailscale, WireGuard, or VPN.
- Use a long random Gateway token.
- Do not use weak human-created passwords.
- Keep the VPS firewall enabled.
- Do not open port 18789 publicly unless you have a specific reason.
- Run OpenClaw as a dedicated Linux user.
- Keep OpenClaw, Docker, and Ubuntu updated.
- Back up OpenClaw state and workspace directories.
- Use one Gateway per trust boundary.
OpenClaw's VPS documentation recommends keeping the Gateway on loopback as the secure default and accessing it through SSH tunnel or Tailscale. If you bind the Gateway to a LAN or tailnet interface, require Gateway token or password authentication.
Step 12: Run an OpenClaw Security Audit
After installation and after major configuration changes, run the OpenClaw security audit.
For a standard install, use:
openclaw security audit
openclaw security audit --deep
For a Docker install, run the audit through the CLI container:
docker compose run --rm openclaw-cli security audit
docker compose run --rm openclaw-cli security audit --deep
If OpenClaw reports fixable issues, review them before applying automatic changes:
docker compose run --rm openclaw-cli security audit --fix
The security audit can help identify common configuration problems such as exposed Gateway APIs, unsafe channel policies, weak logging redaction settings, and overly permissive file permissions.
Step 13: Enable OpenClaw Sandbox Mode
Sandboxing helps reduce risk when agents execute tools, run shell commands, read or write files, or process untrusted content. OpenClaw's Docker documentation explains that when agent sandboxing is enabled, agent tool execution can run inside isolated Docker containers while the Gateway remains separate.
To opt in to sandbox setup during Docker installation, run:
export OPENCLAW_SANDBOX=1
./scripts/docker/setup.sh
If OpenClaw is already installed, review the current sandbox configuration and apply the sandbox settings recommended by the official OpenClaw documentation for your deployment model.
Sandboxing is strongly recommended for deployments where agents may use shell access, browser automation, file operations, plugins, or tools that process external content.
Step 14: Understand Where OpenClaw Stores Data
In Docker Compose deployments, OpenClaw bind-mounts the configuration directory and workspace directory so they survive container replacement. These directories may include behavior configuration, provider OAuth or API key auth profiles, Gateway token environment variables, workspace files, logs, session files, and other runtime data.
Because these files may contain sensitive information, protect them with proper permissions and regular backups.
Common data to back up includes:
- OpenClaw configuration files.
- Workspace files.
- Authentication profiles.
- Environment files.
- Docker Compose files.
- Important logs and session history, if needed.
Do not publish these files publicly or paste them into support tickets without removing secrets first.
Step 15: Start, Stop, and Restart OpenClaw
From the OpenClaw repository directory, use Docker Compose to manage the Gateway.
Start OpenClaw:
docker compose up -d
Stop OpenClaw:
docker compose down
Restart OpenClaw:
docker compose restart openclaw-gateway
View logs:
docker compose logs -f openclaw-gateway
Check container status:
docker compose ps
Step 16: Update OpenClaw
Keep OpenClaw updated. Updates may include bug fixes, compatibility improvements, and security patches.
If you installed from the Git repository and build locally:
cd ~/openclaw
git pull
./scripts/docker/setup.sh
docker compose up -d
If you use the prebuilt container image:
cd ~/openclaw
export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh
docker compose up -d
After updating, run:
docker compose ps
docker compose logs --tail=100 openclaw-gateway
docker compose run --rm openclaw-cli security audit
Step 17: Back Up Your OpenClaw VPS
Because the VPS owns OpenClaw state and workspace data, backups are important. Back up your OpenClaw configuration, workspace, environment files, and deployment files before major updates.
A simple backup example:
mkdir -p ~/openclaw-backups
tar -czf ~/openclaw-backups/openclaw-backup-$(date +%F).tar.gz \
~/.openclaw \
~/openclaw/docker-compose.yml \
~/openclaw/.env 2>/dev/null
Store backups in a secure location. If backups contain tokens, API keys, browser session data, or workspace files, treat them as sensitive data.
Recommended Production Hardening
For a production or always-on OpenClaw VPS, use this hardening checklist:
| Area | Recommended setting |
|---|---|
| Operating system | Ubuntu 24.04 LTS with regular security updates |
| SSH | SSH keys, no password login, no direct root password login |
| Firewall | Default deny inbound; allow only SSH and required private access |
| Gateway access | Loopback, SSH tunnel, Tailscale, WireGuard, or VPN |
| Gateway auth | Long random token or strong authentication |
| Runtime user | Dedicated Linux user for OpenClaw |
| Docker | Docker Engine with Docker Compose v2 |
| Sandboxing | Enable for tool execution where possible |
| Backups | Regular backups of state, workspace, and configuration |
| Auditing | Run OpenClaw security audit after install and configuration changes |
Troubleshooting OpenClaw on a VPS
Docker Compose Is Not Found
Use the modern Docker Compose v2 command:
docker compose version
If this fails, install the Docker Compose plugin:
sudo apt install -y docker-compose-plugin
Permission Denied When Running Docker
If your user cannot run Docker commands, add the user to the Docker group:
sudo usermod -aG docker openclaw
Log out and back in, then test again:
docker run hello-world
OpenClaw Container Is Unhealthy
Check the logs:
docker compose logs -f openclaw-gateway
Then check health endpoints locally on the VPS:
curl -fsS http://127.0.0.1:18789/healthz
curl -fsS http://127.0.0.1:18789/readyz
The OpenClaw UI Does Not Load from My Browser
Make sure you are using an SSH tunnel from your local computer:
ssh -L 18789:127.0.0.1:18789 openclaw@YOUR_SERVER_IP
Then open:
http://127.0.0.1:18789/
Do not try to open the Gateway directly through the public VPS IP unless you intentionally configured secure public access.
OpenClaw Build Fails with Exit 137
Exit 137 usually means the process was killed because the VPS ran out of memory. OpenClaw's Docker documentation notes that at least 2 GB RAM is needed for image builds, and 1 GB hosts may be OOM-killed during install.
Use a larger cVirtual VPS or add more memory before trying again.
Permission Errors on OpenClaw Config or Workspace Files
The OpenClaw Docker image runs as the node user with uid 1000. If you see permission errors on mounted OpenClaw directories, fix ownership:
sudo chown -R 1000:1000 /path/to/openclaw-config
sudo chown -R 1000:1000 /path/to/openclaw-workspace
Replace the paths with the actual directories used by your deployment.
Unauthorized or Pairing Required in the Control UI
Fetch a fresh dashboard link:
docker compose run --rm openclaw-cli dashboard --no-open
Then approve the browser device and use the current Gateway token or shared secret.
OpenClaw VPS Installation FAQ
Can OpenClaw run on a VPS?
Yes. OpenClaw can run on a Linux server or cloud VPS. This is useful when you want the OpenClaw Gateway, state, workspace, and automation environment to stay online even when your local computer is turned off.
What VPS specs do I need for OpenClaw?
For most users, start with 2 vCPU, 8 GB RAM, and 40-80 GB NVMe storage. For heavier browser automation, multiple integrations, team use, or larger workspaces, use 4 vCPU, 16 GB RAM, and more storage.
What operating system should I use?
Ubuntu 24.04 LTS is recommended for this guide because it is stable, widely supported, and works well with Docker Engine and Docker Compose v2.
Does OpenClaw require Docker?
No. Docker is optional, but it is a strong choice for VPS deployments because it provides a repeatable containerized Gateway environment. OpenClaw also supports a standard installer script and package-based installation methods.
Does OpenClaw require a GPU?
No. A GPU is not required for typical OpenClaw Gateway deployments that use hosted AI model APIs. A GPU is only relevant if you plan to run local models or GPU-heavy workloads on the same server.
Should I expose OpenClaw port 18789 to the internet?
Usually no. The safer method is to keep the Gateway private and access it through SSH tunneling, Tailscale, WireGuard, or a VPN. If you expose any OpenClaw service publicly, use strong authentication, firewall restrictions, TLS, updates, and monitoring.
Where does OpenClaw store important data?
OpenClaw may store configuration, workspace files, authentication profiles, environment secrets, session logs, and runtime data in its configuration and workspace directories. Back these up regularly and protect them as sensitive data.
How do I update OpenClaw on a VPS?
If you installed from the Git repository, pull the latest changes and rerun the Docker setup script. If you use the prebuilt image, pull or configure the latest image, restart the containers, and run a security audit after updating.
Can I use OpenClaw for a team?
Yes, but only when the team shares the same trust boundary. If users, departments, customers, or projects should not share credentials, tools, browser profiles, or workspace access, use separate Gateways, OS users, or VPS instances.
Why Use Psychz cVirtual for OpenClaw?
Psychz cVirtual is a good fit for users who want to run OpenClaw on an always-on VPS with Linux control, NVMe storage, unmetered bandwidth, DDoS protection options, and global data center choices.
OpenClaw benefits from a stable VPS because the Gateway owns the state and workspace. A properly sized cVirtual VPS gives OpenClaw a persistent environment for remote access, integrations, automation, logs, workspace files, and scheduled workflows.
For most users, start with a cVirtual VPS using Ubuntu 24.04 LTS, 2 vCPU, 8 GB RAM, and 40 GB or more of NVMe storage. Scale up to 4 vCPU, 16 GB RAM, and larger storage if you use heavy browser automation, multiple agents, or business workflows.
Final Recommendation
OpenClaw works well on a VPS when the server has enough RAM, fast storage, secure remote access, and reliable uptime. For most users, the best starting point is a Psychz cVirtual VPS with Ubuntu 24.04 LTS, 2 vCPU, 8 GB RAM, and 40 GB or more of NVMe storage.
Keep the Gateway private, use SSH tunneling or a VPN for access, run regular security audits, back up the state and workspace, and scale your cVirtual resources as your OpenClaw workflows grow.