Local Machine
Best for first setup and low-risk automation. Lowest blast radius if isolated well.
- Fastest start
- No public exposure by default
- Great for debugging and learning
If you are choosing where to run OpenClaw, use this page first. It covers local, VPS, Railway, and DigitalOcean with practical trade-offs and security controls.
Need architecture and threat model context first? Read the OpenClaw security deep dive .
Best for first setup and low-risk automation. Lowest blast radius if isolated well.
Best for always-on runtime when you need stable background execution.
Good for quick managed deployment, but check runtime limits and secret handling carefully.
Good middle ground with solid control and predictable pricing on droplets.
| Option | Time to Start | Ops Load | Security Control | Best Use |
|---|---|---|---|---|
| Local | Very fast | Low | High (local only) | Learning, prototypes, safe workflows |
| VPS | Medium | Medium to high | Very high | Always-on personal or team runtime |
| Railway | Fast | Low to medium | Medium | Quick managed deployment |
| DigitalOcean | Medium | Medium | High | Stable VPS with explicit control |
Use this sequence if you want to run OpenClaw on your own PC first, then connect Telegram or WhatsApp without opening an unsafe control plane.
127.0.0.1 and do not bind to 0.0.0.0.Use one of the official install paths below, then validate the local dashboard before enabling channels.
# Prereq
node --version # Node 22+
# Option A (OpenClaw official installer, macOS/Linux)
curl -fsSL --proto '=https' --tlsv1.2 https://openclaw.ai/install.sh | bash
# Option B (npm global install)
npm install -g openclaw@latest
# Onboard + install daemon service
openclaw onboard --install-daemon
# Verify gateway and open dashboard
openclaw gateway status
openclaw dashboard If dashboard auth prompts appear, use your configured gateway token and keep access local-only.
Minimal secure env baseline (example):
OPENCLAW_GATEWAY_HOST=127.0.0.1
OPENCLAW_GATEWAY_PORT=18789
OPENCLAW_GATEWAY_TOKEN=replace-with-long-random-secret Keep variable names aligned with your installed OpenClaw version and docs.
# Telegram token example
export TELEGRAM_BOT_TOKEN="replace-with-your-botfather-token"
openclaw gateway status # WhatsApp QR login (OpenClaw web channel)
openclaw channels login
openclaw gateway --port 18789 For latest setup instructions and ecosystem updates, use these official and community links: