In This Article
Introduction
Linux is OpenClaw's native environment. The project is primarily developed and tested on Linux, the community's production deployments run predominantly on Linux servers, and the shell execution Skills assume a Unix/bash environment. If you're a Linux user, you have access to the cleanest, most reliable OpenClaw experience — and with systemd service configuration, you can have OpenClaw running automatically on boot on a dedicated server that operates 24/7 without manual management.
Installation
Ubuntu/Debian
# Install Node.js 20.x
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs
# Install OpenClaw globally
sudo npm install -g openclaw
# Run setup wizard
openclaw setupArch Linux
sudo pacman -S nodejs npm
sudo npm install -g openclaw
openclaw setupFedora/RHEL
sudo dnf install nodejs npm
sudo npm install -g openclaw
openclaw setupThe setup wizard creates ~/.openclaw/config.yaml and ~/.openclaw/memory/. Complete the wizard by providing your API keys and messaging platform credentials.
Docker installation (recommended for servers):
docker pull openclaw/openclaw:latest
mkdir -p ~/.openclaw
# Create your config.yaml in ~/.openclaw/
# Then run:
docker run -d --name openclaw --restart unless-stopped -v ~/.openclaw:/memory openclaw/openclaw:latestRunning as a systemd Service
Running OpenClaw as a systemd service ensures it starts automatically on boot, restarts on crashes, and integrates with the system's logging infrastructure. Create the service file:
sudo nano /etc/systemd/system/openclaw.service[Unit]
Description=OpenClaw AI Agent
After=network.target
Wants=network-online.target
[Service]
Type=simple
User=your-username
Group=your-username
WorkingDirectory=/home/your-username
ExecStart=/usr/bin/openclaw start
ExecStop=/usr/bin/openclaw stop
Restart=on-failure
RestartSec=10s
StandardOutput=journal
StandardError=journal
SyslogIdentifier=openclaw
# Security hardening
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/home/your-username/.openclaw
[Install]
WantedBy=multi-user.targetEnable and start the service:
sudo systemctl daemon-reload
sudo systemctl enable openclaw
sudo systemctl start openclaw
# Check status
sudo systemctl status openclaw
# View logs
sudo journalctl -u openclaw -fOpenClaw now starts automatically on boot and restarts within 10 seconds if it crashes.
Headless VPS Setup
Running OpenClaw on a headless VPS (Virtual Private Server) is the most common production deployment model for community members who want 24/7 uptime. A $5–10/month VPS from DigitalOcean, Vultr, Linode, or AWS Lightsail is sufficient for most personal deployments.
Recommended VPS specifications:
- 2 vCPUs, 4 GB RAM minimum
- 20 GB SSD storage
- Ubuntu 22.04 LTS
- Any location with low latency to your primary messaging platform's servers
After creating your VPS and SSH-ing in, follow the Ubuntu installation steps above. For headless VPS setup, Telegram is the recommended primary channel since it works entirely over HTTPS with no additional network configuration required.
Security for VPS deployment:
- Never expose the OpenClaw web interface to the public internet — bind it to localhost only
- Configure UFW to allow only SSH (port 22) and any necessary HTTPS traffic
- Use SSH key authentication and disable password authentication
- Install fail2ban to prevent brute force attacks
- Keep the VPS OS updated with automatic security updates
Linux Security Hardening
Linux offers excellent security controls that should be applied to OpenClaw deployments:
Run as a dedicated user (not root):
sudo useradd -r -m -s /bin/bash openclaw-user
sudo -u openclaw-user openclaw setupFile permissions:
# Restrict memory directory to owner only
chmod 700 ~/.openclaw
chmod 600 ~/.openclaw/config.yaml
# If running as openclaw-user
chown -R openclaw-user:openclaw-user /home/openclaw-user/.openclawAppArmor profile (Ubuntu): The Foundation provides an optional AppArmor profile that restricts OpenClaw to only the filesystem paths and network connections it legitimately needs. Install with:
sudo openclaw install-apparmor-profile
sudo systemctl reload apparmorEncrypt the memory directory:
sudo apt install ecryptfs-utils
# Mount encrypted home directory
ecryptfs-migrate-home -u openclaw-userMonitoring & Logging
For production Linux deployments, configure monitoring to ensure the service is running correctly and alert you to issues:
journald log persistence:
sudo mkdir -p /var/log/journal
sudo systemctl restart systemd-journaldLog rotation: Configure logrotate for OpenClaw's application logs:
sudo nano /etc/logrotate.d/openclaw/home/openclaw-user/.openclaw/logs/*.log {
daily
rotate 30
compress
delaycompress
missingok
notifempty
}Health monitoring with systemd watchdog: Add to the service file:
WatchdogSec=60sAnd configure OpenClaw to send systemd watchdog notifications, ensuring the service is restarted if OpenClaw stops responding within 60 seconds.
Frequently Asked Questions
Can I run OpenClaw on a Raspberry Pi? Yes — OpenClaw has a dedicated setup guide for Raspberry Pi. It runs well on Pi 4 with 4 GB or 8 GB RAM. Using local models (Ollama) on Pi requires the 8 GB model.
How much RAM does OpenClaw use? The base OpenClaw process uses 150–300 MB RAM. Browser automation tasks temporarily require an additional 200–400 MB. Ollama for local models requires 4–8 GB RAM depending on the model. Plan accordingly when sizing your server.
Can multiple users share one Linux OpenClaw installation? OpenClaw is primarily designed for single-user use per instance. Multi-user deployment (different users with different memory files, different channel configurations) requires separate installations with separate user accounts and the systemd multi-instance configuration.
Is there a one-line installation script? Community-maintained one-line scripts exist on GitHub but are not officially supported by the Foundation. Using the official npm installation ensures you're installing a verified package version.
Wrapping Up
Linux is the optimal platform for production OpenClaw deployments. The combination of native Unix environment compatibility, systemd service management, mature security controls, and low-cost VPS hosting options makes Linux the preferred choice for anyone running OpenClaw around the clock. The initial setup investment of 30–60 minutes produces a stable, auto-starting, well-monitored deployment that runs reliably for months without manual intervention.