Can a 2GB VPS run OpenClaw?

Yes for a basic gateway, but it gets cramped once you add more tools, concurrency, or browser automation. 2 vCPU / 4GB is a safer baseline for most setups.

Which ports do I need to open for OpenClaw?

For a typical secure setup: open 22 (SSH) and 80/443 (HTTP/HTTPS) and put OpenClaw behind an HTTPS reverse proxy. Avoid exposing the OpenClaw port directly to the internet unless you really understand the risk and add proper auth.

Do I need a GUI browser on a VPS?

Usually no. Most VPS setups run headless. If you need a headed browser for interactive logins, it is often easier to run that part on a separate desktop machine and keep the VPS as the always-on gateway.

How do I make OpenClaw restart after reboots?

Run the gateway as a systemd service (Restart=on-failure), and use journalctl to inspect logs. That gives you predictable restarts and post-reboot recovery.

Do I need a reverse proxy (Caddy/Nginx) in front of OpenClaw?

It is strongly recommended. Bind OpenClaw to 127.0.0.1 and expose only HTTPS (443) via Caddy/Nginx. You get TLS, cleaner routing, and fewer public ports.

Run OpenClaw on a Hostinger VPS (Step-by-Step)

Updated: 2026-03-22 • Category: VPS / OpenClaw

Direct answer: For an always-on OpenClaw gateway on a budget, start with a 2 vCPU / 4GB RAM VPS, lock down SSH, run the gateway under systemd, and expose it only through HTTPS (Caddy/Nginx) while keeping the OpenClaw port bound to 127.0.0.1.

View Hostinger VPS plans

Disclosure

What this guide covers

Picking a VPS plan that will not feel cramped
Getting a secure baseline (SSH, firewall, updates)
Installing OpenClaw and keeping it running (systemd)
Exposing OpenClaw safely (HTTPS reverse proxy)
Common gotchas (ports, restarts, logs)

Before you start (5-minute checklist)

You can SSH into the VPS as a sudo user
You know your public IP (so you can lock down SSH)
You have a domain ready (optional, but nicer)
You have 30 minutes without distractions

Recommended baseline VPS specs

OpenClaw is not heavy by itself, but you want headroom for tools, logs, and occasional browser automation.

Minimum: 1 vCPU / 2GB RAM (testing)
Comfortable: 2 vCPU / 4GB RAM (most people)
Roomy: 2–4 vCPU / 8GB RAM (more agents / more concurrency)

Step 1: create a user + lock down SSH

If you already harden servers daily, skip this section. If you do not, do it anyway. It is the cheapest security win you will ever buy.

# create a non-root user
sudo adduser claw
sudo usermod -aG sudo claw

# add your SSH public key
sudo -u claw mkdir -p /home/claw/.ssh
sudo -u claw chmod 700 /home/claw/.ssh
sudo -u claw nano /home/claw/.ssh/authorized_keys
sudo -u claw chmod 600 /home/claw/.ssh/authorized_keys

Then edit /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

Restart SSH:

sudo systemctl restart ssh
sudo systemctl status ssh --no-pager

Pitfall: do not close your current SSH session until you confirm you can log in in a fresh session with the new user + key.

(This article continues with firewall, OpenClaw install, systemd, and reverse proxy. The sidebar has the section links.)

Need the infrastructure first?

If you still have not picked a plan, go back to the VPS sizing guide. If you already have the server, use the hardening checklist before exposing anything publicly.

View Hostinger VPS plans Open the hardening checklist