OpenClaw on Linux: Native Installation Guide [2026]

Why Linux for OpenClaw?

Linux is the primary deployment target for OpenClaw and the platform that receives the most testing, optimization, and community support. The majority of OpenClaw instances in production run on Linux servers — either bare metal, VPS, or cloud instances.

There are several advantages to running OpenClaw on Linux. Performance is better than Docker Desktop on Mac or WSL2 on Windows because there is no virtualization layer. System resource usage is lower since Linux servers typically run without a desktop environment. Systemd provides robust service management with automatic restarts, logging, and dependency handling. And the Linux server ecosystem offers mature tooling for monitoring, security, backups, and automation.

Linux also gives you the most deployment flexibility. You can run OpenClaw on a $6/month VPS, a dedicated server, a Raspberry Pi 4, a home lab machine, or a cloud instance. The same installation process works everywhere, and systemd handles service management consistently across distributions.

System Requirements

If you plan to run local AI models alongside OpenClaw (using Ollama), increase RAM to 8GB minimum. A 7B parameter model consumes approximately 4-5GB of RAM.

Method 1: npm Install

The npm installation is the most straightforward approach. It installs OpenClaw as a global Node.js package with no containerization overhead.

Step 1: Update your system.

sudo apt update && sudo apt upgrade -y

Step 2: Install Node.js 22.

# Install dependencies
sudo apt install -y curl build-essential

# Add NodeSource repository for Node.js 22
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -

# Install Node.js
sudo apt install -y nodejs

# Verify
node --version  # v22.x.x
npm --version   # 10.x.x+

Step 3: Install OpenClaw.

# Install globally
sudo npm install -g openclaw

# Create a dedicated directory
mkdir -p ~/openclaw
cd ~/openclaw

# Initialize
openclaw init

Step 4: Configure environment variables.

nano ~/openclaw/.env

Add your configuration:

# Model provider API keys (at least one required)
ANTHROPIC_API_KEY=sk-ant-your-key-here
OPENAI_API_KEY=sk-your-key-here
GOOGLE_API_KEY=your-key-here

# OpenClaw configuration
OPENCLAW_PORT=18789
OPENCLAW_DATA_DIR=/home/your-user/openclaw/data
OPENCLAW_LOG_LEVEL=info

Step 5: Start OpenClaw.

cd ~/openclaw
openclaw start

The web dashboard is now accessible at http://your-server-ip:18789. If you only see it locally, check your firewall settings (covered below).

Method 2: Docker Install

Docker provides better isolation, simpler updates, and a cleaner separation between OpenClaw and your host system. This is the recommended approach for production servers.

Step 1: Install Docker Engine.

# Remove old versions
sudo apt remove -y docker docker-engine docker.io containerd runc 2>/dev/null

# Install prerequisites
sudo apt update
sudo apt install -y ca-certificates curl gnupg

# Add Docker's GPG key
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Add repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker Engine and Docker Compose
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# Add your user to the docker group
sudo usermod -aG docker $USER

# Enable Docker to start on boot
sudo systemctl enable docker

Log out and back in for the group change to take effect.

Step 2: Create the OpenClaw deployment.

mkdir -p ~/openclaw && cd ~/openclaw

cat > docker-compose.yml << 'EOF'
version: '3.8'
services:
  openclaw:
    image: openclaw/openclaw:latest
    container_name: openclaw
    restart: unless-stopped
    ports:
      - "18789:18789"
    volumes:
      - ./data:/app/data
      - ./config:/app/config
    env_file:
      - .env
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
EOF

Step 3: Create the .env file.

cat > .env << 'EOF'
ANTHROPIC_API_KEY=sk-ant-your-key-here
OPENAI_API_KEY=sk-your-key-here
OPENCLAW_PORT=18789
EOF

Step 4: Start OpenClaw.

docker compose up -d

# Verify it's running
docker compose ps

# View logs
docker compose logs -f openclaw

Updating with Docker is simple — pull the latest image and recreate the container:

cd ~/openclaw
docker compose pull
docker compose up -d

Your data persists in the mounted volumes, so updates don't affect your configuration, conversations, or memory.

Setting Up a systemd Service

If you installed via npm (not Docker), a systemd service is essential for keeping OpenClaw running 24/7. It handles automatic startup on boot, automatic restart on crash, and proper logging.

Create the service file:

sudo nano /etc/systemd/system/openclaw.service

Add this content (replace your-user with your actual username):

[Unit]
Description=OpenClaw AI Agent
Documentation=https://remoteopenclaw.com/blog/complete-guide-to-openclaw/
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=your-user
Group=your-user
WorkingDirectory=/home/your-user/openclaw
ExecStart=/usr/bin/openclaw start
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
SyslogIdentifier=openclaw

# Environment file
EnvironmentFile=/home/your-user/openclaw/.env

# Security hardening
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/home/your-user/openclaw/data /home/your-user/openclaw/config
PrivateTmp=yes

[Install]
WantedBy=multi-user.target

Enable and start the service:

# Reload systemd to recognize the new service
sudo systemctl daemon-reload

# Enable automatic startup on boot
sudo systemctl enable openclaw

# Start the service
sudo systemctl start openclaw

# Check status
sudo systemctl status openclaw

# View logs
sudo journalctl -u openclaw -f

The service will now start automatically on boot and restart within 10 seconds if it crashes. Logs are captured by journald and can be viewed with journalctl.

Firewall Configuration

If you are running OpenClaw on a VPS or any server with a public IP, configure your firewall to control access to the OpenClaw port.

Using UFW (Ubuntu/Debian):

# Allow SSH (don't lock yourself out)
sudo ufw allow ssh

# Option A: Allow OpenClaw from anywhere (if using reverse proxy later)
sudo ufw allow 18789/tcp

# Option B: Allow OpenClaw only from your IP
sudo ufw allow from YOUR_IP_ADDRESS to any port 18789

# Enable the firewall
sudo ufw enable

# Verify rules
sudo ufw status

Important: If you plan to set up a reverse proxy (Nginx or Caddy) in front of OpenClaw, you should only allow port 18789 from localhost and let the reverse proxy handle external traffic on ports 80 and 443. See our reverse proxy guide for details.

Security Hardening

Running OpenClaw on a public-facing Linux server requires basic security hygiene:

Create a dedicated user. Don't run OpenClaw as root. Create a non-root user specifically for OpenClaw:

sudo useradd -m -s /bin/bash openclaw
sudo -u openclaw mkdir -p /home/openclaw/openclaw

Secure your API keys. Set restrictive permissions on the .env file:

chmod 600 ~/openclaw/.env

Enable automatic security updates:

sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

Use SSH keys instead of passwords. Disable password authentication in /etc/ssh/sshd_config and use SSH key pairs for all remote access.

Set up fail2ban to protect against brute-force attacks:

sudo apt install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Use a reverse proxy with SSL. Never expose port 18789 directly to the internet without encryption. Set up Nginx or Caddy with Let's Encrypt SSL certificates. Our reverse proxy guide covers this in detail.

Notes for Other Distributions

Fedora / RHEL / Rocky Linux:

# Install Node.js 22
sudo dnf module install nodejs:22

# Install OpenClaw
sudo npm install -g openclaw

# Firewall (firewalld instead of ufw)
sudo firewall-cmd --permanent --add-port=18789/tcp
sudo firewall-cmd --reload

Arch Linux:

# Install Node.js
sudo pacman -S nodejs npm

# Install OpenClaw
sudo npm install -g openclaw

Alpine Linux (common in Docker-based hosts):

# Install Node.js
apk add --no-cache nodejs npm

# Install OpenClaw
npm install -g openclaw

Raspberry Pi (Raspberry Pi OS / Debian ARM): OpenClaw runs on Raspberry Pi 4 and 5 with 4GB or 8GB RAM. The installation process is identical to Ubuntu/Debian. Performance is adequate for personal use with a single agent, but a VPS or Mac Mini is recommended for production workloads.

Troubleshooting

Node.js version too old. Many Linux distributions ship with older Node.js versions in their default repositories. Always use the NodeSource repository or nvm to get Node.js 22+. Check your version with node --version.

Permission denied on npm global install. If sudo npm install -g openclaw fails, the npm prefix directory may have incorrect ownership. Fix with:

sudo chown -R $(whoami) /usr/lib/node_modules /usr/bin

Or use nvm, which installs Node.js in your home directory and avoids permission issues entirely.

OpenClaw crashes immediately after starting. Check logs with journalctl -u openclaw -n 50 or openclaw start --verbose. Common causes: missing .env file, invalid API key format, port 18789 already in use by another process.

Cannot connect to web dashboard. Verify OpenClaw is running (systemctl status openclaw), check the firewall (sudo ufw status), and confirm you are using the correct IP address and port. If on a VPS, check the hosting provider's security group or firewall rules as well.

Docker permission denied. If you get "permission denied while trying to connect to the Docker daemon socket," you forgot to add your user to the docker group or didn't log out and back in. Run sudo usermod -aG docker $USER and then log out and log back in.

High memory usage. OpenClaw typically uses 800MB-1.5GB of RAM. If it exceeds 2GB, check for memory leaks by restarting the service and monitoring with htop. Skills and plugins that load large datasets can increase memory usage. Disable unused skills to reduce footprint.