OpenClaw VPS Guide

Ubuntu 24.04 VPS setup

OpenClaw VPS Guide

Set up a private sandbox in 15 minutes

First successful outcome: OpenClaw is installed under a dedicated Linux user, the gateway stays on loopback, and the dashboard opens privately through Tailscale Serve.

Tagged install command

View script first 
curl -fsSL https://raw.githubusercontent.com/LineZero-Studio/openclaw-diy/v0.1.2/install.sh | bash

The public command is pinned to v0.1.2. Do not run install docs from main for a beginner setup.

1 Fresh VPS Ubuntu 24.04
2 Installer OpenClaw user + daemon
3 Private dashboard Tailscale Serve

Before you start

Requirements

Fresh Ubuntu VPS

Use Ubuntu 24.04 on a new VPS with no unrelated data. The installer intentionally stops on other operating systems.

Tailscale account

You will complete browser login during live validation. The guide does not ask beginners for a Tailscale auth key.

Model choice

MiniMax is the recommended API-key path. Gemini API is the free-tier fallback. Skip-model mode is for smoke testing only.

VPS checklist

Linode/Akamai Default Path

  1. Create a new Linode using Ubuntu 24.04 LTS.
  2. Choose a 2 GB Shared CPU size unless you know you need more.
  3. Pick a region close to you or your expected users.
  4. Add SSH access, boot the VPS, and connect as the admin user.
  5. Run the tagged installer command from this page.

Cost checkpoints

Review Charges Before Creating Resources

VPS runtime

Cloud providers usually start charging while the VPS exists, even when OpenClaw is idle. Check the current plan page before you create it.

Backups and snapshots

Provider backups, snapshots, reserved IPs, and extra storage can add charges. Leave paid extras off unless you intentionally choose them.

Model API use

MiniMax or Gemini usage depends on the provider account, limits, and terms. Do not assume a free tier will stay unchanged.

Model setup

MiniMax, Gemini, Or Smoke Mode

Normal install

The installer prompts for a provider. Press Enter for MiniMax, or choose Gemini API as the fallback. Keys are stored in /home/openclaw/.openclaw/.env with mode 0600.

Gemini API free tiers have rate limits, terms may change, and you should review Google AI Studio data and privacy terms before relying on it.

No-model smoke mode

curl -fsSL https://raw.githubusercontent.com/LineZero-Studio/openclaw-diy/v0.1.2/install.sh | bash -s -- --skip-model

This mode runs onboarding with --auth-choice skip and prints Model check: skipped - no API key provided.

Private dashboard

Tailscale Serve Only

The v1 access path keeps the OpenClaw gateway bound to loopback on port 18789. The installer installs Tailscale, and Tailscale Serve exposes the dashboard over HTTPS inside your tailnet after browser login.

Do not open public OpenClaw ports. Do not use Tailscale Funnel for v1. Live validation will confirm the actual dashboard URL after Tailscale login.

After install, SSH into the VPS once, then run OpenClaw operational commands from that VPS shell as the dedicated openclaw user while loading the installer-managed .env. Running openclaw directly as root can use the wrong config and fail with gateway token missing.

ssh root@<your-vps-ip>

If the dashboard asks for auth, print the gateway token from that VPS shell, paste it into the Gateway Token field, and do not share it.

sudo -u openclaw -H bash -lc "sed -n 's/^OPENCLAW_GATEWAY_TOKEN=//p' /home/openclaw/.openclaw/.env"

If it then shows Device pairing required, approve only the request ID shown by your browser, then connect again.

sudo -u openclaw -H bash -lc 'set -a; source /home/openclaw/.openclaw/.env; set +a; openclaw devices approve <request-id>'
  1. Installer installs Tailscale and configures local gateway defaults.
  2. User completes tailscale up browser login during live validation.
  3. Tailscale Serve publishes the private dashboard URL.
  4. Gateway token copy command is shown only as a command, not printed into installer logs.
  5. Browser device pairing is approved with the request ID shown by the dashboard.
  6. Gateway status and dashboard access are checked before release.

Optional add-on

Telegram After Core Setup

Run Telegram setup only after the installer completes, the private dashboard opens through Tailscale Serve, and gateway health checks are clean. Telegram is not part of first-run success.

Create a bot token in Telegram with @BotFather and /newbot. The add-on stores the token in /home/openclaw/.openclaw/.env and configures the default Telegram account with DM pairing enabled and groups disabled for v1.

OpenClaw's Telegram docs describe BotFather setup, default DM pairing, and the TELEGRAM_BOT_TOKEN env fallback: docs.openclaw.ai/channels/telegram.

Run the add-on

curl -fsSL https://raw.githubusercontent.com/LineZero-Studio/openclaw-diy/v0.1.2/scripts/add-telegram.sh | bash

Do not paste the token into support requests, screenshots, or shared logs.

Telegram Checks

Status probe

After setup, run sudo -u openclaw -H bash -lc 'set -a; source /home/openclaw/.openclaw/.env; set +a; openclaw channels status --channel telegram --probe --json'.

First DM

If the bot does not reply, start a direct message to the bot and approve the first pairing request from OpenClaw before relying on it.

Common failures

Rerun after a successful core install, confirm the BotFather token is current, keep groups out of v1, and share only sanitized status output.

Recovery

Troubleshooting And Rebuild Rules

Logs

Installer logs are written under /var/log/openclaw-vps-guide/. Failure output prints the active log path.

Resume behavior

Marker-owned partial installs can be rerun. Unknown existing /home/openclaw/.openclaw state stops the installer instead of overwriting it.

Secret safety

Do not share .env, API keys, bot tokens, gateway tokens, or screenshots that show secrets. Share sanitized command output only.

Support boundary

Local Diagnostics Only

This guide does not upload diagnostics and does not provide managed hosting. Use local logs and sanitized OpenClaw command output when asking for best-effort setup help.

Never send /home/openclaw/.openclaw/.env, API keys, bot tokens, gateway tokens, or screenshots with visible secrets.

Help link: https://linezerostudio.com

Release gate

Pre-Release Validation Boundary

The implementation is not stable until a disposable Ubuntu 24.04 VPS passes live install, reboot persistence, Tailscale Serve, dashboard URL, and at least one real model health check.

Final brand and positioning copy remains marked for owner review.