OpenClaw on Ubuntu Server 24.04: Headless VPS Always-On AI Setup
About This Guide: This is a production-grade tutorial for installing OpenClaw on a headless Ubuntu Server 24.04 LTS VPS — no desktop GUI required. Covers Node.js 22, systemd service, nginx reverse proxy, SSL certificate, UFW firewall, and monitoring. Perfect for cloud VPS (DigitalOcean, Hetzner, Vultr, AWS EC2, Linode). Estimated time: 30–45 minutes.
Running OpenClaw on a headless Ubuntu Server is the gold standard for 24/7 AI agent deployment. Unlike running OpenClaw on a personal laptop or desktop (which turns off when you sleep or travel), a cloud VPS runs continuously — your AI agent is always available to handle automations, respond to messages, run scheduled tasks, and execute workflows regardless of where you are.
Ubuntu Server 24.04 LTS (Noble Numbat) was released in April 2024 and is supported until 2029. It's the most widely used Linux server distribution, with excellent community support and the most up-to-date package repositories. This guide focuses specifically on the headless server variant — no desktop environment, pure terminal-based management.
This guide differs from our desktop Ubuntu guides: here we configure systemd for auto-restart, nginx as a reverse proxy with HTTPS, fail2ban for security, and logrotate for log management — everything you need for a professional, production-ready OpenClaw deployment.
Recommended VPS Providers & Specs
Minimum VPS Specs
- vCPUs: 1 core (2 cores recommended)
- RAM: 1 GB minimum (2 GB recommended)
- Storage: 20 GB SSD (40 GB for heavy usage)
- OS: Ubuntu 24.04 LTS (Noble Numbat)
- Bandwidth: 1 TB/month transfer
Tested VPS Providers
Choose Your VPS Region Wisely
Pick a VPS region close to the AI API servers you'll use most. For Anthropic Claude: US East (Virginia) or US West (Oregon). For OpenAI: US East or EU West. Using VPN07 on your VPS adds an extra layer of routing optimization and security, especially if your VPS is in a region with ISP throttling of AI provider endpoints.
Step 1: Initial Ubuntu 24.04 Server Setup
SSH into your fresh Ubuntu 24.04 VPS and run initial setup commands:
# Update system packages
sudo apt update && sudo apt upgrade -y
# Install essential tools
sudo apt install -y curl git wget unzip build-essential
# Set timezone (important for cron jobs!)
sudo timedatectl set-timezone UTC
timedatectl status
# Create a dedicated user for OpenClaw (security best practice)
sudo adduser --system --group --home /opt/openclaw openclaw
# Optional: configure SSH key-only authentication
# (Disable password login after setting up SSH keys)
Security: Disable Root SSH Login
# Edit SSH config
sudo nano /etc/ssh/sshd_config
# Set these values:
# PermitRootLogin no
# PasswordAuthentication no (only after setting up SSH keys!)
# PubkeyAuthentication yes
sudo systemctl restart sshd
Step 2: Configure UFW Firewall
# Enable UFW and set default rules
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH (adjust port if you changed it)
sudo ufw allow 22/tcp
# Allow HTTP and HTTPS (for nginx reverse proxy)
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable firewall
sudo ufw enable
sudo ufw status verbose
OpenClaw itself doesn't need any inbound ports — it connects outbound to AI APIs and messaging platforms. We only open 80/443 for nginx health checks and optional webhook endpoints.
Step 3: Install Node.js 22 LTS
# Add NodeSource repository for Node.js 22 LTS
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
# Install Node.js
sudo apt install -y nodejs
# Verify installation
node --version # v22.x.x
npm --version # 10.x.x
# Install pnpm (optional, preferred by some OpenClaw workflows)
npm install -g pnpm
Step 4: Install & Configure OpenClaw
Install OpenClaw as the openclaw user
# Switch to the openclaw system user context
sudo -u openclaw bash
# Navigate to home directory
cd /opt/openclaw
# Method 1: Quick npm global install
npm install -g openclaw@latest
openclaw onboard --install-daemon
# Method 2: Clone and build from source
git clone https://github.com/openclaw/openclaw.git agent
cd agent
npm install
npm run setup
Configure .env for Production
Create a secure .env configuration:
nano /opt/openclaw/agent/.env
Add your configuration:
# AI Provider
ANTHROPIC_API_KEY=sk-ant-xxxxxxxxxxxxxxxx
AI_MODEL=claude-3-5-sonnet-20241022
# Messaging (Telegram recommended for headless servers)
MESSAGING_PLATFORM=telegram
TELEGRAM_BOT_TOKEN=7xxxxxxxxx:AAxxxxxxxxxxxxxxxxxx
TELEGRAM_CHAT_ID=xxxxxxxxxx
# Server settings
NODE_ENV=production
ENABLE_MEMORY=true
LOG_LEVEL=info
LOG_FILE=/var/log/openclaw/agent.log
DATA_DIR=/opt/openclaw/data
# Performance
HEARTBEAT_INTERVAL=60000
MAX_PARALLEL_TASKS=3
Security: Set strict permissions on .env: chmod 600 /opt/openclaw/agent/.env && chown openclaw:openclaw /opt/openclaw/agent/.env
Step 5: Create systemd Service for 24/7 Operation
systemd is the correct way to run OpenClaw as a production service on Ubuntu Server. It handles auto-restart, logging, and boot startup:
sudo nano /etc/systemd/system/openclaw.service
Paste this service definition:
[Unit]
Description=OpenClaw AI Agent Service
Documentation=https://openclaw.ai
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=openclaw
Group=openclaw
WorkingDirectory=/opt/openclaw/agent
EnvironmentFile=/opt/openclaw/agent/.env
ExecStart=/usr/bin/node /opt/openclaw/agent/index.js
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=10
StartLimitInterval=60
StartLimitBurst=3
StandardOutput=journal
StandardError=journal
SyslogIdentifier=openclaw
KillMode=mixed
TimeoutStopSec=30
# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ReadWritePaths=/opt/openclaw/data /var/log/openclaw
[Install]
WantedBy=multi-user.target
# Create log directory
sudo mkdir -p /var/log/openclaw
sudo chown openclaw:openclaw /var/log/openclaw
# Create data directory
sudo mkdir -p /opt/openclaw/data
sudo chown openclaw:openclaw /opt/openclaw/data
# Enable and start the service
sudo systemctl daemon-reload
sudo systemctl enable openclaw
sudo systemctl start openclaw
# Check status
sudo systemctl status openclaw
# View real-time logs
sudo journalctl -u openclaw -f
Step 6: nginx Reverse Proxy with SSL (Optional)
If you want a webhook endpoint or health check URL for your OpenClaw agent, set up nginx with a free Let's Encrypt SSL certificate:
Install nginx and Certbot
sudo apt install -y nginx certbot python3-certbot-nginx
# Start nginx
sudo systemctl enable nginx
sudo systemctl start nginx
Configure nginx Site
sudo nano /etc/nginx/sites-available/openclaw
server {
listen 80;
server_name your-vps-domain.com;
location /health {
proxy_pass http://localhost:3000/health;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /webhook {
proxy_pass http://localhost:3000/webhook;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 300s;
}
}
# Enable site and get SSL certificate
sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# Get free SSL certificate (replace with your actual domain)
sudo certbot --nginx -d your-vps-domain.com
Step 7: Log Rotation & Monitoring
Configure logrotate
sudo nano /etc/logrotate.d/openclaw
/var/log/openclaw/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 640 openclaw openclaw
postrotate
systemctl reload openclaw 2>/dev/null || true
endscript
}
Useful Monitoring Commands
# Check service status
sudo systemctl status openclaw
# Live log stream
sudo journalctl -u openclaw -f --no-pager
# Last 100 log lines
sudo journalctl -u openclaw -n 100
# Check memory & CPU usage
htop # or: top -p $(pgrep -f openclaw)
# Check if port is listening
ss -tlnp | grep node
# Restart the service
sudo systemctl restart openclaw
# View uptime statistics
sudo systemctl show openclaw --property=ActiveEnterTimestamp
Production Performance Benchmarks
Why Network Quality Matters More Than VPS Specs
In production, OpenClaw's bottleneck is almost never CPU or RAM — it's API latency and bandwidth. A $6/month Hetzner VPS with VPN07's 1000Mbps dedicated routing outperforms a $100/month dedicated server with poor network routing. VPN07 optimizes the critical path: your VPS → API provider endpoints across 70+ countries, with zero throttling and consistent sub-50ms latency.
Common VPS Deployment Issues & Fixes
Service starts then immediately crashes
Cause: Missing .env variables or incorrect file permissions
Fix: Check logs with sudo journalctl -u openclaw -n 50. Verify .env exists and is readable by the openclaw user: sudo -u openclaw cat /opt/openclaw/agent/.env
API connection timeouts on VPS
Cause: VPS provider's network egress throttling or routing issues to AI endpoints
Fix: Install VPN07 on the VPS server itself. Many Hetzner and OVH datacenter IPs are geo-restricted by some AI providers — VPN07 routes around these restrictions with 1000Mbps dedicated channels.
Memory leak — Node.js using 1GB+ RAM after 24h
Cause: OpenClaw conversation memory accumulating without cleanup
Fix: Add a daily cron restart: 0 3 * * * systemctl restart openclaw. Also set MEMORY_MAX_TOKENS=50000 in .env to cap memory usage.
Telegram bot not receiving messages
Cause: VPS IP blocked by Telegram or webhook not configured
Fix: Use polling mode instead of webhook: set TELEGRAM_MODE=polling in .env. VPN07 resolves Telegram blocking issues for VPS IPs in regions where Telegram is geo-restricted.
What Real OpenClaw Users Do with a 24/7 VPS Agent
A headless Ubuntu VPS running OpenClaw around the clock unlocks automation possibilities that simply aren't feasible on a personal laptop. Here are the most popular use cases among experienced OpenClaw users in 2026:
Zero-Inbox Email Management
OpenClaw on a VPS monitors your Gmail inbox 24/7 via webhook integration. It categorizes incoming emails, drafts responses for your review, unsubscribes from mailing lists, archives newsletters to Notion, and flags urgent items via Telegram. Many users report achieving true zero-inbox for the first time — OpenClaw handles the sorting autonomously.
Continuous Integration Assistant
Configure OpenClaw to receive GitHub webhooks whenever a PR is opened, a test fails, or a deployment is triggered. It analyzes the code diff, writes a summary, suggests improvements, and notifies your team via Slack — all without human intervention. For teams using Claude Code, OpenClaw acts as an always-on code review assistant that never sleeps.
Automated Research & Morning Briefings
Schedule OpenClaw to run daily at 6am with a cron heartbeat: collect news from specified RSS feeds, check Hacker News, scan your stock watchlist, and compile a personalized morning briefing delivered to your Telegram. Your agent reads everything so you only read what matters — summarized, prioritized, and delivered before you wake up.
E-Commerce Price Monitoring
OpenClaw checks product prices on Amazon, Best Buy, and Walmart every 4 hours. When a product drops below your target price, it sends an alert via WhatsApp with the direct purchase link. The VPS never sleeps — your agent is always watching prices while you're at work, sleeping, or traveling. It's like having a dedicated deal-hunting employee for $1.5/month in infrastructure.
What the OpenClaw Community Says
"My OpenClaw on a Hetzner CX22 has been running for 47 days straight with zero downtime. It handles my Gmail, summarizes Slack channels, and monitors my GitHub repos. The systemd setup in this guide worked perfectly on the first try."
— Backend developer, Munich
"I was skeptical about OpenClaw needing a VPN, but after connecting VPN07, my API timeout rate dropped from 8% to basically 0%. My VPS is in Frankfurt and the Anthropic API endpoint is in the US — VPN07's routing made all the difference."
— Freelance consultant, Germany
Advanced Production Configuration Tips
Redis for Distributed Memory (Optional)
For enterprise deployments with multiple OpenClaw instances sharing context, add Redis:
sudo apt install -y redis-server
sudo systemctl enable redis-server
# In OpenClaw .env
MEMORY_BACKEND=redis
REDIS_URL=redis://localhost:6379
Fail2ban for API Abuse Protection
If you expose a webhook endpoint, protect it from brute force:
sudo apt install -y fail2ban
# Create OpenClaw jail configuration
sudo nano /etc/fail2ban/jail.d/openclaw.conf
[openclaw-webhook]
enabled = true
port = 443
filter = openclaw
logpath = /var/log/nginx/access.log
maxretry = 10
findtime = 300
bantime = 3600
Uptime Monitoring with Healthchecks.io
Get notified immediately if your OpenClaw service goes down. Add a ping to your systemd service:
# In /etc/systemd/system/openclaw.service [Service] section:
ExecStartPost=/usr/bin/curl -fsS --retry 3 https://hc-ping.com/YOUR-UUID
# For periodic heartbeats every 5 minutes via cron:
*/5 * * * * curl -fsS https://hc-ping.com/YOUR-UUID > /dev/null 2>&1
Automated Backups with rclone
Back up your OpenClaw data directory to cloud storage automatically:
sudo apt install -y rclone
rclone config # Set up your preferred cloud provider
# Daily backup cron job (runs at 2am)
0 2 * * * rclone sync /opt/openclaw/data remote:openclaw-backup/$(date +%Y-%m-%d) --log-file /var/log/openclaw-backup.log
rclone supports S3, Google Drive, Dropbox, OneDrive, and 40+ other providers. Your OpenClaw memories and conversation history are safely backed up off-server.
Estimated Monthly VPS Cost for Production OpenClaw
Hetzner CX22 (2 vCPU, 4GB RAM)
Best value for single OpenClaw instance
Oracle Always Free (4 CPU, 24GB RAM)
Free tier — perfect for multi-agent setups
VPN07 (1000Mbps, 70+ countries)
Network optimization for AI API routing
Total monthly cost for a professional production OpenClaw deployment: as low as $5.29/month with Hetzner + VPN07. The OpenClaw software itself is free and open-source. You only pay for the VPS and AI API usage.
VPN07: The Production Choice for OpenClaw
Trusted by Developers Running 24/7 AI Agents
For production Ubuntu Server deployments, network quality is everything. VPN07's 1000Mbps dedicated bandwidth ensures your OpenClaw agent never experiences API timeouts or throttling — whether your VPS is in Frankfurt, Singapore, or New York. With servers in 70+ countries, 10 years of proven uptime, and a 30-day money-back guarantee, VPN07 is the professional choice for serious AI agent operators at just $1.5/month.
Related Articles
OpenClaw VPS Install: DigitalOcean, AWS, Hetzner
Platform-specific setup guides for the most popular cloud providers — including free tier options.
Read More →OpenClaw Docker Deployment Guide 2026
Run OpenClaw in a Docker container for easy updates, isolation, and multi-agent deployments.
Read More →