CR ClawReady.in Independent guide
Setup Help
Open menu
Guide Menu expand_more

install vps

Fresh Ubuntu VPS Setup for OpenClaw

Prepare a fresh Ubuntu VPS with a non-root user, secure SSH keys, and UFW firewall before installing OpenClaw.

Difficulty
beginner
Duration
15-20 minutes
Tested On
Ubuntu 24.04 VPS
Access Mode
SSH Terminal
verified
Status readiness check
Pre-Flight Approved
Risk rating medium
Gateway status Private
High-risk guide Critical foundational security steps before installing any software. Involves root access and firewall changes.

Who this is for

This guide is for anyone setting up a brand-new Ubuntu VPS who needs to secure it before installing OpenClaw. It assumes you have a clean server with root access.

Prerequisites

  • A fresh Ubuntu VPS (e.g., Ubuntu 22.04 or 24.04).
  • The public IP address of your VPS.
  • The root password or SSH key provided by your hosting provider.

Why this matters

A brand-new VPS is completely exposed to the internet. If you install OpenClaw as the root user, any vulnerability in a dependency or model could compromise your entire server. Setting up a non-root user and a firewall is the most important step you can take.

VPS Preparation Steps

  1. Log in as root

    Open your terminal and connect to the VPS using the root account.

    bash
    ssh root@your_server_ip

  2. Create a new user

    Create a new user specifically for running OpenClaw. We’ll call it clawuser.

    bash
    adduser clawuser

    Follow the prompts to set a strong password. You can leave the name and phone fields blank.

  3. Grant sudo privileges

    Add the new user to the sudo group so it can run administrative commands.

    bash
    usermod -aG sudo clawuser

  4. Set up the UFW Firewall

    Only allow SSH (port 22), HTTP (port 80), and HTTPS (port 443). Do not allow port 18789.

    bash
    ufw allow OpenSSH\nufw allow http\nufw allow https\nufw enable 
    Command may disrupt existing ssh connections. Proceed with operation (y|n)? y\nFirewall is active and enabled on system startup

  5. Test the new user

    Open a new terminal window (do not close the root one yet) and try logging in as clawuser.

    bash
    ssh clawuser@your_server_ip

    If it works, you can safely log out of root.

Bad Output / Common Mistakes

  • UFW locked you out: If you ran ufw enable before ufw allow OpenSSH, you might get locked out. You will need to use your VPS provider’s web console to log in and fix it.
  • Permission Denied: If sudo apt update fails as clawuser, you forgot to run the usermod command.

Rollback / Undo

If you made a mistake and want to start over, you can revert the changes as root:

  • Delete the user:
    bash
    deluser --remove-home clawuser
  • Reset UFW:
    bash
    ufw disable && ufw reset

Next steps

Now that your server is secure and you have a non-root user, you are ready to proceed with the OpenClaw Installation Guide.

If you need hands-on assistance configuring your server or run into complex firewall issues, check out our Setup Help page.

Sources

ClawReady.in is an independent educational resource and setup service. It is not affiliated with, endorsed by, or operated by OpenClaw.