CR ClawReady.in Independent guide
Setup Help
Open menu

Community guide

AWS Lightsail Setup with Daily SQLite Backups

How to deploy OpenClaw Gateway on a cost-effective Lightsail instance, lock firewall settings, and run automatic SQLite database cron backups.

[!NOTE] ClawReady.in is an independent educational resource and setup service. It is not affiliated with, endorsed by, or operated by OpenClaw.

AWS Lightsail is one of the most budget-friendly ways for developers in India to run OpenClaw. For $3.50 or $5 per month, you get a clean static IP and a consistent Linux sandbox. This guide details my exact setup configuration using an automated SQLite cron backup script.

Prerequisites & Pre-flight Checklist

  1. AWS Lightsail Instance: Ubuntu 24.04 LTS recommended.
  2. Ports Locked: Ensure port 18789 (the Gateway control interface) is NOT open to the public internet in the Lightsail networking dashboard.
  3. Local Tooling: SSH keypair configured for access.

1. Network & Port Safety (Crucial)

By default, OpenClaw listens on all interfaces if not restricted. To secure the deployment:

  1. Open your AWS Lightsail Console.
  2. Navigate to Networking -> IPv4 Firewall.
  3. Ensure only SSH (Port 22) and HTTPS (Port 443) are allowed.
  4. Never add a custom rule for port 18789 publicly.

To access the Gateway dashboard locally, use an SSH loopback tunnel:

ssh -L 18789:127.0.0.1:18789 ubuntu@your-lightsail-ip

Now, navigate to http://localhost:18789 in your web browser. The traffic is securely routed through the encrypted SSH channel.

2. Setting Up Automatic SQLite Backups

OpenClaw saves active session flows and channel status configurations in a local SQLite file (openclaw.db). If your VPS crashes, you could lose important chats.

Create a backup script at /opt/openclaw/backup-db.sh:

#!/bin/bash
BACKUP_DIR="/opt/openclaw/backups"
DB_PATH="/opt/openclaw/data/openclaw.db"
TIMESTAMP=$(date +"%Y%m%d_%H%M%S")

mkdir -p "$BACKUP_DIR"

# Safe copy using SQLite's online backup API to prevent corruption
sqlite3 "$DB_PATH" ".backup '${BACKUP_DIR}/openclaw_backup_${TIMESTAMP}.db'"

# Remove backups older than 7 days
find "$BACKUP_DIR" -type f -name "openclaw_backup_*.db" -mtime +7 -delete

echo "Backup created at ${TIMESTAMP}"

Make it executable:

chmod +x /opt/openclaw/backup-db.sh

Run a daily cron job by adding this line to crontab -e:

0 2 * * * /opt/openclaw/backup-db.sh >> /var/log/openclaw-backup.log 2>&1

This triggers the backup script every night at 2:00 AM.