This site contains affiliate links. If you purchase through them I may earn a commission at no extra cost to you. Full disclosure.

How to Deploy OpenClaw on Hostinger VPS — A Complete Tutorial

The short answer: Yes, you can absolutely run OpenClaw on a Hostinger VPS. It's a solid choice: clean Ubuntu images, good network, and affordable NVMe storage. The full deployment takes about 30 minutes if you follow this guide exactly. I'll show you the exact commands, configuration files, and pitfalls to avoid.

"Deploying OpenClaw on a VPS is the sweet spot between full self-hosting and cloud convenience. You own the infrastructure but keep the automation. Just don't skip the firewall."

Why run OpenClaw on a VPS?

OpenClaw is designed to run on a server you control. A VPS gives you:

• Full control: No rate limits, no data residency surprises, no third-party access.
• Consistent performance: Dedicated CPU and RAM, not shared with noisy neighbors.
• Always-on availability: Your agents keep running even when your laptop is closed.
• Cost efficiency: For $5–20/month you get more reliable uptime than many cloud free tiers.

Hostinger's KVM plans are particularly good for this: they use KVM virtualization (so you get real isolation), NVMe storage, and include a dedicated IPv4 address.

Prerequisites

Before you start, have these ready:

• A Hostinger VPS with Ubuntu 22.04 LTS or 24.04 LTS. Avoid Alpine — some Node modules expect glibc.
• SSH access set up (key-based recommended).
• A domain name (optional but highly recommended for SSL).
• Basic comfort with the command line — you'll be running sudo and editing config files.

Step 1: Initial VPS setup

Once your VPS is provisioned, log in as root via SSH:

ssh root@your-vps-ip

First, update everything:

apt update && apt upgrade -y

Set a strong root password (if you haven't already):

passwd

Create a non-root user

Replace openclaw with your preferred username:

adduser openclaw
usermod -aG sudo openclaw

Switch to that user for the rest of the installation:

su - openclaw

Step 2: Lock down SSH (critical)

Before we go further, secure SSH. Edit the config:

sudo nano /etc/ssh/sshd_config

Make sure these lines are present (adjust as needed):

Port 2222                  # Change from 22 to something else
PermitRootLogin no
PasswordAuthentication no  # Only if you use SSH keys
AllowUsers openclaw

Restart SSH:

sudo systemctl restart ssh

Test the new port in a separate terminal before closing your current session:

ssh -p 2222 openclaw@your-vps-ip

Step 3: Install the firewall and fail2ban

sudo apt install -y ufw fail2ban

Allow SSH on your custom port (replace 2222):

sudo ufw allow 2222
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw --force enable

Check status:

sudo ufw status

fail2ban runs by default. Check its status later if you suspect SSH brute force attempts:

sudo fail2ban-client status sshd

Step 4: Install Node.js and pm2

OpenClaw needs Node.js LTS. Use NodeSource for an up-to-date version:

curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs

Verify installation:

node --version  # should be v20.x
npm --version

Install pm2 globally for process management:

sudo npm install -g pm2

Save pm2 process list so it resurrects on reboot:

pm2 start systemd
pm2 save

Step 5: Create systemd service for pm2 itself

This ensures pm2 starts on boot and resurrects your processes:

sudo env PATH=$PATH:/usr/bin pm2 startup systemd -u openclaw --hp /home/openclaw

Step 6: Install OpenClaw

As the openclaw user, clone the repository:

cd ~
git clone https://github.com/openclaw/openclaw.git
cd openclaw
npm ci --only=production

Run the initial setup (this creates .openclaw/config.json):

npm run setup

Follow the prompts. At minimum, set:

• NODE_ENV=production
• Your gateway token (if you run in gateway mode)
• Port (default 3000)

Step 7: Start OpenClaw with pm2

pm2 start npm --name "openclaw" -- start
pm2 save

Check it's running:

pm2 status
pm2 logs openclaw

Test the web UI locally:

curl http://localhost:3000

Step 8: Set up reverse proxy with Caddy (recommended)

Caddy automatically gets SSL certificates from Let's Encrypt. Install it:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main" | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install -y caddy

Create a Caddyfile pointing to your domain and OpenClaw's port:

sudo nano /etc/caddy/Caddyfile

Content (replace yourdomain.com):

yourdomain.com {
    reverse_proxy localhost:3000
    encode gzip
    file_server
}

Reload Caddy:

sudo systemctl reload caddy

Caddy will automatically obtain and renew SSL certificates.

Step 9: OpenClaw configuration checklist

Review your ~/.openclaw/config.json (or wherever you placed it). Important settings:

{
  "port": 3000,
  "host": "127.0.0.1",  // bind to localhost only
  "gatewayToken": "your-gateway-token-if-using-gateway",
  "logLevel": "info",
  "maxConcurrentAgents": 4,
  "defaultModel": "nvidia/stepfun-ai/step-3.5-flash"
}

Mount points: If you use external storage or bind mounts, ensure the openclaw user has read/write permissions.

Step 10: Test the deployment

1. Visit https://yourdomain.com in your browser.
2. Check the OpenClaw dashboard loads without errors.
3. Trigger a simple agent task to verify external connections work.
4. Check logs: pm2 logs openclaw and sudo journalctl -u caddy -f

Common pitfalls and fixes

Port 3000 already in use

Another process is occupying the port. Find it:

sudo lsof -i :3000
sudo systemctl stop conflicting-service

OpenClaw crashes on startup

Check the logs. Common causes:

• Missing .openclaw directory — run npm run setup again.
• Insufficient permissions — ensure the openclaw user owns its home directory.
• Gateway token missing — get it from your OpenClaw Cloud account.

SSL certificate fails

Caddy needs port 80 and 443 open in the firewall, and your domain's DNS must point to the VPS IP. Verify:

dig yourdomain.com +short  # should resolve to VPS IP
sudo ufw status            # ports 80, 443 allowed
sudo systemctl status caddy

High RAM usage

OpenClaw can be memory-hungry with many agents. Tune:

• Reduce maxConcurrentAgents in config.
• Use pm2 to limit memory: pm2 start npm --name openclaw -- start --node-args="--max-old-space-size=512"
• Add swap if you're on a small plan: sudo fallocate -l 1G /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile

Maintenance tips

• Updates: Pull the latest OpenClaw release regularly: cd ~/openclaw && git pull && npm ci && pm2 restart openclaw
• Backups: Back up ~/.openclaw daily. This contains your agent definitions and secrets.
• Monitoring: Use pm2 monit for a quick view, or set up basic Prometheus node exporter for long-term metrics.
• Log rotation: pm2 handles its own logs; configure logrotate for ~/.pm2/logs if needed.

Backup your OpenClaw deployment

Backups are essential. At minimum, back up:

• ~/.openclaw/ — contains your agent definitions, credentials, and configuration.
• Your VPS database if you use any (MySQL/Postgres).
• Any persistent volumes for your applications (usually under /var/lib or your custom paths).

Here's a simple daily backup script that compresses your OpenClaw config and uploads to Backblaze B2 or any S3-compatible storage using rclone:

#!/bin/bash
set -euo pipefail
BACKUP_DIR="/root/backups"
OPENCLAW_HOME="/home/openclaw/.openclaw"
DATE=$(date +%Y-%m-%d)
mkdir -p "$BACKUP_DIR"
tar -czf "$BACKUP_DIR/openclaw-config-$DATE.tar.gz" -C "$OPENCLAW_HOME" .
# Optional: upload with rclone
# rclone copy "$BACKUP_DIR/openclaw-config-$DATE.tar.gz" remote:bucket/backups/
# Optional: delete local backups older than 7 days
find "$BACKUP_DIR" -type f -name "openclaw-config-*.tar.gz" -mtime +7 -delete

Store this script as /usr/local/bin/backup-openclaw.sh, make it executable (chmod +x), and add a cron job:

0 2 * * * /usr/local/bin/backup-openclaw.sh

That runs daily at 2 AM. Adjust as needed.

Security hardening (beyond the basics)

• Install and configure fail2ban for SSH and OpenClaw's web port.
• Use iptables to rate-limit connections to port 3000 from non-localhost if your reverse proxy is on a different server.
• Keep the system updated: sudo apt update && sudo apt upgrade -y run weekly.
• Consider adding a non-standard port for OpenClaw locally (though Caddy hides it behind 443).

Related reads

• OpenClaw systemd Service Template — if you want a strict systemd unit instead of pm2
• OpenClaw VPS Hardening Checklist — advanced security steps
• First VPS Setup Checklist — general VPS baseline
• Storage Planning for Small VPS — sizing and filesystem tips

Frequently asked questions

What VPS plan do I need for OpenClaw on Hostinger?

Start with the KVM 2 plan (2 vCPU, 8 GB RAM, 200 GB NVMe). That gives you enough headroom for OpenClaw plus a reverse proxy and basic monitoring. If you plan to run multiple agents or heavy workloads, consider KVM 4.

Should I use Docker or systemd for OpenClaw on Hostinger VPS?

Use systemd for a single OpenClaw instance — it's simpler, lighter, and easier to debug on a VPS. Docker is only worth it if you already run other containers or need strict isolation.

How much RAM does OpenClaw actually use on a VPS?

A basic OpenClaw instance with a few agents uses 200–400 MB RAM. Add 100–200 MB per additional active agent. Leave at least 1 GB free for the OS and burst workloads.

Do I need a domain name to use OpenClaw on Hostinger?

You can access OpenClaw via the VPS IP:port, but for production use you should attach a domain and get SSL. OpenClaw's web UI expects HTTPS, and many integrations require a domain.

What's the biggest mistake people make when deploying OpenClaw on a VPS?

Skipping the firewall and fail2ban setup. An exposed VPS with SSH on port 22 gets hit by thousands of brute force attempts within hours. Always change SSH to a non-standard port, disable root login, and install fail2ban.

Can I run OpenClaw alongside other services on the same Hostinger VPS?

Yes, but keep resource isolation clear. Use pm2 to limit OpenClaw's memory, run your other services under separate users, and monitor overall RAM/CPU. For many services, Docker Compose is cleaner than systemd.