Deploy OpenClaw to Production: The Complete Beginner's Guide

Prerequisites — What You Need Before Starting

Before touching a server, make sure you have these ready. Missing one of these is the #1 reason deployments stall.

• An LLM API key — OpenClaw needs a key from OpenAI, Anthropic, or another supported provider. We recommend starting with Anthropic Claude for best agent performance.
• A domain name — any domain you control. You'll point it at your server for HTTPS access. Cost: ~$10-15/year.
• Basic terminal knowledge — you should be comfortable with SSH, running commands, and editing files. If 'ssh' and 'nano' are unfamiliar, start with our beginner's guide to AI agents first.
• A VPS budget of $20-50/month — plus LLM API costs. See our full cost breakdown for realistic numbers.
• 60-90 minutes of uninterrupted time — first-time setup takes longer than you expect. Don't start this at midnight before a deadline.

Step 1: Provision and Secure Your VPS

Grab a VPS from Hetzner, DigitalOcean, or AWS Lightsail. Ubuntu 22.04 LTS is the safest bet — it's what OpenClaw's Docker images are tested against.

# SSH in as root first
ssh root@your-server-ip

# Create deploy user with sudo access
adduser deploy
usermod -aG sudo deploy

# Copy SSH keys to new user
rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy

# Test login in a NEW terminal before continuing
ssh deploy@your-server-ip

# Disable password auth (use SSH keys only)
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd

# Set up firewall
sudo ufw allow 22/tcp    # SSH
sudo ufw allow 80/tcp    # HTTP
sudo ufw allow 443/tcp   # HTTPS
sudo ufw enable

Step 2: Install Docker and Docker Compose

Don't install Docker from Ubuntu's default repos — they're outdated. Use the official Docker repository:

# Add Docker's official GPG key and repository
sudo apt update
sudo apt install -y ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker Engine + Compose plugin
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Let your user run Docker without sudo
sudo usermod -aG docker deploy
newgrp docker

# Verify
docker --version
docker compose version

Step 3: Install OpenClaw

Clone the repo and get the base configuration in place. If you're new to OpenClaw, our what is OpenClaw explainer covers the architecture.

# Clone OpenClaw
cd /opt
sudo git clone https://github.com/OpenClaw-AI/openclaw.git
sudo chown -R deploy:deploy openclaw
cd openclaw

# Copy the example environment file
cp .env.example .env

# Pull the Docker images (this takes a few minutes)
docker compose pull

Step 4: Configure Environment Variables

This is where most beginners get stuck. Open the .env file and set these critical values:

# Open the config file
nano /opt/openclaw/.env

# === REQUIRED SETTINGS ===

# Your LLM API key (at least one is required)
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...

# Secret key for the web dashboard (generate a random one)
OPENCLAW_SECRET_KEY=$(openssl rand -hex 32)

# Screen capture settings
OPENCLAW_RESOLUTION=1920x1080
OPENCLAW_COLOR_DEPTH=24

# === RECOMMENDED SETTINGS ===

# Max concurrent agents (start low, scale up)
OPENCLAW_MAX_AGENTS=2

# API cost safety limit (dollars per day)
OPENCLAW_DAILY_COST_LIMIT=50

# Enable smart routing to reduce token costs
OPENCLAW_SMART_ROUTING=true

Smart routing can cut your API costs by 30-50%. Learn how it works in our smart routing deep dive. For a full breakdown of what agents cost to run, see the real cost of AI agent tokens.

Step 5: Set Up Domain and SSL

Never run OpenClaw over plain HTTP. Your API keys and agent sessions are transmitted in every request — without SSL, anyone on the network can intercept them.

Point your domain

Add an A record in your DNS provider pointing your domain (e.g., openclaw.yourdomain.com) to your server's IP address. Wait for DNS propagation (usually 5-15 minutes).

Install Nginx and Certbot

# Install Nginx and Certbot
sudo apt install -y nginx certbot python3-certbot-nginx

# Create Nginx config
sudo nano /etc/nginx/sites-available/openclaw

Paste this Nginx configuration:

server {
    server_name openclaw.yourdomain.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support (required for live agent view)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

# Enable the site and get SSL certificate
sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

# Get free SSL from Let's Encrypt
sudo certbot --nginx -d openclaw.yourdomain.com

# Auto-renew is set up automatically by Certbot

Step 6: Deploy Your First Agent

Everything is configured. Time to launch:

# Start the OpenClaw stack
cd /opt/openclaw
docker compose up -d

# Check that all containers are running
docker compose ps

# View logs (useful for troubleshooting)
docker compose logs -f

Open https://openclaw.yourdomain.com in your browser. You should see the OpenClaw dashboard. From here:

1. 1
   Log in with the secret key you generated earlier.
2. 2
   Create a new agent — start simple. A good first task: "Open a browser, go to news.ycombinator.com, and summarize the top 5 posts."
3. 3
   Watch it run in the live view. You'll see the agent's screen, actions, and reasoning in real-time.
4. 4
   Check the logs if anything goes wrong. Most first-run issues are API key misconfigurations.

For ideas on what to automate, see our top 10 OpenClaw automation ideas and what OpenClaw can actually do.

Common Pitfalls and Troubleshooting

We see the same issues come up again and again. Here's how to fix them:

For security-specific issues, review our AI agent security best practices and security audit checklist.

Performance Tuning Basics

Once your deployment is stable, these tweaks will make it faster and cheaper to run:

• Enable smart routing. Set OPENCLAW_SMART_ROUTING=true to automatically route simple tasks to cheaper models while keeping complex tasks on more capable ones. This alone can cut costs by 30-50%.
• Lower screen resolution for headless tasks. If the agent doesn't need to read fine text, drop to 1280x720. This reduces screenshot size and API token usage significantly.
• Use a swap file. Add 4-8GB of swap as a safety net. It's slower than RAM but prevents OOM kills during peak usage: 'sudo fallocate -l 8G /swapfile && sudo mkswap /swapfile && sudo swapon /swapfile'.
• Set up log rotation. OpenClaw generates verbose logs. Without rotation, they'll fill your disk within weeks. Add a logrotate config for /opt/openclaw/logs/.
• Schedule agent tasks during off-peak hours. LLM API latency is typically lower during off-peak hours (late night / early morning UTC). If your tasks aren't time-sensitive, schedule them accordingly.
• Monitor with docker stats. Run 'docker stats' to watch CPU and memory usage in real-time. If a container consistently uses 90%+ memory, it's time to upgrade.

For enterprise-scale deployments with multiple agents, see our enterprise deployment guide.

Frequently Asked Questions

Keep Reading