Back to Blog
O

OpenClaw on a VPS with Tailscale: Always-On Remote Access Setup

Setup Guides

OpenClaw on a VPS with Tailscale: Always-On Remote Access Setup

OpenClaw Expert Team
13 min read

The Best Production Setup for Most Businesses

For most businesses, a VPS with Docker and Tailscale hits the sweet spot: affordable ($5-20/month), reliable (99.9%+ uptime), secure (no public ports exposed), and accessible from anywhere. This guide walks through the entire setup on a fresh VPS.

Step 1: Provision a VPS

Recommended providers and specs:

  • Hetzner Cloud: CX22 (2 vCPU, 4GB RAM, 40GB SSD) — EUR 5.49/month. Best price-to-performance ratio in Europe
  • DigitalOcean: Basic Droplet (2 vCPU, 4GB RAM, 80GB SSD) — $24/month. Excellent US presence
  • Contabo: Cloud VPS S (4 vCPU, 8GB RAM, 50GB SSD) — $6.99/month. Best raw specs per dollar

Choose Ubuntu 24.04 LTS as the OS. Select a region close to your primary user base.

Step 2: Secure the Server

SSH into your new VPS and run these security essentials:

# Update everything
apt-get update && apt-get upgrade -y

# Create a non-root user
adduser openclaw
usermod -aG sudo openclaw

# Secure SSH: disable root login, change port
sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
systemctl restart sshd

# Set up firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow 2222/tcp    # Custom SSH
ufw allow 443/tcp     # HTTPS (for webhooks)
ufw allow 41641/udp   # Tailscale
ufw enable

Step 3: Install Docker

curl -fsSL https://get.docker.com | sh
usermod -aG docker openclaw

# Log in as openclaw user for the rest
su - openclaw

Step 4: Deploy OpenClaw via Docker

git clone https://github.com/openclaw/openclaw.git
cd openclaw

# Create config directories
mkdir -p ~/.openclaw/workspace

# Run the setup script
./docker-setup.sh

The script builds the image, generates a gateway token, runs the onboarding wizard, and starts the gateway.

Step 5: Install Tailscale for Secure Remote Access

Tailscale creates a private WireGuard VPN between your devices — no port forwarding, no exposing the gateway to the internet.

# Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up

Follow the authentication URL to link your VPS to your Tailscale network.

Access Options

  • Tailscale Serve (private): Expose the gateway dashboard to your Tailscale network only. Access from any device on your Tailscale network
  • Tailscale Funnel (public): Create a public HTTPS endpoint for webhooks (required for WhatsApp, Telegram). Tailscale handles SSL automatically
# Expose gateway dashboard privately (Tailscale network only)
tailscale serve --bg 18789

# Create a public HTTPS endpoint for webhooks
tailscale funnel --bg 18789

Step 6: Connect Channels

# WhatsApp (scan QR code)
docker compose run --rm openclaw-cli channels login

# Telegram
docker compose run --rm openclaw-cli channels add --channel telegram --token "YOUR_TOKEN"

# Discord
docker compose run --rm openclaw-cli channels add --channel discord --token "YOUR_TOKEN"

Step 7: Set Up Monitoring

Basic Uptime Monitoring

Sign up for a free monitoring service (UptimeRobot, BetterUptime) and add a check for your gateway health endpoint:

  • URL: https://your-tailscale-hostname:18789/health (or your Funnel URL)
  • Check interval: Every 60 seconds
  • Alert: Email or Slack notification on downtime

Log Monitoring

# View live gateway logs
docker compose logs -f openclaw-gateway

# Check resource usage
docker stats openclaw-gateway

Step 8: Automated Backups

# Create a daily backup script
cat > ~/backup-openclaw.sh << 'SCRIPT'
#!/bin/bash
BACKUP_DIR="$HOME/backups"
mkdir -p "$BACKUP_DIR"
DATE=$(date +%Y%m%d)
tar czf "$BACKUP_DIR/openclaw-$DATE.tar.gz" ~/.openclaw/
# Keep only last 7 days
find "$BACKUP_DIR" -name "openclaw-*.tar.gz" -mtime +7 -delete
SCRIPT

chmod +x ~/backup-openclaw.sh

# Add to crontab (runs daily at 3 AM)
(crontab -l 2>/dev/null; echo "0 3 * * * $HOME/backup-openclaw.sh") | crontab -

Step 9: SSH Access from Your Laptop

If you need direct access without Tailscale (e.g., from a machine not on your network):

# SSH tunnel to access the gateway dashboard locally
ssh -N -L 18789:127.0.0.1:18789 -p 2222 openclaw@YOUR_VPS_IP

# Then open http://127.0.0.1:18789 in your browser

Maintenance Cheat Sheet

# Update OpenClaw
cd ~/openclaw && git pull
docker compose build && docker compose up -d openclaw-gateway

# Restart the gateway
docker compose restart openclaw-gateway

# View logs
docker compose logs -f --tail 100 openclaw-gateway

# Check disk space
df -h

# Check memory usage
free -h

We handle the entire VPS setup. Server provisioning, security hardening, Docker deployment, Tailscale configuration, channel integration, monitoring, and automated backups — all included in our Professional and Enterprise packages.

Book your VPS deployment or learn about our remote access service.

openclaw vpsopenclaw hetznertailscale openclawalways-on ai assistantopenclaw remote access

Need Help with OpenClaw?

Our experts handle the entire setup — installation, configuration, integrations, and ongoing support. Get your AI assistant running in 24 hours.

Book Free ConsultationView Packages

Related Articles

O

OpenClaw Dashboard V2: What's New in the Control UI (2026)

Setup Guides

OpenClaw Dashboard V2: What's New in the Control UI (2026)

8 min read

O

How to Back Up and Restore Your OpenClaw Setup (v2026.3.8+)

Setup Guides

How to Back Up and Restore Your OpenClaw Setup (v2026.3.8+)

9 min read

O

How to Install OpenClaw Skills: The Complete Guide

Setup Guides

How to Install OpenClaw Skills: The Complete Guide

10 min read