Your agent works. It talks, remembers, delegates, integrates, and it’s containerized. One problem — it only runs when your laptop lid is open. Today we fix that permanently.
Best price-to-performance in Europe. Strong ARM options. Popular choice for OpenClaw deployments.
Developer-friendly UI. Predictable pricing. Good docs and community support.
Reliable, simple pricing. Global data centers. Solid for always-on workloads.
Claude Code SSHs into your VPS and sets up everything — deps, config, daemon, firewall. Takes ~15 minutes. No DevOps experience needed. You watch and approve each step.
The installer handles all dependencies. The onboard command walks you through config and installs the system service.
Use the pre-built images from Day 12. Same compose file, just deploy it on your VPS instead of locally.
Use the curl installer for new VPS deployments. It’s the most tested path and handles edge cases (Node version, system deps, permissions) that manual installs miss.
Installs a systemd service on Linux or a launchd agent on macOS. Handles the service file, enables auto-start, and starts the daemon immediately.
18789Restart=always)After this step, your agent is running 24/7. Close your laptop, disconnect SSH, reboot the VPS — it comes back up automatically. This is the “always on” in today’s title.
| Mode | Scope |
|---|---|
| loopback | Local-only (default, safest) |
| lan | All local network interfaces |
| tailnet | Tailscale network only |
| custom | Bind to a specific IP/interface |
Keep the gateway on loopback (never expose it to the internet). Install Tailscale on your VPS and your devices. Tailscale handles routing through an encrypted WireGuard tunnel — zero port forwarding, zero firewall holes.
If you need HTTPS access, put nginx or Caddy in front of the gateway. Caddy handles TLS certificates automatically. Gateway stays on loopback, proxy terminates HTTPS.
Always enable gateway.auth. An unauthenticated gateway is an open door to your agent.
The --deep flag probes the live gateway for misconfigurations. --fix auto-remediates what it can.
~/.openclaw/ at 700, openclaw.json at 600.openclaw doctor checks config, API keys, channel connections, memory index, and daemon health in one command.
Set gateway.channelHealthCheckMinutes in config to enable periodic health checks. The gateway will verify channel connections at the configured interval and log warnings on failure.
/tmp/openclaw/openclaw-YYYY-MM-DD.logopenclaw update --channel stablegit push the workspace directoryYour workspace directory contains SOUL.md, AGENTS.md, MEMORY.md, daily notes, and config. It’s already a git repo — just git push it to a private remote. If your VPS dies, you clone the workspace onto a new one and you’re back.
Spin up a VPS on Hetzner, DigitalOcean, or Linode with at least 4 vCPU and 8 GB RAM. Ubuntu 22.04+ recommended. SSH in and verify you have root or sudo access.
Use the curl installer (curl -fsSL https://openclaw.ai/install.sh | bash) or deploy with Docker Compose. Run openclaw onboard --install-daemon to set up the system service.
Install Tailscale on both your VPS and your laptop. Verify you can reach the gateway at http://<tailscale-ip>:18789. Keep the gateway on loopback — let Tailscale handle routing.
Run openclaw security audit --deep and fix any findings. Set up UFW, verify config permissions, and confirm gateway auth is enabled. Your agent is on the internet now — treat it accordingly.
Your agent is deployed, secured, and running 24/7 on a VPS. Now it’s time to put that always-on agent to work as a coding partner — writing code, reviewing PRs, debugging issues, and shipping features alongside you. Day 14, we code together.