VPS / Cloud Deployment

This guide covers deploying your OpenClaw stack to a VPS (Virtual Private Server) or cloud instance. Works with DigitalOcean, Hetzner, Contabo, Linode, AWS EC2, or any provider that gives you a Linux VM.

Recommended Specs

Step 1: Provision the Server

Create a VPS with Ubuntu 22.04 or later. Most providers have a one-click Docker image or you can install manually:

# SSH into your server
ssh root@your-server-ip

# Update packages
apt update && apt upgrade -y

# Install Docker
curl -fsSL https://get.docker.com | sh

# Install Docker Compose plugin
apt install -y docker-compose-plugin

# Add your user to the docker group
usermod -aG docker $USER

# Log out and back in, then verify
docker info
docker compose version

Step 2: Generate the Stack

Generate your stack locally with a reverse proxy configured:

# With automatic HTTPS via Caddy (recommended)
npx create-better-openclaw my-stack \
  --preset researcher \
  --proxy caddy \
  --domain openclaw.example.com \
  --generateSecrets \
  --yes

Alternative: Traefik

npx create-better-openclaw my-stack \
  --preset researcher \
  --proxy traefik \
  --domain openclaw.example.com \
  --yes

Step 3: Configure DNS

Point your domain to your server's IP address:

If using a wildcard for subdomains (e.g. separate UIs for Grafana, n8n):

Wait for DNS propagation (usually 1-5 minutes with low TTL). Verify with:

dig openclaw.example.com +short
# Should return: 203.0.113.42

Step 4: Deploy to Server

# Copy the stack to your server
scp -r my-stack/ user@your-server:~/

# SSH into the server
ssh user@your-server

# Enter the stack directory
cd my-stack

# Configure environment variables
cp .env.example .env
nano .env  # Add your API keys and secrets

# Make scripts executable
chmod +x scripts/*.sh

# Start the stack
./scripts/start.sh

Step 5: Verify

# Check service status
docker compose ps

# Check logs
docker compose logs -f openclaw-gateway

# Test the health endpoint
curl https://openclaw.example.com/healthz

# Check SSL certificate
curl -vI https://openclaw.example.com 2>&1 | grep "SSL certificate"

Caddy Configuration

The generated Caddyfile handles HTTPS automatically via Let's Encrypt:

openclaw.example.com {
    reverse_proxy openclaw-gateway:8080
}

# If you have service UIs (Grafana, n8n, etc.)
grafana.openclaw.example.com {
    reverse_proxy grafana:3000
}

n8n.openclaw.example.com {
    reverse_proxy n8n:5678
}

Caddy automatically obtains and renews SSL certificates. No manual setup needed.

Firewall Setup

Only expose ports 80 (HTTP → HTTPS redirect) and 443 (HTTPS):

# UFW (Ubuntu)
ufw allow 22/tcp    # SSH
ufw allow 80/tcp    # HTTP (redirects to HTTPS)
ufw allow 443/tcp   # HTTPS
ufw enable

# Verify
ufw status

Important: Do NOT expose service ports directly (6333 for Qdrant, 6379 for Redis, etc.). Route everything through the reverse proxy.

Updating Your Stack

# SSH into server
ssh user@your-server
cd my-stack

# Backup first
./scripts/backup.sh

# Pull latest images
./scripts/update.sh

# Or manually
docker compose pull
docker compose up -d

Monitoring

# Resource usage
docker stats

# Disk usage
df -h
docker system df

# Service status with the helper script
./scripts/status.sh

Provider-Specific Tips

DigitalOcean

• Use the "Docker on Ubuntu" marketplace image
• Enable monitoring in the Droplet settings
• Use DigitalOcean Spaces for off-server backups

Hetzner

• Best price/performance ratio in EU
• Use the Falkenstein or Helsinki DC for low latency
• CAX-series ARM servers are extremely cost-effective

AWS EC2

• Use a t3.medium or larger for standard stacks
• Attach an EBS volume for persistent data
• Configure Security Groups instead of UFW

Next Steps

• Homelab Deployment — ARM64, GPU passthrough, Unraid/Proxmox
• Local Docker Guide — development setup
• Contributing — help improve better-openclaw