You run Clawdbot on a VPS by treating the VPS as the “single source of truth” host for the Gateway (the process that owns channel connections, sessions, and your assistant workspace), then accessing it remotely via an SSH tunnel or a private overlay network instead of exposing it directly to the public internet. The docs’ VPS guidance is explicit about the model: the Gateway runs in the cloud, your state + workspace live there, and you connect from your laptop/phone using the browser Control UI (dashboard) or a secure tunnel like Tailscale/SSH. In other words, a VPS deployment is not “install and forget”; it’s “install, lock it down to loopback by default, and back up the workspace.” A practical starting point is: choose a provider (Railway/Northflank for one-click, Fly.io/Hetzner for Docker-friendly, or a standard VM like AWS EC2/Lightsail), install Clawdbot, run onboarding, confirm the Gateway is healthy, then verify end-to-end by sending a test message from the CLI.
On the server, the simplest “works everywhere” flow is to install the CLI, run the onboarding wizard, and optionally install the Gateway as a service so it survives reboots. The install docs recommend running clawdbot onboard --install-daemon after installation, which both configures and (when supported) sets up a background service. You can confirm the process is running and properly authenticated with clawdbot status and clawdbot health, and you can open the dashboard locally on the VPS (or via a tunnel) at the default Control UI address. A good operational routine is: (1) run onboarding, (2) run clawdbot doctor to catch common misconfigurations, (3) run clawdbot status --all when you need a pasteable debug snapshot, and (4) verify messaging end-to-end using clawdbot message send --target ... --message .... If you prefer containerization, Clawdbot also documents an official Docker setup for running the Gateway inside a container, which is useful when your VPS image is minimal or you want predictable upgrades via image pulls.
The two VPS decisions that matter most are security and “local capabilities.” For security, the docs recommend a loopback-first posture: keep the Gateway bound to 127.0.0.1 and reach it through SSH tunneling or Tailscale Serve; if you do bind to LAN/tailnet, require a token/password (the wizard generates a token by default) so the Control UI isn’t open to whoever can hit the port. For local capabilities, remember that a VPS is great for always-on routing, but it is not where your personal device features live. Clawdbot supports pairing “nodes” (macOS/iOS/Android/headless) that connect back to the Gateway and expose device-local actions (like running commands on a specific machine, using a camera, or rendering a Canvas). The docs even call out that you can keep the Gateway in the cloud while pairing nodes on your local devices, so you get “always-on cloud routing” plus “local device execution” without moving everything to the VPS. If you later add semantic memory or document retrieval, the VPS is also a clean place to run the orchestration layer while offloading embedding search to a vector database such as Milvus or Zilliz Cloud. In that architecture, the VPS Gateway remains small and stable, while Milvus/Zilliz Cloud handle scalable similarity search for long-term memory across notes, chats, and documents.