How to Run OpenClaw on a $5/Month VPS (Complete Setup Guide)

“`html

Affiliate Disclosure: As an Amazon Associate, we earn from qualifying purchases. This means we may earn a small commission when you click our links and make a purchase on Amazon. This comes at no extra cost to you and helps support our site.

How to Run OpenClaw on a $5/Month VPS: Complete Setup Guide

I’ve been running OpenClaw instances on budget VPS providers for months now, and I’ve learned exactly what works and what doesn’t. In this guide, I’m sharing the exact steps I use to get OpenClaw running reliably on a $5/month Hetzner or DigitalOcean droplet, including how to expose your gateway, connect Telegram, and fix the common errors that trip up most people.

Why Run OpenClaw on a VPS?

Running OpenClaw on your local machine is fine for testing, but you’ll hit limits immediately. A cheap VPS gives you persistent uptime, real bandwidth, and the ability to run your bot 24/7 without touching your home connection. I’ve found that the minimal specs ($5/month) are genuinely sufficient for OpenClaw—it’s lightweight enough that you won’t need more unless you’re scaling to multiple concurrent instances.

Choosing Your VPS Provider

Both Hetzner and DigitalOcean have reliable $5/month offerings:

• Hetzner Cloud: 1GB RAM, 1 vCPU, 25GB SSD. Slightly better value, multiple datacenters.
• DigitalOcean: 512MB RAM, 1 vCPU, 20GB SSD. Good uptime, excellent documentation.

I prefer Hetzner for the extra RAM, but either works. For this guide, I’m using Ubuntu 22.04 LTS—it’s stable, widely supported, and plays nicely with Node.js.

Step 1: Initial VPS Setup

Once you’ve spun up your droplet, SSH in immediately and harden the basics:

ssh root@your_vps_ip
apt update && apt upgrade -y
apt install -y curl wget git build-essential

Set up a non-root user (highly recommended):

adduser openclaw
usermod -aG sudo openclaw
su - openclaw

From here on, work as the openclaw user. This protects your system if something goes wrong with the OpenClaw process.

Step 2: Install Node.js

OpenClaw requires Node.js 16 or higher. I use NodeSource’s repository for stable, up-to-date builds:

curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs
node --version
npm --version

You should see Node.js 18.x and npm 9.x or higher. Verify npm works correctly:

npm config get registry

This should output https://registry.npmjs.org/. If it doesn’t, your npm is misconfigured.

Step 3: Clone and Install OpenClaw

Create a directory for your OpenClaw instance and clone the repository:

mkdir -p ~/openclaw && cd ~/openclaw
git clone https://github.com/openclawresource/openclaw.git .

Install dependencies. This is where most people encounter their first errors—be patient:

npm install

If you hit permission errors on the npm cache, try:

npm cache clean --force
npm install

Verify the installation completed by checking for the node_modules directory:

ls -la node_modules | head -20

You should see dozens of packages. If node_modules is empty or missing, npm install didn’t complete successfully.

Step 4: Configure OpenClaw Environment

OpenClaw needs configuration before it runs. Create a .env file in your openclaw directory:

cd ~/openclaw
nano .env

Here’s a minimal working configuration:

NODE_ENV=production
OPENCLAW_PORT=3000
OPENCLAW_HOST=0.0.0.0
OPENCLAW_BIND_ADDRESS=0.0.0.0:3000

# Gateway settings (we'll expose this externally)
GATEWAY_HOST=0.0.0.0
GATEWAY_PORT=8080

# Telegram Bot (add after creating bot)
TELEGRAM_BOT_TOKEN=your_token_here
TELEGRAM_WEBHOOK_URL=https://your_domain_or_ip:8080/telegram

# Security
BOOTSTRAP_TOKEN=generate_a_strong_random_token_here
JWT_SECRET=another_random_token_here

Generate secure tokens using OpenSSL:

openssl rand -base64 32

Run this twice and paste the output into BOOTSTRAP_TOKEN and JWT_SECRET respectively. Save the .env file (Ctrl+X, Y, Enter in nano).

Critical: Fixing gateway.bind Errors

The most common error at this stage is gateway.bind: error EACCES or similar. This happens because ports below 1024 require root privileges. Never run OpenClaw as root. Instead, use higher ports in your .env and proxy traffic through Nginx (covered in Step 6).

Verify your .env is correctly formatted:

grep "GATEWAY_PORT\|OPENCLAW_PORT" ~/.env

Both should be 8080 or higher for non-root operation.

Step 5: Test OpenClaw Locally

Before exposing anything to the internet, test that OpenClaw starts:

cd ~/openclaw
npm start

Watch the logs carefully. You should see something like:

[2024-01-15T10:23:45.123Z] info: OpenClaw Gateway listening on 0.0.0.0:8080
[2024-01-15T10:23:46.456Z] info: Bootstrap token initialized

If you see bootstrap token expired immediately, your BOOTSTRAP_TOKEN is malformed or your system clock is wrong. Check:

date -u

The output should be reasonable (current date/time). If it’s decades off, your VPS has clock drift. Stop OpenClaw (Ctrl+C) and fix it:

sudo timedatectl set-ntp on

Then restart OpenClaw. In 99% of cases, this solves the bootstrap token expired error.

Once OpenClaw is running, verify it’s actually listening:

curl http://localhost:8080/health

You should get a 200 response (or a JSON response). If you get connection refused, OpenClaw didn’t start properly. Check the logs for the actual error message.

Stop OpenClaw with Ctrl+C and move to the next step.

Step 6: Expose OpenClaw with Nginx Reverse Proxy

Your VPS needs an external domain or IP to work with Telegram and external tools. Install Nginx:

sudo apt install -y nginx

Create an Nginx config. If you have a domain, use that. If not, use your VPS IP (less ideal, but functional):

sudo nano /etc/nginx/sites-available/openclaw

Paste this configuration:

upstream openclaw_gateway {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    server_name your_domain_or_ip;

    location / {
        proxy_pass http://openclaw_gateway;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

Enable the site and test Nginx:

sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

If Nginx test returns “successful,” you’re good. Now test externally:

curl http://your_vps_ip/health

You should get the same response as before. Congratulations—OpenClaw is now exposed on port 80.

Optional: HTTPS with Let’s Encrypt

For production, HTTPS is essential. If you have a real domain:

sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d your_domain.com

Certbot modifies your Nginx config automatically and handles renewal. If you’re using just an IP, HTTPS won’t work (browsers reject self-signed certs for IPs), but HTTP is sufficient for testing.

Step 7: Connect Your Telegram Bot

Create a Telegram bot via BotFather if you haven’t already (@BotFather on Telegram). You’ll get a token like 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11.

Update your .env with the token and webhook URL:

TELEGRAM_BOT_TOKEN=your_actual_token
TELEGRAM_WEBHOOK_URL=http://your_vps_ip/telegram

Start OpenClaw again in the background using a process manager. Install PM2:

npm install -g pm2
pm2 start npm --name openclaw -- start
pm2 startup
pm2 save

This ensures OpenClaw restarts if the VPS reboots or the process crashes.

Verify the Telegram integration by sending a test message to your bot on Telegram. Check logs with:

pm2 logs openclaw

You should see the message logged. If you see unauthorized errors, your TELEGRAM_BOT_TOKEN is wrong or malformed. Double-check it against BotFather’s output.

Troubleshooting Common Errors

gateway.bind: error EACCES

Ports below 1024 need root. Use ports 1024+ in .env and proxy through Nginx (as shown in Step 6).

bootstrap token expired

Fix your system clock:

sudo timedatectl set-ntp on
date -u

unauthorized (Telegram or other auth)

Verify your tokens in .env are exactly correct with no trailing spaces:

cat ~/.env | grep TOKEN

Compare character-by-character with your original token from BotFather.

npm install fails with permission errors

npm cache clean --force
sudo chown -R openclaw:openclaw ~/openclaw
npm install

Monitoring and Maintenance

Once running, keep an eye on your VPS health:

free -h  # Check RAM usage
df -h    # Check disk space
pm2 status  # Check if OpenClaw is running
pm2 logs openclaw --lines 50  # View recent logs

I recommend setting up log rotation so your logs don’t consume all disk space:

pm2 install pm2-logrotate

Next Steps

With OpenClaw running on your VPS, explore the additional configuration options available on openclawresource.com. The platform supports webhooks, custom handlers, and integration with dozens of services. Start simple—get the basics working first—then expand from there.

Questions? Double-check your .env, verify your tokens, and check system logs. Most issues resolve once you understand where to look.

Frequently Asked Questions