Complete Guide: Installing OpenClaw on a VPS — Your Secure 24/7 AI Personal Assistant

What Is OpenClaw and Why Do You Need It?

OpenClaw is an AI-powered personal assistant bot built on Anthropic's Claude. It connects to your WhatsApp or Telegram and can manage your calendar, read and send emails, set reminders, search for information, and perform automated tasks — all through a simple chat message.

This guide will teach you step by step how to install OpenClaw on a VPS (Virtual Private Server), so the bot runs 24/7 without depending on your personal computer. We will place special emphasis on security — because when you give a bot access to your email and calendar, you must do it right.

Why VPS? Why Not Run It From Your Computer?

Running the bot from your personal machine may sound simple, but it is problematic for three main reasons:

• Availability: The moment you shut down your computer or lose your internet connection, the bot stops working. A VPS runs 24/7 without interruption.
• Performance: A dedicated VPS does not compete with other programs for resources. It is devoted solely to the bot.
• Security (Critical!): When the bot runs on your personal computer, it has potential access to your files, passwords, and personal data. A VPS provides complete isolation — the bot runs in an environment entirely separate from your personal information.

Important Security Tip: Isolation Is Not a Luxury

Think of a VPS like a separate office for your assistant. You would not give a new secretary the keys to your apartment — you give them a key to the office. Same with the bot: separate its environment from your personal data.

Step 1: Create a Dedicated Email Account for the Bot

This is the first and most important step — before you buy a VPS or install anything.

Create a new Gmail account that will be used exclusively by the bot. For example:

• mybot.assistant@gmail.com
• openclaw.yourname@gmail.com

Why is this essential?

• Protect your personal email: The bot will read and write emails. If you connect your personal email, it gains access to your entire history — bank notifications, sensitive documents, private conversations.
• Limit the "blast radius": If something goes wrong — a compromised account, a misused permission — the damage is limited to the dedicated account only.
• Transparency and control: It is much easier to monitor what the bot is doing when all its activity is in a separate account.
• Simple revocation: If you want to stop, just revoke access to the dedicated account without touching anything personal.

Security Settings for the Dedicated Account

• Enable Two-Factor Authentication (2FA): Mandatory. Use an Authenticator app (like Google Authenticator), not SMS — SMS verification is less secure.
• Strong, unique password: At least 16 characters, mixing letters, numbers, and symbols. Do not use a password that appears anywhere else.
• Check connected devices: After setup, go to myaccount.google.com/device-activity and verify that only your server is connected.
• Set a recovery email: Add your personal email as the recovery address, so you can regain access if needed.

Step 2: Purchase a VPS Server

There are many VPS providers on the market. A good starting specification is:

• RAM: At least 4GB (2GB absolute minimum)
• CPU: 2 cores
• Storage: 50GB SSD
• OS: Ubuntu 22.04
• Manager: Docker Manager (simplifies installation)

Choosing a VPS Provider — What to Check

• Server location: Choose a region geographically close to you for better performance.
• Backups: Make sure the provider offers automatic backups or snapshots — you will need them.
• Support: Choose a provider with 24/7 support — if something breaks at 3 AM, you want someone to answer.
• Firewall: Ensure there is an option to configure firewall rules through the control panel.

After Purchase — Immediate Security Steps

• Change the root password: Immediately after gaining access to the server, change the default password.
• Update the system: Run apt update && apt upgrade -y to ensure all packages are up to date.
• Create a new user: Do not run everything as root. Create a dedicated user with sudo permissions.
• Set up SSH keys: Disable password login and use only SSH key authentication for server access.

Step 3: Install OpenClaw Using Docker

Docker allows you to run the bot inside an isolated container — an additional security layer that separates the bot from the server's operating system.

Installation Process

• Log into the server's management panel (usually at https://your-server-ip:8443)
• Search for the "OpenClaw" application in the Docker catalog
• Click "Install" or "Deploy"
• Configure the required variables (API keys, connection settings)
• Wait for the installation to complete — usually a few minutes

Recommended Docker Security Settings

• Limit resources: Set memory and CPU limits for the container to prevent the bot from consuming all server resources.
• Isolated network: Run the container on a dedicated Docker network, not the host network.
• Minimal volumes: Do not mount directories the bot does not need access to.
• Update images: Regularly check for and apply updates to the OpenClaw Docker image.

Step 4: Connect to Google Account (Gmail + Calendar)

This is where the bot connects to the dedicated Google account you created in Step 1. Again — never connect your personal account.

Creating a Google Cloud Project

1. Go to Google Cloud Console
2. Create a new project (name: "OpenClaw Bot" or similar)
3. Enable the required APIs:
   • Gmail API
   • Google Calendar API
4. Create OAuth 2.0 credentials (type: Web Application)
5. Set the Redirect URI that the system displays for you

OAuth Configuration — Important Notes

• Minimal permissions: Only grant the bot the scopes it truly needs. If you do not need it to send emails, do not grant write access to Gmail.
• OAuth Consent Screen: Set to "Testing" mode. Add only the dedicated account as a Test User.
• Client Secret: Store the Client ID and Client Secret securely. Never share them with anyone.

Connecting Gmail API

After creating the credentials, return to the OpenClaw interface on the server:

1. Enter the Client ID and Client Secret
2. Approve the connection — you will be redirected to a Google authorization page
3. Log in with the dedicated account (not your personal one!)
4. Approve the requested permissions
5. Verify the connection was successful

Connecting Google Calendar API

A similar process — same credentials, same dedicated account:

1. In the OpenClaw interface, find the Calendar section
2. Approve the permissions
3. Verify the bot can see the dedicated account's calendar

Pro Tip: Share the dedicated account's calendar with your personal Google Calendar, so you can see the events the bot creates — without giving it access to your personal calendar.

Step 5: Connect WhatsApp / Telegram

Now we connect the communication channel — the interface through which you will interact with the bot daily.

Setting Up a Whitelist

Critical for security! Before connecting the bot to WhatsApp or Telegram, make sure you have set up a whitelist — a list of phone numbers authorized to communicate with the bot.

• Enter only your own number
• Do not add other people's numbers unless you are sure they need access
• Any number not on the whitelist will be unable to send commands to the bot

Connecting WhatsApp

1. In the OpenClaw interface, click "Connect WhatsApp"
2. Scan the QR code with WhatsApp on your phone
3. Send a test message to the bot to verify everything works

Connecting Telegram

1. Create a new bot through @BotFather on Telegram
2. Copy the Bot Token
3. Enter it in the OpenClaw interface
4. Send a message to the bot to verify the connection

Step 6: Advanced Security and Ongoing Maintenance

Installation is complete — but security does not end with installation. Here is the maintenance checklist you should follow regularly:

Weekly Checks

• Review logs: Access the container logs (docker logs openclaw) and check for unusual activity.
• Review emails: Log into the dedicated account and verify the bot is only doing what you asked.
• Check for updates: Make sure you are running the latest version of OpenClaw.

Monthly Checks

• Permission audit: Go to Google Cloud Console and verify the scopes have not changed and there are no unnecessary access grants.
• Server updates: Run apt update && apt upgrade -y and verify the system is current.
• Backup: Create a server snapshot — so you can restore quickly if something goes wrong.
• Password rotation: Consider changing the dedicated account's password every 3 months.

Setting Up Alerts

• Login alerts: Enable email notifications in the dedicated Google account for logins from new devices.
• Server monitoring: Set up a monitoring service (like Uptime Robot) to alert you if the server goes down.
• Docker restart policy: Configure automatic container restart (--restart unless-stopped) so the bot recovers on its own after a crash.

Complete Step-by-Step Summary

1. Create a dedicated email account — with 2FA and a strong password
2. Purchase a VPS — Ubuntu 22.04, 4GB RAM, Docker Manager
3. Secure the server — updates, dedicated user, SSH key
4. Install OpenClaw — via Docker
5. Connect Google APIs — with the dedicated account, minimal permissions
6. Connect WhatsApp/Telegram — with whitelist
7. Configure firewall (UFW) and Fail2Ban
8. Step 8: Set up monitoring — logs, alerts, backups

Final Tips

• Start small — give the bot access only to the calendar at first, and only add Gmail once you feel comfortable.
• Document everything — write down which permissions you granted, which connections are active, and where the credentials are stored.
• If something feels wrong — immediately disconnect the dedicated account's access and investigate before reconnecting.

Need help with installation? Want personal guidance? At JOYO Digital workshops, we walk you through every step — including technical setups like this. Check out our workshops and find the right fit for you.