How to Install OpenClaw on a Psychz cVirtual VPS
Publisher: Psychz Networks, May 16,2026This guide explains how to install OpenClaw on a Psychz cVirtual VPS using Ubuntu 24.04 LTS. OpenClaw can run on a Linux server or cloud VPS, making it a practical option for users who want an always-on AI assistant environment with persistent state, workspace files, remote access, and secure server control.
If you previously saw OpenClaw referred to as Clawdbot or Moltbot in older tutorials, use this updated OpenClaw guide instead. This article is written for users who want to host OpenClaw on a VPS instead of running it only on a local laptop or desktop.
For most OpenClaw users, we recommend starting with a Psychz cVirtual VPS running Ubuntu 24.04 LTS, 2 vCPU, 8 GB RAM, and 40 GB or more of NVMe storage. Heavier browser automation, multiple integrations, larger workspaces, or business use may require 4 vCPU, 16 GB RAM, and additional storage.
What This Guide Covers
In this OpenClaw VPS installation guide, you will:
- Deploy a Psychz cVirtual VPS.
- Install Ubuntu 24.04 LTS.
- Connect to the VPS with SSH.
- Update the operating system.
- Create a dedicated OpenClaw Linux user.
- Install Docker Engine and Docker Compose v2.
- Configure a basic firewall.
- Install OpenClaw.
- Open the OpenClaw Control UI securely through an SSH tunnel.
- Run health checks and security audits.
- Back up, update, and troubleshoot OpenClaw.
Recommended cVirtual VPS Specs for OpenClaw
| Use case | Recommended cVirtual specs | Notes |
|---|---|---|
| Testing OpenClaw | 1-2 vCPU, 2-4 GB RAM, 25-40 GB storage | Good for short tests and learning the platform. |
| Personal always-on OpenClaw VPS | 2 vCPU, 8 GB RAM, 40-80 GB NVMe storage | Recommended starting point for most users. |
| Browser automation or multiple integrations | 4 vCPU, 16 GB RAM, 80-160 GB NVMe storage | Better for heavier workflows, browser sessions, and scheduled tasks. |
| Business or team deployment | 4-8 vCPU, 16-32 GB RAM, 160+ GB NVMe storage | Use a dedicated trust boundary, separate credentials, and regular backups. |
OpenClaw's official VPS guidance explains that the Gateway can run on a VPS and own the state and workspace while users connect from a laptop or phone through the Control UI, SSH, or Tailscale. Treat the VPS as the source of truth and back up OpenClaw state and workspace files regularly.
Before You Begin
You will need:
- A Psychz cVirtual VPS.
- Ubuntu 24.04 LTS installed on the VPS.
- Root or sudo SSH access.
- Docker Engine and Docker Compose v2 if using the Docker install method.
- API keys for any AI model providers you want to use with OpenClaw.
- Optional messaging tokens for Telegram, Discord, WhatsApp, Slack, or other channels.
This guide uses a Docker-first installation path because Docker is practical for VPS hosting, upgrades, repeatable setup, and cleaner service management. OpenClaw's Docker documentation lists Docker Engine or Docker Desktop with Docker Compose v2 as prerequisites for containerized Gateway deployments.
Step 1: Order a Psychz cVirtual VPS
Log in to your Psychz Dashboard and order a cVirtual VPS.
- Order by visiting cVirtual VPS plan
- Visit create cVirtual page in the dashboard and choose Ubuntu 24.04 LTS as the operating system.
- Deploy the VPS.
For most OpenClaw users, start with 2 vCPU, 8 GB RAM, and at least 40 GB of storage. If you expect heavy browser automation or multiple simultaneous workflows, choose a larger plan.
Step 2: Connect to the VPS with SSH
After the VPS is deployed, connect to it over SSH. Replace YOUR_SERVER_IP with the public IP address of your cVirtual VPS.
ssh root@YOUR_SERVER_IP
If you created a non-root sudo user during provisioning, connect with that user instead:
ssh username@YOUR_SERVER_IP
Step 3: Update Ubuntu
Update the package index and upgrade existing packages:
sudo apt update
sudo apt -y upgrade
Install common utilities:
sudo apt install -y ca-certificates curl gnupg git jq ufw
Step 4: Create a Dedicated OpenClaw User
For better separation, create a dedicated Linux user for OpenClaw instead of running the application directly as root.
sudo adduser openclaw
sudo usermod -aG sudo openclaw
Switch to the new user:
su - openclaw
If you use SSH keys, add your public key to the new user's ~/.ssh/authorized_keys file before disabling password-based SSH login.
Step 5: Install Docker Engine and Docker Compose v2
OpenClaw's Docker installation path requires Docker Engine and Docker Compose v2. The following commands install Docker from Docker's official Ubuntu repository.
sudo apt update
sudo apt install -y ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo ${UBUNTU_CODENAME:-$VERSION_CODENAME}) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Verify Docker and Docker Compose:
docker --version
docker compose version
Allow the openclaw user to run Docker commands:
sudo usermod -aG docker openclaw
Log out and back in so the Docker group change takes effect:
exit
ssh openclaw@YOUR_SERVER_IP
Test Docker:
docker run hello-world
Step 6: Configure a Basic Firewall
Before starting OpenClaw, configure a simple firewall. In most secure VPS deployments, SSH is the only public service that needs to be reachable. The OpenClaw Gateway should usually remain private and be accessed through an SSH tunnel, VPN, or private network.
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status verbose
Do not open the OpenClaw Gateway port to the public internet unless you understand the security implications and have strong authentication, TLS, firewall restrictions, and monitoring in place.
Step 7: Install OpenClaw
There are two common ways to install OpenClaw on a VPS: the standard installer script or the Docker-based installation path. For an always-on VPS deployment, Docker is often preferred because it is easier to manage, replace, and update.
Option A: Docker-Based Install
Clone the OpenClaw repository:
git clone https://github.com/openclaw/openclaw.git
cd openclaw
Run the Docker setup script from the repository root:
./scripts/docker/setup.sh
The setup process builds or prepares the Gateway image, runs onboarding, prompts for provider API keys, generates a Gateway token, writes that token to the environment file, and starts the Gateway through Docker Compose.
To use the prebuilt OpenClaw container image instead of building locally, run:
export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh
Option B: Standard Installer Script
If you do not want to use Docker for the Gateway, OpenClaw also provides an installer script for Linux, macOS, and WSL2. The installer detects the operating system, installs Node if needed, installs OpenClaw, and launches onboarding.
curl -fsSL https://openclaw.ai/install.sh | bash
To install without launching onboarding immediately, use:
curl -fsSL https://openclaw.ai/install.sh | bash -s -- --no-onboard
For most VPS users, the Docker-based install is the better starting point because it is easier to manage as a service and keeps the deployment more repeatable.
Step 8: Open the OpenClaw Control UI Securely
OpenClaw commonly uses the local Control UI at:
http://127.0.0.1:18789/
On a remote VPS, do not expose this directly to the public internet. Use an SSH tunnel from your local computer instead. Run this command on your local machine, not inside the VPS:
ssh -L 18789:127.0.0.1:18789 openclaw@YOUR_SERVER_IP
Then open this URL in your local browser:
http://127.0.0.1:18789/
Paste the configured shared secret or Gateway token when prompted. The Docker setup script writes a token to the environment file by default.
If you need to fetch a dashboard link from the Docker deployment, run this from the OpenClaw repository directory on the VPS:
docker compose run --rm openclaw-cli dashboard --no-open
Step 9: Verify OpenClaw Is Running
Check the running Docker containers:
docker compose ps
View OpenClaw Gateway logs:
docker compose logs -f openclaw-gateway
Check the local health endpoints from the VPS:
curl -fsS http://127.0.0.1:18789/healthz
curl -fsS http://127.0.0.1:18789/readyz
If health checks fail, review the container logs and confirm that Docker Compose started the Gateway correctly.
Step 10: Configure OpenClaw Channels
OpenClaw can connect to messaging channels such as WhatsApp, Telegram, Discord, and others depending on your setup. Use the OpenClaw CLI container to configure channels after the Gateway is running.
Example commands:
# WhatsApp QR login
docker compose run --rm openclaw-cli channels login
# Telegram bot token
docker compose run --rm openclaw-cli channels add --channel telegram --token "YOUR_TELEGRAM_BOT_TOKEN"
# Discord bot token
docker compose run --rm openclaw-cli channels add --channel discord --token "YOUR_DISCORD_BOT_TOKEN"
Only add the channels you actually need. Every connected channel increases the importance of allowlists, permissions, and monitoring.
Step 11: Secure the OpenClaw Gateway
OpenClaw should be treated as a privileged automation system. It may control tools, files, browser sessions, APIs, messaging channels, and agent workflows. Do not expose it like a basic public website.
Recommended security baseline:
- Keep the Gateway private whenever possible.
- Access the Control UI through SSH tunnel, Tailscale, WireGuard, or VPN.
- Use a long random Gateway token.
- Do not use weak human-created passwords.
- Keep the VPS firewall enabled.
- Do not open port 18789 publicly unless you have a specific reason.
- Run OpenClaw as a dedicated Linux user.
- Keep OpenClaw, Docker, and Ubuntu updated.
- Back up OpenClaw state and workspace directories.
- Use one Gateway per trust boundary.
Step 12: Run an OpenClaw Security Audit
After installation and after major configuration changes, run the OpenClaw security audit.
For a standard install, use:
openclaw security audit
openclaw security audit --deep
For a Docker install, run the audit through the CLI container:
docker compose run --rm openclaw-cli security audit
docker compose run --rm openclaw-cli security audit --deep
If OpenClaw reports fixable issues, review them before applying automatic changes:
docker compose run --rm openclaw-cli security audit --fix
Step 13: Enable OpenClaw Sandbox Mode
Sandboxing helps reduce risk when agents execute tools, run shell commands, read or write files, or process untrusted content. If you want to opt in to sandbox setup during Docker installation, run:
export OPENCLAW_SANDBOX=1
./scripts/docker/setup.sh
Sandboxing is strongly recommended for deployments where agents may use shell access, browser automation, file operations, plugins, or tools that process external content.
Step 14: Understand Where OpenClaw Stores Data
In a VPS deployment, OpenClaw state and workspace files may include configuration, provider auth profiles, Gateway token environment variables, workspace files, logs, session files, and other runtime data.
Back up and protect:
- OpenClaw configuration files.
- Workspace files.
- Authentication profiles.
- Environment files.
- Docker Compose files.
- Important logs and session history, if needed.
Do not publish these files publicly or paste them into support tickets without removing secrets first.
Step 15: Start, Stop, and Restart OpenClaw
From the OpenClaw repository directory, use Docker Compose to manage the Gateway.
Start OpenClaw:
docker compose up -d
Stop OpenClaw:
docker compose down
Restart OpenClaw:
docker compose restart openclaw-gateway
View logs:
docker compose logs -f openclaw-gateway
Check container status:
docker compose ps
Step 16: Update OpenClaw
Keep OpenClaw updated. Updates may include bug fixes, compatibility improvements, and security patches.
If you installed from the Git repository and build locally:
cd ~/openclaw
git pull
./scripts/docker/setup.sh
docker compose up -d
If you use the prebuilt container image:
cd ~/openclaw
export OPENCLAW_IMAGE="ghcr.io/openclaw/openclaw:latest"
./scripts/docker/setup.sh
docker compose up -d
After updating, run:
docker compose ps
docker compose logs --tail=100 openclaw-gateway
docker compose run --rm openclaw-cli security audit
Step 17: Back Up Your OpenClaw VPS
Because the VPS owns OpenClaw state and workspace data, backups are important. Back up your OpenClaw configuration, workspace, environment files, and deployment files before major updates.
A simple backup example:
mkdir -p ~/openclaw-backups
tar -czf ~/openclaw-backups/openclaw-backup-$(date +%F).tar.gz \
~/.openclaw \
~/openclaw/docker-compose.yml \
~/openclaw/.env 2>/dev/null
Store backups in a secure location. If backups contain tokens, API keys, browser session data, or workspace files, treat them as sensitive data.
Recommended Production Hardening
| Area | Recommended setting |
|---|---|
| Operating system | Ubuntu 24.04 LTS with regular security updates |
| SSH | SSH keys, no password login, no direct root password login |
| Firewall | Default deny inbound; allow only SSH and required private access |
| Gateway access | Loopback, SSH tunnel, Tailscale, WireGuard, or VPN |
| Gateway auth | Long random token or strong authentication |
| Runtime user | Dedicated Linux user for OpenClaw |
| Docker | Docker Engine with Docker Compose v2 |
| Sandboxing | Enable for tool execution where possible |
| Backups | Regular backups of state, workspace, and configuration |
| Auditing | Run OpenClaw security audit after install and configuration changes |
Troubleshooting OpenClaw on a VPS
Docker Compose Is Not Found
Use the modern Docker Compose v2 command:
docker compose version
If this fails, install the Docker Compose plugin:
sudo apt install -y docker-compose-plugin
Permission Denied When Running Docker
If your user cannot run Docker commands, add the user to the Docker group:
sudo usermod -aG docker openclaw
Log out and back in, then test again:
docker run hello-world
OpenClaw Container Is Unhealthy
Check the logs:
docker compose logs -f openclaw-gateway
Then check health endpoints locally on the VPS:
curl -fsS http://127.0.0.1:18789/healthz
curl -fsS http://127.0.0.1:18789/readyz
The OpenClaw UI Does Not Load from My Browser
Make sure you are using an SSH tunnel from your local computer:
ssh -L 18789:127.0.0.1:18789 openclaw@YOUR_SERVER_IP
Then open:
http://127.0.0.1:18789/
OpenClaw Build Fails with Exit 137
Exit 137 usually means the process was killed because the VPS ran out of memory. OpenClaw's Docker documentation notes that at least 2 GB RAM is needed for image builds and that 1 GB hosts may be OOM-killed during install.
Use a larger cVirtual VPS or add more memory before trying again.
Permission Errors on OpenClaw Config or Workspace Files
The OpenClaw Docker image may run as a non-root user. If you see permission errors on mounted OpenClaw directories, review ownership and permissions for your configuration and workspace paths.
ls -la ~/.openclaw
Fix ownership only after confirming the correct runtime user and path for your deployment.
Unauthorized or Pairing Required in the Control UI
Fetch a fresh dashboard link:
docker compose run --rm openclaw-cli dashboard --no-open
Then approve the browser device and use the current Gateway token or shared secret.
OpenClaw VPS Installation FAQ
Can OpenClaw run on a VPS?
Yes. OpenClaw can run on a Linux server or cloud VPS. This is useful when you want the Gateway, state, workspace, and automation environment to stay online even when your local computer is turned off.
What VPS specs do I need for OpenClaw?
For most users, start with 2 vCPU, 8 GB RAM, and 40-80 GB NVMe storage. For heavier browser automation, multiple integrations, team use, or larger workspaces, use 4 vCPU, 16 GB RAM, and more storage.
What operating system should I use?
Ubuntu 24.04 LTS is recommended for this guide because it is stable, widely supported, and works well with Docker Engine and Docker Compose v2.
Does OpenClaw require Docker?
No. Docker is optional, but it is a strong choice for VPS deployments because it provides a repeatable containerized Gateway environment. OpenClaw also supports a standard installer script and package-based installation methods.
Does OpenClaw require a GPU?
No. A GPU is not required for typical OpenClaw Gateway deployments that use hosted AI model APIs. A GPU is only relevant if you plan to run local models or GPU-heavy workloads on the same server.
Should I expose OpenClaw port 18789 to the internet?
Usually no. The safer method is to keep the Gateway private and access it through SSH tunneling, Tailscale, WireGuard, or VPN.
Where does OpenClaw store important data?
OpenClaw may store configuration, workspace files, authentication profiles, environment secrets, session logs, and runtime data in its configuration and workspace directories. Back these up regularly and protect them as sensitive data.
How do I update OpenClaw on a VPS?
If you installed from the Git repository, pull the latest changes and rerun the Docker setup script. If you use the prebuilt image, configure the latest image, restart the containers, and run a security audit after updating.
Why Use Psychz cVirtual for OpenClaw?
Psychz cVirtual is a good fit for users who want to run OpenClaw on an always-on VPS with Linux control, NVMe storage, unmetered bandwidth, DDoS protection options, and global data center choices.
OpenClaw benefits from a stable VPS because the Gateway owns the state and workspace. A properly sized cVirtual VPS gives OpenClaw a persistent environment for remote access, integrations, automation, logs, workspace files, and scheduled workflows.
For most users, start with a cVirtual VPS using Ubuntu 24.04 LTS, 2 vCPU, 8 GB RAM, and 40 GB or more of NVMe storage. Scale up to 4 vCPU, 16 GB RAM, and larger storage if you use heavy browser automation, multiple agents, or business workflows.
Related Articles
Sources and References
- Official OpenClaw Installation Documentation
- Official OpenClaw Docker Installation Documentation
- Official OpenClaw Linux Server and VPS Documentation
- Official OpenClaw Security Documentation
- Psychz cVirtual VPS Hosting
Article Information
Last updated: May 18, 2026
Applies to: Psychz cVirtual VPS, Ubuntu 24.04 LTS, Docker Engine, Docker Compose v2, OpenClaw VPS deployments
Final Recommendation
OpenClaw works well on a VPS when the server has enough RAM, fast storage, secure remote access, and reliable uptime. For most users, the best starting point is a Psychz cVirtual VPS with Ubuntu 24.04 LTS, 2 vCPU, 8 GB RAM, and 40 GB or more of NVMe storage.
Keep the Gateway private, use SSH tunneling or a VPN for access, run regular security audits, back up the state and workspace, and scale your cVirtual resources as your OpenClaw workflows grow.