Beginner-Friendly Setup

OpenClaw VPS Setup Guide

This guide is written for someone who is not technical. Follow each step in order, copy the commands exactly, and leave windows open when instructed.

Part 1 — Set up Hostinger

1

Purchase the VPS

Sign up to Hostinger and purchase a KVM2 VPS. KVM means Kernel Virtual Machine. This is the small Linux server that will run OpenClaw.

2

Open the VPS page

In your browser, go to:

Hostinger VPS pagetext
https://hpanel.hostinger.com/vps

Select Manage on your VPS. This should take you to the overview page for that VPS.

3

Open the SSH keys page

Look at the URL in your browser. Replace the word /overview with this:

Replace the end of the URL withtext
/settings/ssh-keys

Then press Enter. Once the SSH keys page opens, select the + SSH key button.

4

Open a terminal on your computer

If you are on Windows, open PowerShell. If you are on Mac, open Terminal.

Windows PowerShell

Run this command first:

Generate SSH keypowershell
ssh-keygen -t ed25519

Press Enter until the prompts are done — the default values are fine.

Then run this command to print the public key:

Show your public keypowershell
type $env:USERPROFILE\.ssh\id_ed25519.pub

Mac / Linux

Run this command first:

Generate SSH keybash
ssh-keygen -t ed25519

Then run this command to print the public key:

Show your public keybash
cat ~/.ssh/id_ed25519.pub
5

Copy the SSH key into Hostinger

Copy the output from the terminal. It should start with something like ssh-ed25519.

Go back to your browser and paste it into the SSH key content field. Then hit Save.

6

Connect to the VPS

Navigate back to:

Hostinger VPS pagetext
https://hpanel.hostinger.com/vps

Copy the IP address for your VPS. Note this down somewhere — you will need it every time you use OpenClaw.

Go back to your terminal and run:

Connect to your VPSbash
ssh root@IP_ADDRESS

Replace IP_ADDRESS with the IP address you copied.

Follow the prompts. You should now be logged into your VPS.

Optional prerequisite — Telegram

Skip this section if you do not want to use Telegram.

  1. Install Telegram.
  2. Open a chat and search for BotFather.
  3. Select the BotFather chat and hit Start.
  4. Type:
BotFather commandtext
/newbot
  1. Name your bot.
  2. Give it a username that ends in _bot.
  3. Save this Telegram page/token for later.

Part 2 — Create a secondary user

Instead of running everything as root, we create a regular user called pleb and give it access to Docker. This is safer and keeps things organised.

1

Create the user

While logged into the VPS as root, run:

Create userbash
adduser pleb

You will be prompted for a new password. The other fields (Full Name, Room Number, etc.) can be left blank by pressing Enter. At the final Y/N prompt, type Y and hit Enter.

2

Set up passwordless SSH login for the new user

Run these commands one at a time:

Copy SSH keys to plebbash
mkdir -p /home/pleb/.ssh
cp /root/.ssh/authorized_keys /home/pleb/.ssh/
chown -R pleb:pleb /home/pleb/.ssh
chmod 700 /home/pleb/.ssh
chmod 600 /home/pleb/.ssh/authorized_keys

This copies your existing SSH key so you can log in as pleb without a password.

3

Add Docker access

Add pleb to the Docker group:

Add to Docker groupbash
usermod -aG docker pleb
4

Switch to the new user

Switch userbash
su - pleb

You are now running commands as pleb. Keep this terminal open.

Part 3 — Set up OpenClaw

Generate a gateway token

Open a new browser tab and go to:

GUID Generatortext
https://www.guidgenerator.com

Select Generate some GUIDs! and copy the generated value. Save this value somewhere close by. You will need it in the next step, and possibly again later.

1

Create the app structure

Create foldersbash
mkdir -p /home/pleb/apps/openclaw/data
2

Create the Compose file

Open the editorbash
nano /home/pleb/apps/openclaw/docker-compose.yml
3

Paste the Docker Compose YAML

Paste the following inside the editor:

Docker Compose YAMLyaml
services:
  openclaw:
    image: ghcr.io/openclaw/openclaw:latest
    container_name: openclaw
    command: ["openclaw", "gateway", "--allow-unconfigured"]
    restart: unless-stopped
    environment:
      OPENCLAW_GATEWAY_TOKEN: "your_token_here"
      NODE_ENV: production
    volumes:
      - /home/pleb/apps/openclaw/data:/home/node/.openclaw
    ports:
      - "127.0.0.1:18789:18789"

Replace "your_token_here" with the GUID you copied from guidgenerator.com.

Then save and exit:

Save and exit nanotext
CTRL + O
ENTER
CTRL + X
4

Start the OpenClaw container

Start the containerbash
cd /home/pleb/apps/openclaw
docker compose up -d
modify the network settingsbash
docker exec openclaw sh -lc 'openclaw config set gateway.bind lan'
docker restart openclaw
5

Enter the container and configure

Enter OpenClaw containerbash
docker exec -it openclaw sh
openclaw config set gateway.bind lan
openclaw onboard
6

Follow the setup prompts

Use these choices when OpenClaw asks questions:

  1. Select Yes.
  2. Select QuickStart.
  3. Select Review and update.
  4. Select OpenAI. The original setup used a paid OpenAI account, but use whichever supported account you want.
  5. Select ChatGPT/Codex Device Pairing.

Open this URL in your browser:

OpenAI device pairingtext
https://auth.openai.com/codex/device

Log in, then paste in the code shown in the terminal.

  1. Select Keep current.
  2. Search for and select Telegram.
  3. Select Modify Settings.
  4. Paste the API key from your BotFather Telegram page.
  5. Also click the link at the top of the BotFather message to start a conversation with your new bot.
  6. Select DuckDuckGo Search.
  7. When asked Configure skills?, select No.
  8. When asked Enable Hooks?, skip for now. Usually this means pressing Space, then Enter.
  9. Select Hatch in Terminal.

Setting up your agent

Your OpenClaw agent is running, but it needs direction. Tell your agent who it is by pasting a starting prompt. Here is one to use as a starting point:

Agent system prompttext
You are ClawBot.

You are a capable personal assistant designed to help with technical, business, creative, and administrative tasks.

Core principles:

- Follow user instructions carefully.
- Ask clarifying questions when requirements are unclear.
- Do not make assumptions when important details are missing.
- Prefer practical solutions over theoretical ones.
- Explain your reasoning when it helps the user make decisions.
- Be concise by default and expand when asked.
- Admit uncertainty rather than guessing.
- Break complex tasks into manageable steps.
- Maintain awareness of previous context and decisions.
- Suggest improvements when they provide clear value, but do not override user preferences.

Your role is to act as a reliable second brain, helping organize information, solve problems, research topics, create plans, and execute tasks.

When given a goal:
1. Understand the objective.
2. Identify constraints.
3. Propose a solution.
4. Execute the requested work.
5. Verify the result where possible.

You are an assistant, not an authority. The user's goals take priority.

You may use available tools, channels, and integrations to accomplish tasks, but always explain important actions before taking them.

Prefer reversible actions when possible.

Never modify critical systems without explicit user approval.

Optional — Finish Telegram setup

Go to the Telegram chat you started with your new bot.

Copy the first message it sends you about its configuration.

Paste that message back into the OpenClaw terminal and ask:

Ask the agenttext
Finish this setup

After this, Telegram should work as a private message directly to your new agent.

Part 4 — Adding Security to the VPS

Open a new terminal window for this part. Log in as root:

Log in as rootbash
ssh root@IP_ADDRESS
Use the IP Address from https://hpanel.hostinger.com/vps
1

Update the VPS

Run:

Update Ubuntu packagesbash
apt update && apt upgrade -y
2

Install security tools

Run:

Install firewall and protection toolsbash
apt install -y ufw fail2ban unattended-upgrades
3

Enable the firewall

Run these commands exactly:

Enable UFW firewallbash
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw enable
When prompted, press y and Enter to confirm.
4

Enable Fail2Ban

Run:

Enable Fail2Banbash
systemctl enable --now fail2ban
5

Enable automatic security updates

Run:

Enable unattended upgradesbash
dpkg-reconfigure unattended-upgrades

When prompted, select Yes.

6

Restart OpenClaw with the new settings

Open a new terminal and run:

Restart OpenClaw containerbash
ssh -t pleb@IP_ADDRESS "cd /home/pleb/apps/openclaw && docker restart openclaw"
Replace IP_ADDRESS with the IP from https://hpanel.hostinger.com/vps

This restarts OpenClaw with all the new settings applied.

Part 5 — Using OpenClaw

You're done! Open a new terminal window each time you want to use OpenClaw.

For all commands below, replace IP_ADDRESS with the IP Address from https://hpanel.hostinger.com/vps

Run in the terminal

Connects you to OpenClaw directly in the terminal.

Start OpenClaw (terminal)bash
ssh -t pleb@IP_ADDRESS "cd /home/pleb/apps/openclaw && docker exec -it openclaw sh -c 'openclaw || sh'"

Run in your browser

Opens the OpenClaw web interface on your own computer.

Start SSH tunnelbash
ssh -N -L 18789:127.0.0.1:18789 root@IP_ADDRESS

Then open http://127.0.0.1:18789/ in your browser.

At the login page, paste the Gateway Token you saved from guidgenerator.com and hit Connect.

If this fails to work, access the OpenClaw agent via the terminal, and ask it:

TUI FIXbash
I can't access my web interface, can you fix it?

This may require a restart of the OpenClaw service.

Search for "Restart OpenClaw" on this page for details.