Before you begin the installation, it’s worth taking a moment to understand what OpenClaw is and why running the solution with Docker Compose is a practical and reliable approach:

Step 1: Why choose OpenClaw with Docker?

  • OpenClaw is an autonomous AI agent, capable of independently performing various tasks. These include, among others, processing messages, analysing files, and automating chat conversations.
  • OpenClaw can run on your own server, is open source and offers over 50 integrations (including WhatsApp, Telegram, Slack, and Discord).
  • The recommended and most stable way to install it is via Docker Compose, because all dependencies are automatically managed in isolation. You can also update or extend them more easily later on.

OpenClaw uses Docker as an isolated environment. Docker Compose is then used to start multiple containers at the same time, including the gateway, CLI, possibly a sandbox, and external tools that together form the system.

Step 2: Find the right server

OpenClaw is not just a chatbot, but an autonomously operating tool that runs on your server and interacts with programs, messengers, and services. For example, you can use the software to manage calendars, handle files, and send notifications. It’s also possible to trigger automations or execute entire developer workflows.

For most scenarios, a VPS setup is a strong choice, as it offers a cost-effective yet capable foundation for running OpenClaw with Docker. It becomes even more convenient if your VPS host supports n8n automation, which simplifies connecting OpenClaw to other services.

As a rule of thumb, the more complex your tasks are, the more RAM and CPU capacity you should allocate. Docker Compose and AI models also require sufficient storage for images, container logs and persistent data. Overall, the exact resource requirements depend heavily on the workload and, in particular, on whether you rely on a cloud-based LLM or run the models locally.

The table below offers a general guideline, outlining example use cases and the corresponding recommended VPS specifications.

Use case Main functions Recommended VPS resources
Digital everyday assistant Appointment summaries, messages, calendar 4 vCores CPU, 4 GB RAM, 120 GB disk space
Workflow automation & documentation Create documents, process data, file upload 6 vCores CPU, 8 GB RAM, 240 GB disk space
Developer productivity & remote automation Tests, builds, logs, shell tasks 8 vCores CPU, 16 GB RAM, 480 GB disk space

Step 3: Install the operating system and set up a secure connection

Before you can install software like OpenClaw with Docker Compose, you need an operating system on your server. For the OpenClaw Docker setup, a Linux distribution such as Ubuntu Server is a good choice. Install a current Ubuntu version on your VPS and then establish a secured connection to your server, for example via SSH (Secure Shell). Make sure to use SSH access with keys instead of passwords so your server is protected against unauthorised access.

Step 4: Install Docker and Compose

Once you’ve established a secure connection to the server and set up your desired operating system, you can install Docker and Compose. First, you should update the system to the latest version:

sudo apt update && sudo apt upgrade -y
sudo apt install -y ca-certificates curl gnupg lsb-release
bash

Then add the Docker GPG key and set up the repository:

sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
    $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
bash

Update the package list again and then install the Docker Engine, the Docker CLI (command-line interface), and the ‘containerd’ service:

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io
bash

In the final step, install Docker Compose. On many modern systems, this can be done using the plugin-based installation method:

sudo apt install -y docker-compose-plugin
bash

Alternatively, download the installation files manually:

mkdir -p ~/.docker/cli-plugins
curl -SL https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 \
    -o ~/.docker/cli-plugins/docker-compose
chmod +x ~/.docker/cli-plugins/docker-compose
bash

You can verify that the installation was successful with the following command:

docker --version
docker compose version
bash

Step 5: Clone the OpenClaw repository

Next, download the OpenClaw source code, which already contains the required Docker configuration:

sudo apt install git -y
git clone https://github.com/openclaw/openclaw.git
cd openclaw
bash

You will now find, among other files, a script called ‘docker-setup.sh’ and the file ‘docker-compose.yml’, which defines the default containers. The latter YAML configuration file contains, among other things, the following information:

  • openclaw-gateway: The main service that starts OpenClaw
  • env_file: This information tells the container where the environment variables are located
  • volumes: This entry ensures that your data is stored persistently instead of being lost in the container
  • ports: Opens the service on port 18789 so you can later access it in your browser

Step 6: Create environment variables and enter API keys

To ensure OpenClaw knows which AI provider to use, how to communicate with external services, and how to authenticate, you need to store several key settings in a .env file. This is a standard text file that contains sensitive information such as API keys and tokens and should never be made public (for example, in Git repositories). Additionally, secure the .env file with restrictive permissions using the command chmod 600 .env.

How to create the .env file step by step

  1. Copy the example file included in the repository using the following command: cp .env.example .env
  2. Open the new file for editing with the following command: nano .env
  3. You will now see various placeholders. The most important lines you should adjust in this file are the following (the values shown are only examples):
LLM_PROVIDER=anthropic
ANTHROPIC_API_KEY=sk-ihrapikey123xyz
GATEWAY_TOKEN=my_secure_gateway_token_abc
MODEL_VERSION=claude-4-5-sonnet-20260101
txt

LLM_PROVIDER defines which AI provider you want to use. Anthropic is essentially the recommended default, but you can of course choose any other option. The corresponding API keys are required so that OpenClaw and Docker can access the LLMs in the cloud. GATEWAY_TOKEN protects access to the dashboard, and with MODEL_VERSION you specify the desired version of the AI model, for example Claude 4.5. Provider names and model versions change frequently, so the values shown here are only examples. Refer to your provider’s current documentation for the correct entries.

Step 7: Run the setup script

After you’ve cloned the OpenClaw repository, you will also find a file named ‘docker-setup.sh’, as already mentioned. This file is a setup script that automates many tasks you would otherwise have to perform manually. It’s part of the official OpenClaw Docker installation recommendation. Without the script, you would have to:

  • Build Docker images
  • Adjust Docker Compose configurations
  • Enter environment variables (if you haven’t already done this manually in Step 6 as described)
  • Start containers

The setup script takes this work off your hands and ensures that the containers are installed and configured correctly. To check in advance what the script actually does, you can run the command less docker-setup.sh. If you’re comfortable with the changes, start it with the following terminal command:

./docker-setup.sh
bash

During installation, you’ll be interactively asked about setup options (gateway mode, provider, tokens). Answer these prompts as desired to complete the OpenClaw Docker setup.

Step 8: Start Docker Compose

Once the Compose files are prepared, start all services. The following command pulls the images, launches the required containers, and automatically mounts the necessary volumes:

docker compose up -d
bash

To make sure there are no errors and all services have started up correctly and are running properly, simply enable logging so you can view the logs in real time:

docker compose logs -f
bash
Tip

Logging will also play an important role once your OpenClaw Docker installation is running in production. It allows you to continuously monitor resource usage (CPU/RAM/disk) and track error rates over time.

Step 9: Access the web interface

Once everything is up and running, you can access the web administration interface in your browser at http://YOUR_SERVER_IP:18789. Replace YOUR_SERVER_IP with the IP address of your server. From the OpenClaw dashboard, you can now, among other things:

  • Start chat conversations
  • Configure your agents
  • Create pairing tokens for clients or devices

If error messages like ‘Unauthorized’ or ‘Pairing required’ appear in the browser, simply request a fresh dashboard token with the following command:

docker compose run --rm openclaw-cli dashboard --no-open
bash

Then approve the process as follows:

docker compose run --rm openclaw-cli devices list
docker compose run --rm openclaw-cli devices approve <requestID>
bash
Tip

Is the container not starting? Check the logs with docker compose logs -f to identify the issue, or review the .env file for missing keys or typos. If the port cannot be reached, you will likely need to adjust your firewall settings or security groups.

Step 10: Secure the OpenClaw Docker instance

OpenClaw can perform system-level actions and execute tasks. If it is exposed to the internet without protection, unauthorised users could potentially access it. For this reason, follow these security guidelines:

  • Protect your server with a firewall. Only necessary connections should be allowed.
  • Open the OpenClaw port (18789 by default) only when necessary. If you want to allow public access, it’s best to restrict it to trusted IP addresses and enforce connections through a reverse proxy with HTTPS or a VPN.
  • Secure your containers specifically by starting them without root privileges whenever possible, running file systems as read-only, and removing unnecessary permissions. Avoid unnecessary host mounts and restrict network access so that only required targets, such as messenger APIs and LLM providers, are available.
  • Use token-based authentication. The GATEWAY_TOKEN you set in the .env file is used to prevent unauthorised access.
  • Make sure not to run OpenClaw as root inside the container and limit permissions using flags like --read-only, --cap-drop=ALL, and --security-opt=no-new-privileges to reduce potential attack surfaces.
  • Create an isolated Docker network environment or use rules so that OpenClaw can reach only the external services it truly needs (for example, AI provider APIs), instead of having unrestricted internet access.
  • Make sure you use the correct settings in the OpenClaw security configuration. All authentication mechanisms should be enabled, and all gateway rules must be properly defined for production use.

On Linux systems like Ubuntu, you can quickly enable solid basic protection using the Uncomplicated Firewall (ufw):

sudo ufw allow 22/tcp
sudo ufw allow 18789/tcp
sudo ufw enable
bash

Allowing TCP port 22 enables secure SSH access. TCP port 18789 is the default port for OpenClaw, unless you have configured a different port. If you prefer not to expose the port publicly, you can restrict access to specific IP addresses only.

Step 11: Set up messaging integrations

OpenClaw can connect to various chat platforms, including Slack, WhatsApp, Telegram, and many more. This allows you to control your AI agent directly from your work chat. For example, if you connect OpenClaw to Slack, your AI agent acts like a Slack bot. You can then ask it questions or send tasks in your team chat, and it will respond or perform actions.

The integration works roughly as follows (depending on the integration, there are slight differences in the setup):

  1. Register bot / application: Create a bot or an app in the respective service (for example, Telegram, Slack, Discord). Typically, this is done via the service’s developer portal. In the end, you receive one or more API tokens/keys that are used to authenticate your bot.
  2. Enter tokens / keys in OpenClaw: Add the API credentials (for example, TELEGRAM_BOT_TOKEN, SLACK_BOT_TOKEN) to the OpenClaw configuration file .env or an appropriate configuration interface.
  3. Restart or configure OpenClaw: Restart OpenClaw so it can apply the new integration settings.
  4. Pairing / authentication: Depending on the service, you must authorise the bot or the connection once, for example via pairing codes, OAuth flows, or confirmation links provided by the service or by OpenClaw.
  5. Test: Send a test message via the bot or chat to check whether OpenClaw responds correctly.
Tip

Handle API tokens confidentially, grant only the necessary permissions, test the connection right after setup, and complete the authorisation process (for example, pairing/OAuth). If issues arise, check the logs and, for initial tests, use a private channel or workspace.

Step 12: Keep OpenClaw up to date

To ensure you always have access to the latest features of the tool and that current bug fixes and security updates are installed, it’s important to update OpenClaw regularly. To do this, first navigate to the directory:

cd ~/openclaw
bash

Then fetch the latest version with the following command:

git pull
docker compose pull
bash

Restart your OpenClaw Docker instance afterward:

docker compose up -d
bash
Go to Main Menu