All posts
OpenClaw Guides

How to Install OpenClaw: A Complete 2026 Guide

Step-by-step OpenClaw installation guide covering Hetzner, DigitalOcean, security hardening, and common errors. Written for builders, not just developers.

Tin Zulic··12 min read

OpenClaw is open-source and free to download. Getting it actually running — securely, reliably, with your tools connected — takes significantly more than the README suggests.

This guide covers what you actually need to know, including the security steps that most installation guides skip entirely.

What You Need First

Before you start, make sure you have:

  • Node.js 22.12.0 or newer — required (Node 24 recommended). Check with node --version
  • A VPS — Hetzner or DigitalOcean (instructions for both below)
  • An API key — Anthropic or OpenAI account with billing enabled
  • SSH access — you'll need a terminal (Mac: Terminal app; Windows: PuTTY or WSL)
  • A domain name (optional but recommended for production use)
  • 2–4 hours — don't start this if you have 45 minutes

If any of those items aren't clear, you may want to read what OpenClaw actually is before proceeding, or consider a managed option.

Option A: Install on Hetzner (Recommended)

Hetzner is the best price-to-performance VPS for OpenClaw. EU-based, GDPR-compliant, fast.

1. Create a Hetzner account and server

Sign up at hetzner.com. Create a new project. Add a server:

  • Location: Choose your region (Nuremberg/Helsinki for EU, Ashburn for US)
  • Image: Ubuntu 22.04 LTS
  • Type: CX22 (2 vCPU, 4GB RAM) — minimum for reliable operation. CX33 recommended if running multiple channels
  • SSH Key: Add your public key (required — password auth is disabled by default)

Note your server's IP address.

2. Initial server setup

SSH into your new server:

ssh root@YOUR_SERVER_IP

Run updates and create a non-root user:

apt update && apt upgrade -y
adduser openclaw
usermod -aG sudo openclaw

Switch to your new user for the rest of setup:

su - openclaw

3. Install OpenClaw

Follow the official OpenClaw installation documentation for the current version. The general steps involve cloning the repository, installing dependencies, and configuring environment variables.

4. Configure your environment

Create your .env file with your API keys and configuration. The minimum required fields are your AI provider API key, your server's domain or IP, and your messaging channel tokens.

Option B: DigitalOcean

DigitalOcean is 20–30% more expensive than Hetzner for equivalent specs but has a friendlier interface for beginners.

Create a Droplet:

  • Distribution: Ubuntu 22.04
  • Plan: Basic, Regular (2 vCPU / 2GB RAM minimum, 4GB recommended)
  • Datacenter: Choose based on your location
  • Authentication: SSH Keys (do not use password auth)

The installation steps are identical to Hetzner after this point.

First Agent Configuration

After installation, you need to configure:

1. Your AI model — Set your preferred model in the config. Start with a mid-tier model. Expensive models are wasteful for routine tasks.

2. Your messaging channel — Telegram is the most reliable for getting started. You'll need to create a bot via BotFather and add the token to your config.

3. Your first skills — Install conservatively. Start with 2–3 core skills (email, calendar) and test each one before adding more. Many skills on ClawHub conflict with each other.

4. Your workspace — Configure your agent's workspace directory and any file access permissions it needs.

Security (Must-Do Before Going Live)

This is the section most installation guides skim. Don't skip it.

SecurityScorecard's STRIKE team found over 42,000 AI agent instances running on the public internet with default configurations — no authentication, no firewall, no encryption. A default OpenClaw installation is publicly reachable.

The minimum security configuration:

Firewall: Enable UFW, deny all incoming traffic by default, allow only SSH (22) and your agent's port.

ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow YOUR_AGENT_PORT
ufw enable

Bind to localhost: Configure your agent to bind to 127.0.0.1 instead of 0.0.0.0. This means it's only reachable through a reverse proxy, not directly from the internet.

Reverse proxy: Set up Nginx or Caddy as a reverse proxy with TLS termination. Caddy handles TLS certificates automatically.

Authentication: Enable token-based authentication. Every request to your agent should require a valid token.

Disable root SSH: After setup, disable root login in /etc/ssh/sshd_config.

Skipping any of these makes your agent — and everything it has access to — publicly reachable.

Common Errors and Fixes

"Connection refused" on startup: Usually means the agent is binding to localhost but you're trying to reach it directly. Check your reverse proxy configuration.

Skills not loading: Check for version conflicts. Some older skills aren't compatible with recent OpenClaw versions. Check the skill's last-updated date on ClawHub.

API errors: Verify your API key has billing enabled and hasn't hit rate limits. Check the model name exactly — even small typos fail silently.

Telegram bot not responding: Verify your bot token, check that your server can reach api.telegram.org outbound (some VPS providers block this by default).

High API costs on first run: You likely haven't configured model routing. Without it, every request uses the most expensive model. Configure routing to send simple tasks to affordable models.

Maintenance

OpenClaw requires ongoing attention:

  • Framework updates: Check for updates monthly. Test on a staging environment before applying to production.
  • Skill updates: Individual skills update independently of the core framework. Watch for deprecation notices.
  • Server monitoring: Set up basic monitoring (uptime checks, memory/CPU alerts). An unmonitored server running an AI agent is a security risk.
  • Log review: Review agent logs periodically. Unexpected behavior shows up in logs before it shows up in your workflow.

Plan for 2–4 hours of maintenance per month.

The Volos Alternative

If you've read this guide and the setup sounds like more than you want to manage, that's a reasonable conclusion.

Volos handles everything in this guide — server provisioning, security hardening, skill selection, channel configuration, ongoing maintenance — through a conversation. You describe what you need. The setup happens. The maintenance continues.

See how Volos compares to self-hosting →

Related posts

OpenClaw Guides

OpenClaw Slack and Google Calendar Integration: Step-by-Step

How to connect OpenClaw to Slack and Google Calendar. Covers Slack bot setup, app tokens, Gmail Pub/Sub triggers, and common configuration errors.

10 May 2026 · 10 min read
OpenClaw Guides

OpenClaw Agent Skills Explained: What They Do, Which to Install First

OpenClaw has 500+ skills on ClawHub. Here's what skills actually do, which ones are worth installing, and what to watch out for before you start adding them.

5 April 2026 · 7 min read
OpenClaw Guides

Why Your OpenClaw Telegram Setup Keeps Breaking (And How to Fix It)

The 5 most common OpenClaw Telegram failures: pairing codes, BotFather tokens, silent crashes, and no monitoring. Diagnose and fix each one.

22 March 2026 · 9 min read

Want the agent without the setup?

Volos handles everything. €99 setup + €49/month.

Join the waitlist