Cloud Providers Covered: This guide covers deploying OpenClaw on DigitalOcean (Droplets), AWS (EC2), Hetzner Cloud, and Vultr — with provider-specific tips for each. The complete stack includes Node.js + PM2 + nginx + SSL + automated backups. Estimated total setup time: 30–45 minutes.
A cloud VPS is the gold standard for running OpenClaw in production. Unlike running it on a home PC (power outages, IP changes, limited uptime) or a developer laptop (performance hit, needs to stay awake), a VPS gives you dedicated resources, a static IP, and 99.9%+ uptime — all for just a few dollars per month.
In this comprehensive guide, I'll walk you through the entire lifecycle: choosing the right VPS provider and plan, provisioning your server, securing it, installing OpenClaw with all production dependencies, and setting up monitoring. This is the same stack used by professional OpenClaw deployments handling thousands of messages per day.
VPS Provider Comparison for OpenClaw
🌊 DigitalOcean Droplets
Best for BeginnersSimple, developer-friendly interface. One-click Ubuntu setup. Excellent documentation. Recommended entry plan: Basic Droplet, 2GB RAM, $12/month.
☁️ Amazon Web Services (EC2)
Most ScalableMore complex setup but unmatched reliability and global reach. Use t2.micro (free) for testing, t3.small ($15/mo) for production. Enable the 12-month free tier for new accounts.
🇩🇪 Hetzner Cloud
Best Price/PerformanceExceptional value — 4GB RAM for under $4/month. Ideal for budget-conscious deployments. The CX22 plan handles OpenClaw with multiple active agents. EU-based (GDPR compliant).
Step 1: Provision Your Cloud Server
DigitalOcean: Create a Droplet
- 1. Log in to DigitalOcean → Click "Create Droplet"
- 2. Choose Ubuntu 24.04 LTS (x64)
- 3. Select Basic plan, 2GB RAM / 1 vCPU / 50GB SSD ($12/mo)
- 4. Choose datacenter closest to your AI provider (US East for OpenAI)
- 5. Add your SSH public key (recommended) or set a root password
- 6. Click "Create Droplet" — your server is ready in ~60 seconds
# Connect to your server (replace YOUR_IP)
ssh root@YOUR_SERVER_IP
# Or with SSH key:
ssh -i ~/.ssh/id_rsa root@YOUR_SERVER_IP
AWS EC2: Launch an Instance
- 1. AWS Console → EC2 → Launch Instance
- 2. Name:
openclaw-server - 3. AMI: Ubuntu Server 24.04 LTS (Free tier eligible)
- 4. Instance type:
t2.micro(free) ort3.small(production) - 5. Create a key pair and download the .pem file
- 6. Security Group: Allow SSH (22), HTTP (80), HTTPS (443), and custom port 3000
Pro Tip: Choose Server Location Wisely
Select a datacenter in the same region as your primary AI provider: US East (Virginia/NYC) for OpenAI, US West (Oregon) for Anthropic, EU (Frankfurt) for Mistral. This reduces API latency by 20–50ms — meaningful for real-time chat automation.
Step 2: Harden Server Security
# Update and upgrade (always first!)
apt update && apt upgrade -y
# Create a non-root user
adduser openclaw
usermod -aG sudo openclaw
# Copy SSH keys to new user
rsync --archive --chown=openclaw:openclaw ~/.ssh /home/openclaw
# Disable root SSH login (security best practice)
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
systemctl restart sshd
# Switch to openclaw user
su - openclaw
Configure UFW Firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp # SSH
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
sudo ufw allow 3000/tcp # OpenClaw (optional)
sudo ufw enable
sudo ufw status
Step 3: Install Node.js and OpenClaw
# Install nvm
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
source ~/.bashrc
# Install Node.js LTS
nvm install --lts
nvm use --lts
node --version # Verify: v20.x.x
# Install PM2 globally
npm install -g pm2
# Create OpenClaw project
mkdir ~/openclaw-agent && cd ~/openclaw-agent
npx openclaw init .
# Or git clone method
git clone https://github.com/openclaw/openclaw.git ~/openclaw-agent
cd ~/openclaw-agent && npm install && npm run setup
Configure .env for Production
nano ~/openclaw-agent/.env
# Production configuration:
NODE_ENV=production
OPENAI_API_KEY=sk-proj-xxxxxxxxxxxxxxxxxx
AI_MODEL=gpt-4-turbo
MESSAGING_PLATFORM=telegram
TELEGRAM_BOT_TOKEN=1234567890:ABCdef...
ENABLE_MEMORY=true
LOG_LEVEL=warn
PORT=3000
DATA_DIR=/home/openclaw/openclaw-data
Step 4: Production Setup with PM2
Launch OpenClaw in Production Mode
cd ~/openclaw-agent
# Start with PM2
pm2 start npm --name "openclaw" -- start
# Save PM2 config for auto-restart
pm2 save
# Set up PM2 to start on system boot
pm2 startup systemd
# Run the command it shows (starts with: sudo env PATH=...)
# Monitor in real-time
pm2 monit
# View logs
pm2 logs openclaw --lines 100
# Restart after config changes
pm2 restart openclaw
Production ready! PM2 automatically restarts OpenClaw on crashes and server reboots. Your agent is now truly 24/7.
Create ecosystem.config.js for Advanced Control
// ~/openclaw-agent/ecosystem.config.js
module.exports = {
apps: [{
name: 'openclaw',
script: 'index.js',
env_production: {
NODE_ENV: 'production',
},
max_memory_restart: '500M',
error_file: '/home/openclaw/logs/openclaw-err.log',
out_file: '/home/openclaw/logs/openclaw-out.log',
merge_logs: true,
log_date_format: 'YYYY-MM-DD HH:mm:ss',
}]
}
// Start with:
// pm2 start ecosystem.config.js --env production
Step 5: nginx + SSL Certificate
sudo apt install -y nginx certbot python3-certbot-nginx
sudo nano /etc/nginx/sites-available/openclaw
server {
listen 80;
server_name your-domain.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 300s;
}
}
# Enable and get SSL:
sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl restart nginx
sudo certbot --nginx -d your-domain.com
Cloud VPS Performance Metrics
Why VPS Needs VPN07 Too
Many VPS providers route traffic through shared infrastructure that can be throttled or geo-blocked when accessing AI APIs. Additionally, running OpenClaw on a VPS without a VPN means your agent's traffic (including API keys in headers) travels over potentially logged provider networks. VPN07 solves both problems:
- ✓ Encrypted API traffic: Your OpenAI/Anthropic API keys travel encrypted through VPN07 tunnels
- ✓ Bypass provider throttling: ISP-level throttling doesn't affect VPN07's dedicated 1000Mbps channels
- ✓ Geo-optimization: Connect your VPS to the VPN07 node closest to your AI provider's data center
VPS-Specific Errors & Fixes
AWS: "Connection refused" on port 3000
Fix: Add an inbound rule in your EC2 Security Group: Custom TCP, Port 3000, Source: 0.0.0.0/0. AWS Security Groups act as firewalls and block all ports by default.
DigitalOcean: PM2 process dies after SSH disconnect
Fix: Run pm2 save and then run the pm2 startup command it generates. This ensures PM2 persists as a service, not just a session process.
Hetzner: High latency to OpenAI (>300ms)
Fix: Hetzner's European data centers have higher latency to US-based APIs. Use VPN07 to connect through a US node, dramatically reducing round-trip time to OpenAI's servers. Alternatively, switch to a Hetzner Ashburn (US) location.
nginx: 502 Bad Gateway
Fix: OpenClaw isn't running. Check: pm2 status and pm2 logs openclaw. Usually caused by missing .env variables or a Node.js version mismatch.
Related Articles
Complete Your VPS Stack with VPN07
Your cloud VPS OpenClaw deployment isn't complete without VPN07. Trusted by cloud developers and DevOps professionals for 10 years, VPN07 encrypts your AI API traffic, optimizes routing to OpenAI and Anthropic endpoints, and delivers 1000Mbps performance across 70+ global locations. At $1.5/month with a 30-day money-back guarantee, it's the most cost-effective infrastructure upgrade for your OpenClaw setup.