How to Deploy OpenClaw on a VPS for 24/7 Uptime
For a production-style 24/7 OpenClaw VPS, the official docs recommend the security-first OpenClaw Ansible installer, which layers firewalling, Docker isolation, Tailscale access, and systemd boot persistence.
How to deploy OpenClaw on a VPS for 24/7 uptime
For a real always-on VPS, the current official production recommendation is openclaw-ansible, not a hand-built shell script. It is the shortest official path to a hardened deployment with firewalling, Docker isolation, Tailscale access, and systemd auto-start.
Who this is for
- You want OpenClaw running continuously on a remote Linux host.
- You want a production-style setup, not a local dev install.
- You want a safer deployment than binding the dashboard directly to the public internet.
What you need before you start
- A Linux VPS you control.
- SSH access and
sudoon that host. - A plan for secure remote access, such as Tailscale or SSH tunneling.
Step-by-step setup
Step 1: SSH into the VPS
| ssh your-user@your-vps |
Expected result: you have a shell on the Linux VPS where OpenClaw will run.
Step 2: Run the official Ansible installer
| curl -fsSL https://raw.githubusercontent.com/openclaw/openclaw-ansible/main/install.sh | bash |
The official Ansible page describes this as the recommended way to deploy OpenClaw to production servers.
Step 3: Finish the guided install
During the installer flow, keep the security-first defaults unless you have a specific reason to change them. The Ansible docs emphasize firewall-first access and Tailscale exposure instead of public dashboard exposure.
Step 4: Verify the gateway service on the VPS
| openclaw gateway status |
Expected result: the gateway service is running after the installer completes.
Step 5: Open the dashboard through a safe access path
Generate the dashboard link on the VPS:
| openclaw dashboard --no-open |
Then either use Tailscale Serve or an SSH tunnel. For a plain SSH tunnel:
| ssh -N -L 18789:127.0.0.1:18789 your-user@your-vps |
Open http://127.0.0.1:18789/ locally after the tunnel is up.
Verify it worked
openclaw gateway statusreports a healthy runtime on the VPS.- The dashboard loads through Tailscale or your SSH tunnel.
- The gateway survives a normal disconnect from your SSH session because it is running as a managed service.
Common problems and fixes
The service does not stay up after deploy
Use the official troubleshooting commands:
| openclaw gateway status |
| openclaw logs --follow |
| openclaw doctor |
| openclaw gateway status --deep |
The dashboard is reachable but not secure
Do not expose the Control UI directly to the public internet. The dashboard docs explicitly call it an admin surface and recommend localhost, Tailscale Serve, or an SSH tunnel.
The gateway port is already in use
Check the runtime and port conflict state with:
| openclaw gateway status |
| openclaw logs --follow |
FAQ
Why use the Ansible installer instead of the regular Linux install on a VPS?
Because the official deployment docs recommend openclaw-ansible for production servers and describe it as the source of truth for secure deployment.
Can I still manage OpenClaw with the normal CLI after deployment?
Yes. Once deployed, the same openclaw CLI commands such as gateway status, dashboard, doctor, and config helpers still apply on the host.
Should the dashboard ever be public?
No. The dashboard docs explicitly say it is an admin surface and should stay behind localhost, Tailscale, or an SSH tunnel.
Official sources
Related OpenClaw guides
Follow the next most relevant setup guide without leaving the cluster.
Use the official Docker setup script to run a containerized OpenClaw gateway, then verify the dashboard, token flow, and container health.
Install OpenClaw on Linux with the official installer, onboard it, verify the service, and open the local dashboard.
Finish the OpenClaw onboarding wizard, configure the gateway, open the dashboard, and approve first device access when needed.