How to Deploy AI Agents

Running AI agents on your laptop works for quick experiments, but falls apart in production. Your laptop sleeps, loses Wi-Fi, and shares resources with everything else you're doing. A VPS gives you a dedicated machine that's always on, always reachable, and isolated from your daily workflow. It's also the only sane way to expose messaging integrations (Telegram, WhatsApp) that need a persistent connection.

More importantly, a VPS behind Tailscale (which we'll set up in the next section) means your agent infrastructure is invisible on the public internet, no open ports for bots to scan, no brute-force attempts filling your logs.

Hetzner's CX23 plan gives you 2 vCPUs, 4 GB RAM, 40 GB NVMe, and 20 TB of traffic for €3.49/month (about $4). That's roughly 3-5x cheaper than equivalent specs on AWS, GCP, or DigitalOcean. Billing is hourly with a monthly cap, so you can spin up a server, test for a few hours, and destroy it for pennies. Datacenters are in Germany and Finland (with US locations available), which keeps latency low for European users and respects EU data residency requirements by default.

For OpenClaw with cloud-hosted models (Anthropic, OpenAI), the CX23 is more than sufficient. If you plan to run local models through Ollama, you'll want to step up to a CX33 (4 vCPUs, 8 GB RAM) or higher, more on that in the OpenClaw install section.

Select Shared vCPU under the server type. This is the cost-optimized tier where CPU cores are shared across tenants, perfectly fine for an agent gateway that spends most of its time waiting on API responses rather than crunching data locally.

Pick CX23 as the plan (2 vCPUs, 4 GB RAM, 40 GB NVMe). For reference, here's how the cost-optimized line scales if you need more later:

• CX23: 2 vCPUs, 4 GB RAM, 40 GB NVMe for €3.49/month
• CX33: 4 vCPUs, 8 GB RAM, 80 GB NVMe for €5.49/month
• CX43: 8 vCPUs, 16 GB RAM, 160 GB NVMe for €12.49/month
• CX53: 16 vCPUs, 32 GB RAM, 320 GB NVMe for €24.49/month

You can resize between these tiers later without losing data, Hetzner handles the migration. Start small, scale when you need to.

Choose Ubuntu 24.04 LTS. OpenClaw officially supports Ubuntu 22.04 and 24.04. The 24.04 release gives you a newer kernel, updated packages, and security patches through April 2029.

Some operators prefer Debian for its conservative update policy and lighter footprint. Both work, Ubuntu just has broader community support for troubleshooting, and it's what most OpenClaw guides assume.

Enable both IPv4 and IPv6. The IPv4 address is what you'll use for initial SSH access (before Tailscale takes over). IPv6 is free and future-proofs your setup, some services and APIs are starting to prefer it.

Don't worry about the public IPv4 being exposed right now. In the next section, we'll lock it down so only Tailscale traffic gets through.

Paste your public SSH key in the dialog. If you don't have one yet, generate a key pair on your local machine:

Leave Volumes and Firewalls empty for now. The 40 GB NVMe included with CX23 is plenty for OpenClaw (which needs around 1-2 GB for the installation plus workspace). We'll handle firewall rules at the OS level with ufw and Tailscale, which gives us more granular control than Hetzner's cloud firewall.

If the connection succeeds, you're in. This is the last time you'll SSH over the public internet, by the end of the next section, public SSH access will be completely disabled.

If it fails, double-check that the SSH key you pasted matches the private key on your local machine (~/.ssh/id_ed25519), and that your local IP isn't being blocked by any corporate firewall or VPN.

By the end of this section, your VPS will have a completely different security posture:

• Before: SSH on port 22 accepting connections from any IP on earth. Root login enabled. Password authentication possible.


• After: SSH only listens on the Tailscale network interface. Root login disabled. Password auth disabled. Only authorized devices on your Tailscale tailnet can reach the server at all.

This is the "zero trust" approach. The server doesn't trust any network. Access is granted per-device, per-user, through an encrypted mesh, not by IP address or network location.

Tailscale creates a private mesh network (called a "tailnet") between your devices using WireGuard encryption under the hood. Every device on the tailnet gets a stable 100.x.x.x IP address that works regardless of physical network, NAT, or firewall. Traffic between devices is end-to-end encrypted and peer-to-peer, it doesn't route through Tailscale's servers (except for initial coordination).

Think of it as a VPN, but without the VPN server bottleneck. Your laptop talks directly to your VPS through an encrypted tunnel, and that tunnel works from your home Wi-Fi, a coffee shop, a hotel, or a corporate network, no port forwarding or firewall exceptions required.

For our setup, Tailscale replaces traditional SSH key management entirely. With --ssh enabled, Tailscale handles authentication and authorization for SSH connections. You don't need to manage authorized_keys files, rotate SSH keys, or worry about compromised keys, access is controlled through Tailscale's admin console.

For the private network to work, both ends need Tailscale. Download and install Tailscale on the machine you'll manage the VPS from, e.g. your laptop, desktop, or workstation. Tailscale supports macOS, Windows, Linux, iOS, and Android.

Once both devices are connected, you can ping one from the other using their Tailscale IPs. This confirms the encrypted tunnel is working.

The admin console at login.tailscale.com/admin/machines shows all devices on your tailnet, their Tailscale IPs, connection status, and last-seen timestamps. Bookmark this, you'll use it whenever you add a new device or debug connectivity issues.

Now the critical part: we tell the SSH daemon to only listen on the Tailscale network interface. This means SSH becomes completely invisible on the public internet, even a port scan of your public IP won't find it.

Open the SSH configuration file in your VPS terminal:

Then set these two additional options to disable password authentication and root login:

Running everything as root is a security anti-pattern. If an agent or tool gets compromised, root access means the attacker owns the entire machine. A dedicated non-root user limits the blast radius and gives you an audit trail of privileged actions through sudo.

This is the moment of truth. We'll restart the SSH daemon with the new configuration, then verify that:

1. Root SSH over the public IP fails (expected, we disabled both)


2. SSH as clawuser over the Tailscale IP succeeds

If you need to access the server from another device (phone, a second laptop, a CI runner), install Tailscale on that device and connect it to the same tailnet. No SSH key copying needed, Tailscale handles the authentication.

You may still be able to ping the public IP at this stage. That's fine, ping doesn't give an attacker much. We'll close this completely with ufw firewall rules after OpenClaw is installed, in the Firewall & Gateway section.

Before installing, make sure your server meets the minimum requirements:

• OS: Ubuntu 22.04 or 24.04 (server or desktop edition)
• Node.js: Version 22 or newer (the installer handles this automatically)
• CPU: 4 vCPUs minimum
• RAM: 8 GB recommended for cloud models. 32 GB+ if you plan to run local models through Ollama
• Disk: 20 GB minimum. 100 GB+ if pulling local model weights
• Network: Internet connectivity for installation and API calls to model providers

Our Hetzner CX23 (2 vCPUs, 4 GB RAM, 40 GB NVMe) is fine for running OpenClaw with cloud-hosted models. The gateway itself is lightweight. If you need local models, upgrade to CX33 or larger as described in the VPS section.

OpenClaw provides multiple installation methods (npm, pnpm, Git, Docker, Podman, Nix, Ansible), but the one-liner installer script is the fastest path. It detects your Node.js version, installs it if missing, installs the OpenClaw CLI globally, and launches the onboarding wizard:

The script handles everything: Node detection, npm global configuration, CLI installation, and daemon setup. If you prefer more control, you can also install manually:

If you used the installer script, the onboarding wizard launches automatically. If you installed manually, start it with:

The wizard walks you through four configuration decisions:

1. Gateway Location: Select Local. This runs the gateway on the same machine, listening on localhost:18789.
2. Gateway Auth: Choose how the CLI authenticates with the gateway. Options include Token (recommended), Password, or None (for development only).
3. Model Provider: Select your LLM provider. Options include OpenAI (OAuth), Anthropic (API key), Ollama (local models), and others.
4. Primary Model: Choose which model to use by default (e.g., gpt-4o, claude-sonnet-4-5, ollama/qwen3:32b).

For this walkthrough, we'll use OpenAI OAuth, which lets you leverage your existing ChatGPT subscription (including Codex access) without managing API keys separately.

This OAuth flow links your OpenAI account to the OpenClaw gateway. Your agent will use your subscription credits for inference. You can monitor usage at:

Once the wizard completes, OpenClaw writes its configuration to ~/.openclaw/openclaw.json and starts the gateway daemon. The gateway listens on localhost:18789 by default, it's only reachable from the server itself (or through Tailscale if you configure forwarding later).

Verify everything is running:

OpenClaw keeps everything under your home directory:

• ~/.openclaw/openclaw.json: Main configuration file (gateway auth, model providers, channel settings, tool profiles)
• ~/.openclaw/: All state, logs, skill data, and session history
• Gateway port: 18789 on localhost
• Skills directory: ~/.openclaw/skills (managed) or <workspace>/skills (per-workspace, highest precedence)

File permissions matter: openclaw.json should be 600 (user read/write only) and the ~/.openclaw/ directory should be 700.

The installer sets these correctly, but it's worth verifying after any manual edits: