Linux server

Run the OpenClaw Gateway on any Linux server or cloud VPS. The Gateway owns state and workspace on the VPS; connect from laptops or phones via the Control UI, Tailscale, or SSH.

Pick a provider

Common options include:

Railway
Northflank
DigitalOcean (simple paid VPS)
Oracle Cloud (Always Free ARM tier)
Fly.io (Fly Machines)
Hetzner (Docker on VPS)
Hostinger (VPS with one-click setup)
GCP (Compute Engine)
Azure (Linux VM)
exe.dev (VM with HTTPS proxy)
Raspberry Pi (ARM self-hosted)

AWS (EC2, Lightsail, or free tier) also works. Treat the VPS as the source of truth and back up state and workspace regularly.

The Gateway runs on the VPS. Connect from your laptop or phone using the Control UI or Tailscale/SSH. Keep the default loopback bind for security and access via SSH tunnel or Tailscale Serve. If binding to lan or tailnet, require gateway.auth.token or gateway.auth.password.

See Deployment for Docker, docker-compose, and managed-platform details.

Harden admin access first

Before installing on a public VPS, harden the box itself:

For Tailnet-only admin access, install Tailscale first, join the VPS, verify a second SSH session over the Tailscale IP or MagicDNS name, then restrict public SSH.
For non-Tailscale setups, apply equivalent SSH hardening before exposing services.
This is separate from Gateway access. You can keep OpenClaw on loopback and use an SSH tunnel or Tailscale Serve for the dashboard.

Tailscale-specific options are under gateway.tailscale.

Shared company agent on a VPS

A single agent for a team works when every user is in the same trust boundary and the agent is business-only:

Use a dedicated runtime (VPS/VM/container plus dedicated OS user/accounts).
Do not sign the runtime into personal Apple/Google accounts or personal browser/password-manager profiles.
If users are adversarial, split by gateway, host, or OS user.

Using nodes with a VPS

Keep the Gateway in the cloud and pair nodes on local devices (macOS, iOS, Android, headless). Nodes supply local screen, camera, canvas, and system.run capabilities.

See Nodes for pairing and capability details.

Startup tuning for small VMs and ARM hosts

If CLI commands feel slow on low-power VMs or ARM hosts, enable Node's module compile cache:

grep -q 'NODE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache' ~/.bashrc || cat >> ~/.bashrc <<'EOF'
export NODE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache
mkdir -p /var/tmp/openclaw-compile-cache
export OPENCLAW_NO_RESPAWN=1
EOF
source ~/.bashrc

NODE_COMPILE_CACHE speeds up repeated command starts.
OPENCLAW_NO_RESPAWN=1 keeps routine Gateway restarts in-process.
The first command warms the cache; later runs are faster.

systemd tuning checklist (optional)

For systemd hosts:

Add stable startup environment variables: OPENCLAW_NO_RESPAWN=1 and NODE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache.
Set explicit restart behavior: Restart=always, RestartSec=2, TimeoutStartSec=90.
Prefer SSD-backed disks for state and cache paths.

For the standard daemon path, edit the user unit:

systemctl --user edit openclaw-gateway.service

[Service]
Environment=OPENCLAW_NO_RESPAWN=1
Environment=NODE_COMPILE_CACHE=/var/tmp/openclaw-compile-cache
Restart=always
RestartSec=2
TimeoutStartSec=90

If you installed a system unit, edit via sudo systemctl edit openclaw-gateway.service.

Install OpenClaw with npm install -g openclaw@latest (Node 24 recommended, or 22.19+), then run openclaw onboard --install-daemon to set up the daemon and local layout. Use openclaw gateway status and openclaw gateway stop for management.

Was this page helpful?