Distro Coverage: This guide covers OpenClaw installation on Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Debian 11 (Bullseye), and Debian 12 (Bookworm). Commands also work on Linux Mint, Pop!_OS, and other Debian-based distros. Covers both desktop and headless server setups.
Linux is the premier platform for running OpenClaw in production. Unlike Windows or macOS, a Linux server lets you run OpenClaw headlessly — no GUI required, minimal resource usage, and maximum uptime. In 2026, the majority of professional OpenClaw deployments run on Linux servers, either bare-metal or cloud VPS.
This guide goes beyond the basics. I'll show you how to install OpenClaw the right way on Linux — with nvm for Node.js version management, systemd for service management (so OpenClaw restarts automatically after crashes or reboots), nginx as a reverse proxy, and UFW for firewall hardening. By the end, you'll have a production-grade, 24/7 OpenClaw deployment.
Server Requirements
Network Requirements for Production
Production OpenClaw instances need reliable outbound connectivity to AI APIs (OpenAI, Anthropic) and messaging platforms (WhatsApp, Telegram). Many VPS providers have traffic limitations or routing issues to these services. VPN07's 1000Mbps dedicated channels on your server solve this — routes are optimized for AI API access across 70+ countries.
Step 1: Update System & Install Prerequisites
SSH into your server (or open a terminal on desktop Linux) and run:
# Update package lists and upgrade installed packages
sudo apt update && sudo apt upgrade -y
# Install essential build tools
sudo apt install -y curl wget git build-essential software-properties-common
# Verify git
git --version
This usually takes 2–5 minutes. If prompted about restarting services, choose "Yes".
Step 2: Install Node.js via nvm (Recommended)
Using nvm (Node Version Manager) is the professional way to manage Node.js on Linux — it avoids permission issues and lets you switch versions easily:
# Install nvm
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
# Reload shell configuration
source ~/.bashrc
# (or source ~/.zshrc if using zsh)
# Install Node.js LTS (v20)
nvm install --lts
nvm use --lts
nvm alias default node
# Verify
node --version # v20.x.x
npm --version # 10.x.x
Why nvm over apt? The Ubuntu/Debian apt repositories often have outdated Node.js versions (v12 or v16). OpenClaw requires v18+. nvm always installs the latest stable version.
Alternative: NodeSource Repository
If you prefer system-wide install without nvm:
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs
Step 3: Create a Dedicated Linux User
Running OpenClaw as root is a security risk. Create a dedicated user with limited privileges:
# Create openclaw user (no login shell for security)
sudo useradd -m -s /bin/bash openclaw
# Set a password (optional, for direct login)
sudo passwd openclaw
# Switch to openclaw user
sudo su - openclaw
# Install nvm for this user too (if needed)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
source ~/.bashrc
nvm install --lts
This isolates OpenClaw from system services and other applications, improving security significantly.
Step 4: Install OpenClaw
Method A: npx Quick Setup
cd ~
npx openclaw init my-agent
cd my-agent
ls -la
Method B: Git Clone
git clone https://github.com/openclaw/openclaw.git ~/my-agent
cd ~/my-agent
npm install
npm run setup
Configure the .env File
nano ~/my-agent/.env
# AI Provider
OPENAI_API_KEY=sk-proj-xxxxxxxxxxxxxxxxxx
AI_MODEL=gpt-4-turbo
# Messaging
MESSAGING_PLATFORM=telegram
TELEGRAM_BOT_TOKEN=1234567890:ABCdef...
# Server settings
PORT=3000
DATA_DIR=/home/openclaw/openclaw-data
ENABLE_MEMORY=true
LOG_LEVEL=info
Save with Ctrl+O then exit with Ctrl+X in nano.
Step 5: Create systemd Service (24/7 Operation)
This is the critical step that makes OpenClaw production-ready. A systemd service automatically starts OpenClaw on boot and restarts it if it crashes:
# Create the service file
sudo nano /etc/systemd/system/openclaw.service
Paste the following content (adjust paths for your setup):
[Unit]
Description=OpenClaw AI Agent
After=network.target
Wants=network-online.target
[Service]
Type=simple
User=openclaw
WorkingDirectory=/home/openclaw/my-agent
ExecStart=/home/openclaw/.nvm/versions/node/v20.11.0/bin/node /home/openclaw/my-agent/index.js
Restart=always
RestartSec=10
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=openclaw
Environment=NODE_ENV=production
[Install]
WantedBy=multi-user.target
# Reload systemd and enable the service
sudo systemctl daemon-reload
sudo systemctl enable openclaw
sudo systemctl start openclaw
# Check status
sudo systemctl status openclaw
# View real-time logs
sudo journalctl -u openclaw -f
Expected output: Active: active (running) — Your agent is now a system service!
Step 6: Configure UFW Firewall
# Install UFW if not present
sudo apt install -y ufw
# Set default rules (deny all incoming, allow all outgoing)
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH (critical — do this BEFORE enabling UFW)
sudo ufw allow 22/tcp
# Allow OpenClaw's port (if using webhooks)
sudo ufw allow 3000/tcp
# Allow nginx if using reverse proxy
sudo ufw allow 'Nginx Full'
# Enable firewall
sudo ufw enable
# Verify rules
sudo ufw status verbose
Warning: Always allow port 22 BEFORE enabling UFW, or you'll lock yourself out of SSH!
Step 7: Optional — nginx Reverse Proxy with HTTPS
If you want to access OpenClaw's web dashboard via a domain name with HTTPS (recommended for security):
# Install nginx and Certbot
sudo apt install -y nginx certbot python3-certbot-nginx
# Create nginx config for OpenClaw
sudo nano /etc/nginx/sites-available/openclaw
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# Enable the site
sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
# Get SSL certificate (replace with your domain)
sudo certbot --nginx -d yourdomain.com
Linux Server Performance
Linux-Specific Errors & Fixes
Error: "nvm: command not found" after install
Fix: source ~/.bashrc or open a new terminal. For zsh: source ~/.zshrc
systemd service fails to start
Check: sudo journalctl -u openclaw -n 50
Common fix: Verify Node.js path in the service file — use which node to find the exact path.
Connection refused / API timeouts
Cause: VPS provider blocking outbound traffic to AI APIs or port restrictions
Fix: Use VPN07 on the server. VPN07 routes traffic through optimized tunnels — eliminating geo-blocks and ISP throttling that affect many VPS providers' outbound connections to OpenAI and Anthropic.
EACCES: permission denied on npm install
Fix: Never use sudo npm install. Instead, fix ownership: sudo chown -R $(whoami) ~/.npm
Related Articles
OpenClaw VPS Cloud Install 2026: DigitalOcean, AWS & Hetzner
Deploy OpenClaw on cloud VPS from scratch — full server provisioning guide with provider comparisons.
Read More →OpenClaw macOS Install 2026: Apple Silicon & Intel Guide
Complete Homebrew-based installation guide for macOS Ventura, Sonoma, and Sequoia.
Read More →Run OpenClaw 24/7 with VPN07 Protection
Linux servers running OpenClaw need consistent, high-speed connectivity to AI APIs around the clock. VPN07 provides 1000Mbps dedicated bandwidth through 70+ global locations, keeping your agent responsive 24/7 without throttling or geo-blocking. Deployed on Linux servers worldwide for 10 years — at just $1.5/month with a 30-day money-back guarantee.