Deploy OpenClaw on a VPS or Cloud Server (DigitalOcean, Oracle Free Tier, and More)
A VPS gives you an always-on OpenClaw instance with a static IP, no home hardware to maintain, and reliable webhook delivery. This guide covers six hosting options, including one that costs nothing.
Video: OpenClaw on AWS Lightsail (Full Walkthrough)
Why run OpenClaw on a VPS instead of locally?
Running OpenClaw on your laptop or desktop works fine for testing. When you want production-grade reliability, a VPS solves three problems at once.
Always-on availability. A VPS does not sleep, reboot for updates mid-task, or lose connectivity when you close your laptop. Your agents and automations keep running 24/7 without babysitting.
Static IP for webhooks. Services like Stripe, GitHub, and Twilio need a stable URL to send webhook payloads. A VPS gives you a fixed public IP (or hostname) so incoming events always reach your OpenClaw gateway. No more tunneling through ngrok or fighting with dynamic DNS.
No home hardware to maintain. You skip the electricity costs, fan noise, and thermal throttling that come with a dedicated local box. If something breaks, you spin up a new instance from a snapshot in minutes.
If you have not installed OpenClaw yet, start with the installation guide and come back here once you are comfortable with the basics.
Provider comparison
| Provider | Monthly cost | vCPU | RAM | Storage | One-click deploy | Notes |
|---|---|---|---|---|---|---|
| Oracle Free Tier | $0 | 4 ARM | 24 GB | 200 GB | No | Best free option, Ampere A1 |
| Hetzner | ~$4 | 2 | 4 GB | 40 GB | No | Cheapest paid, EU data centers |
| Hostinger | ~$5 | 2 | 4 GB | 50 GB | Yes | One-click OpenClaw template |
| AWS Lightsail | $5 | 1 | 1 GB | 40 GB | No | Tight on RAM for larger models |
| DigitalOcean | $6 | 1 | 1 GB | 25 GB | Yes | One-click OpenClaw droplet |
| OpenClaw Cloud | Varies | Managed | Managed | Managed | Yes | Zero setup, fully managed |
Minimum requirements for OpenClaw: 1 vCPU, 1 GB RAM, 10 GB disk. If you plan to run local models, aim for at least 4 GB RAM and an ARM or x86 instance with enough headroom for inference.
Option 1: Oracle Cloud Free Tier (best value, $0/month)
Oracle’s Always Free tier includes an ARM Ampere A1 instance with up to 4 OCPUs and 24 GB of RAM. That is more than enough to run OpenClaw and a local model side by side, and it costs nothing.
Step 1: Create an Oracle Cloud account
Sign up at cloud.oracle.com. You will need a credit card for verification, but the Always Free resources are never billed.
Step 2: Launch an Ampere A1 instance
- Go to Compute > Instances > Create Instance.
- Select Ampere (ARM-based) under Shape.
- Configure: 4 OCPUs, 24 GB RAM, 200 GB boot volume.
- Choose Ubuntu 22.04 Minimal (aarch64) as the image.
- Upload your SSH public key.
- Click Create.
Step 3: Open required ports
In the Oracle Cloud console, navigate to Networking > Virtual Cloud Networks > Security Lists and add an ingress rule for TCP port 3000 (the OpenClaw gateway default). Restrict the source CIDR to your IP or a narrow range. Do not open it to 0.0.0.0/0.
Step 4: Install OpenClaw
ssh ubuntu@<your-instance-ip>
curl -fsSL https://openclaw.ai/install.sh | bash
openclaw onboard
openclaw gateway install
openclaw gateway statusStep 5: Verify and harden
openclaw doctor
openclaw config set gateway.bind 0.0.0.0
openclaw config set gateway.auth.token $(openssl rand -hex 32)
sudo ufw allow 3000/tcp
sudo ufw enableReview the full security checklist before exposing your instance to the internet.
Option 2: DigitalOcean one-click droplet ($6/month)
DigitalOcean now offers a pre-built OpenClaw image in their Marketplace, which makes this the fastest path from zero to running.
Step 1: Create a droplet
- Log into DigitalOcean and go to Marketplace.
- Search for OpenClaw and select the one-click image.
- Pick the $6/month droplet (1 vCPU, 1 GB RAM, 25 GB SSD). Upgrade to the $12 tier if you want to run local models.
- Choose a data center region close to you.
- Add your SSH key and create the droplet.
Step 2: Connect and configure
ssh root@<droplet-ip>
openclaw onboard
openclaw gateway statusThe one-click image comes with OpenClaw pre-installed and the gateway enabled. You just need to run onboarding to set your API keys and preferences.
Step 3: Point a domain (optional)
# Add an A record pointing your domain to the droplet IP, then:
openclaw config set gateway.hostname yourdomain.com
sudo certbot --nginx -d yourdomain.comOption 3: Hostinger VPS ($5/month)
Hostinger recently added OpenClaw to their one-click VPS templates. The $5 tier gives you 2 vCPUs and 4 GB RAM, which is solid for running agents plus a small local model.
Step 1: Order and deploy
- Select VPS Hosting on Hostinger and choose the KVM 2 plan.
- Under Operating System, switch to the Application tab and select OpenClaw.
- Set a root password and complete the order.
Step 2: Connect and finish setup
ssh root@<server-ip>
openclaw onboard
openclaw doctorHostinger pre-configures the firewall to allow SSH and port 3000. Confirm this with sudo iptables -L and tighten rules as needed.
OpenClaw Cloud: the managed alternative
If you do not want to manage a server at all, OpenClaw Cloud is the official managed hosting option. You sign up, connect your API keys, and everything else is handled for you: updates, backups, SSL, uptime monitoring.
OpenClaw Cloud is the right choice if you value convenience over control. There is no SSH access and no ability to run arbitrary local models, but you get a zero-setup experience that stays current with every release.
Visit openclaw.ai/cloud for current pricing and to create an account.
Security considerations for cloud deployment
Running OpenClaw on a public server introduces risks that do not exist on a home network. Follow these steps on every deployment.
Set a strong gateway token. The gateway token is the single credential that protects your OpenClaw instance from unauthorized access. Generate one immediately after install.
openclaw config set gateway.auth.token $(openssl rand -hex 32)Use a firewall. Only open the ports you need. For most setups, that means SSH (22) and the gateway (3000). Block everything else.
sudo ufw default deny incoming
sudo ufw allow 22/tcp
sudo ufw allow 3000/tcp
sudo ufw enableEnable automatic security updates. On Ubuntu:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgradesPut the gateway behind a reverse proxy with TLS. Use Caddy or nginx with Let’s Encrypt so all traffic is encrypted in transit.
Disable password-based SSH. Use key-based authentication only. Edit /etc/ssh/sshd_config, set PasswordAuthentication no, and restart sshd.
Keep OpenClaw updated. Run openclaw update regularly, or set up a cron job. Critical patches like the one for CVE-2026-25253 are time-sensitive.
For the full 14-step hardening process, read the OpenClaw security checklist.
Which option should you pick?
Choose Oracle Free Tier if you want maximum resources for zero cost and do not mind a slightly longer setup process. The 24 GB of RAM is unmatched at this price point (free).
Choose DigitalOcean or Hostinger if you want a one-click deploy that works in under five minutes. Pay a few dollars a month and skip the manual configuration.
Choose Hetzner if you want the cheapest paid option with European data residency.
Choose OpenClaw Cloud if you do not want to think about servers, firewalls, or updates at all.
For local model recommendations to pair with your new server, see the best local models guide.
Want a hands-off deployment?
We can set up and harden your cloud OpenClaw instance for you. Email Book a Call to get started.
Get guides like this in your inbox every Wednesday.
No spam. Unsubscribe anytime.
You'll probably need this again.
Press Cmd+D (Mac) or Ctrl+D (Windows) to bookmark this page.
Need help with your OpenClaw setup?
We do remote setup, troubleshooting, and training worldwide.
Book a Call