When to use a VPS
A VPS (Virtual Private Server) gives your OpenClaw agent 24/7 uptime without leaving a physical machine running at home. Good options include DigitalOcean, Hetzner, Vultr, Railway, and Amazon Lightsail (which now offers a one-click OpenClaw blueprint). A VPS also gives you a static IP address and better network performance for real-time messaging channels.
Server requirements
Minimum: 2 vCPUs, 2GB RAM, 20GB storage. Recommended: 2 vCPUs, 4GB RAM, 40GB storage. Ubuntu 22.04 or 24.04 LTS is the most common OS choice. Install Docker and Docker Compose, then deploy using the official Docker image. Total cost: $5-20/month for the VPS, plus your LLM API costs.
Critical security for VPS deployments
VPS deployments are the most common source of exposed OpenClaw instances. You must bind the Gateway to localhost only, set up a firewall (ufw), use SSH key authentication (disable password login), access OpenClaw through an SSH tunnel or Tailscale — never expose port 18789 to the public internet. The 30,000+ exposed instances found by security researchers were almost entirely VPS deployments with default configurations. See our security guide and security checklist for the full hardening process.
Remote access via SSH tunnel
The safest way to access your OpenClaw Control UI remotely: ssh -L 18789:localhost:18789 user@your-vps-ip. Then open http://localhost:18789 in your browser. All traffic is encrypted through the SSH tunnel, and the Gateway port is never exposed publicly. For always-on access, consider Tailscale or Cloudflare Tunnel.