FTC Notice: We earn commissions when you shop through the links on this site.

How to Install OpenClaw on DigitalOcean (Cloud VPS Setup Guide)

Published February 20, 2026 | By Matt

Running OpenClaw (formerly Clawdbot / Moltbot) on a cloud VPS instead of your personal computer is one of the smartest deployment choices you can make. A DigitalOcean Droplet gives you an always-on server with a static IP, predictable networking, and complete isolation from your personal machine — which means your AI agent runs 24/7 without tying up your laptop or risking your personal files.

DigitalOcean has become one of the most popular hosting choices for OpenClaw, and they even offer a 1-Click Deploy option from their Marketplace that handles the heavy lifting for you. This guide covers both the 1-Click approach and the manual setup, so you can choose whichever fits your comfort level.

If you’re not familiar with OpenClaw yet, start with our guide to what OpenClaw is and how it works. If you’d rather run it locally, we have installation guides for Mac and Windows.

Why Run OpenClaw on a Cloud VPS?

Running OpenClaw locally on your Mac or PC works great, but a cloud deployment solves several common pain points.

Always available. A Droplet runs 24/7 without depending on your laptop being open, plugged in, or connected to the internet. Your AI agent stays active while you sleep, travel, or close your computer.

Security isolation. Your AI agent runs on a separate machine with no access to your personal files, passwords, or accounts. If something goes wrong, your personal computer is unaffected. This is a major advantage given the security considerations around OpenClaw.

Static IP and stable networking. Unlike your home network where the IP can change and ports may be blocked, a Droplet has a fixed public IP address. This makes remote access and messaging integrations more reliable.

Scalable resources. If your agent’s workload grows — more skills, more channels, browser automation — you can vertically scale the Droplet’s CPU and RAM without starting over.

Option A: 1-Click Deploy from the DigitalOcean Marketplace

The fastest way to get OpenClaw running on DigitalOcean is their 1-Click Deploy, available in the DigitalOcean Marketplace. This provisions a security-hardened Droplet with OpenClaw pre-installed, including Docker for sandboxed execution, firewall rules, non-root user configuration, and a gateway authentication token.

Step 1: Deploy the 1-Click App

Log into your DigitalOcean account and navigate to the Marketplace. Search for “OpenClaw” and click “Create OpenClaw Droplet.” You’ll be prompted to choose a Droplet size and region.

For Droplet size, the minimum recommended is 2 vCPUs with 2GB RAM. The 1-Click image currently requires a minimum $24/month Droplet to match the snapshot’s disk and memory requirements, though DigitalOcean is working on reducing this. If budget is a concern, you can try a smaller Droplet with the manual setup method described in Option B.

Choose a datacenter region close to you for the best latency. Add your SSH key during creation — you’ll need it to log in.

Step 2: SSH Into Your Droplet

Wait for the Droplet to finish provisioning. Note that the DigitalOcean dashboard may say “ready” before SSH is actually available — if the connection fails, wait 60 seconds and try again.

ssh root@your-droplet-ip

You’ll see a welcome message from OpenClaw with setup instructions.

Step 3: Configure Your AI Provider

The welcome screen will walk you through initial configuration. You’ll need to choose your AI provider (Anthropic, OpenAI, or Gradient AI) and paste your API key. After entering the key, the OpenClaw service will restart automatically to apply the changes.

Note the Dashboard URL displayed in the welcome message — you’ll use this to access the web-based Control UI from your browser.

Step 4: Access the Dashboard

Open the Dashboard URL in your browser. The 1-Click deployment sets up Caddy as a reverse proxy with automatic TLS certificates from Let’s Encrypt — even for bare IP addresses without a domain name. This means your dashboard connection is encrypted out of the box.

You’ll need to complete the pairing process when first accessing the dashboard. Follow the on-screen instructions to pair your browser.

Step 5: Connect a Messaging Channel

From the dashboard or via SSH, connect your preferred messaging platform. The process is the same as any OpenClaw installation — create a Telegram bot via @BotFather, scan a QR code for WhatsApp, or configure Discord/Slack webhooks.

Once connected, send a test message to confirm everything is working.

Option B: Manual Setup on a Fresh Droplet

If you prefer more control over the installation, or if you want a smaller/cheaper Droplet, you can set up OpenClaw manually on a fresh Ubuntu server.

Step 1: Create a Droplet

Create a new Droplet in the DigitalOcean control panel with the following specs:

Image: Ubuntu 24.04 LTS

Size: At least 2 vCPUs and 2GB RAM (the Basic plan at ~$18/month works well). A 1GB Droplet can work with a swap file but may run out of memory during npm install.

Region: Choose the datacenter closest to you.

Authentication: Add your SSH key.

Step 2: Initial Server Setup

SSH into your new Droplet:

ssh root@your-droplet-ip

Update packages:

apt update && apt upgrade -y

Create a swap file (important for smaller Droplets to prevent out-of-memory errors during installation):

sudo fallocate -l 2G /swapfile

sudo chmod 600 /swapfile

sudo mkswap /swapfile

sudo swapon /swapfile

echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Step 3: Create a Dedicated User

Running OpenClaw as root is a bad idea. Create a dedicated user with limited permissions:

adduser openclaw

usermod -aG sudo openclaw

su - openclaw

This ensures the AI runtime doesn’t have root-level access to your system. If a skill misbehaves, the damage is contained to this user’s permissions.

Step 4: Install Node.js 22

curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -

sudo apt-get install -y nodejs

Verify:

node --version

Step 5: Install and Configure OpenClaw

npm install -g openclaw@latest

openclaw onboard --install-daemon

The onboarding wizard will prompt for your model provider, API key, and messaging channel configuration — the same process as a local installation.

Step 6: Configure Firewall Rules

Set up UFW to restrict inbound access:

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw allow OpenSSH

sudo ufw enable

Do not expose port 18789 (the gateway) publicly unless you have a specific reason and have set up proper authentication and a reverse proxy. For personal use, access the dashboard via SSH tunnel instead.

Step 7: Verify the Installation

openclaw doctor

openclaw status

If both return healthy results, your cloud-hosted OpenClaw is live.

VPS-Specific Configuration Tips

Running OpenClaw on a headless VPS introduces a few differences compared to a local desktop setup. Here are the most important things to get right:

Set execution host to gateway. On a VPS, there’s no terminal window open for OpenClaw to run commands in. The gateway process serves as the execution environment. Make sure tools.exec.host is set to gateway in your configuration, or commands will fail silently.

Disable execution consent prompts. On a local machine, consent prompts are a safety feature — OpenClaw asks “are you sure?” before running commands, and you approve them. On a headless VPS, there’s nobody sitting at a terminal to approve anything. Set tools.exec.ask to off or commands will hang indefinitely waiting for input. Compensate by being more careful about which skills you install and which permissions you grant.

Set security level appropriately. The tools.exec.security setting controls what OpenClaw is allowed to do. On a dedicated VPS where you control what’s installed, setting this to full is typically appropriate — without it, OpenClaw can’t call APIs, fetch URLs, or reach any external service. On a shared machine, keep it more restrictive.

Configuration lives in /opt/openclaw.env. On the 1-Click deployment, the main configuration file is at /opt/openclaw.env and is owned by root. The openclaw user intentionally cannot modify its own configuration — this is a security feature that prevents a misbehaving skill from changing API keys or redirecting outputs. Edit it as root with sudo nano /opt/openclaw.env and restart the service after changes.

Restart the service after config changes. Changes to the environment or configuration don’t take effect until you restart: sudo systemctl restart openclaw

Remote Access Options

SSH tunnel (recommended for personal use): Access the dashboard without exposing it publicly by forwarding the port through SSH: ssh -L 18789:localhost:18789 openclaw@your-droplet-ip, then open http://localhost:18789 in your browser.

Tailscale (recommended for multi-device access): Install Tailscale on both your Droplet and your devices to create a private, encrypted network. Your OpenClaw instance gets a private Tailscale address and remains inaccessible from the public internet.

Messaging only (simplest): If you’ve connected Telegram, WhatsApp, or another messaging channel, you don’t need to access the dashboard at all for day-to-day use. Just interact with your agent through chat.

Cost Expectations

Your total cost for running OpenClaw on DigitalOcean has two components:

Droplet hosting: The 1-Click deployment starts at $24/month (due to the current image size requirements). Manual setup on a smaller Droplet can start around $12-18/month with 2GB RAM. A 1GB Droplet ($6/month) can work for light use with a swap file configured.

AI model API costs: These depend on your provider and usage. Claude Haiku is the most cost-effective for everyday tasks, while Claude Opus is more capable but pricier. Typical personal use runs anywhere from $5-50/month in API costs depending on how active your agent is.

What to Do After Installation

Once your cloud-hosted OpenClaw is running, explore our guide to 10 practical things you can do with OpenClaw. Cron jobs and proactive automation are particularly well-suited to a VPS deployment since your agent is always on and always connected.

And don’t skip the security basics — read our OpenClaw security guide for best practices on running an AI agent safely, especially in a cloud environment.