How to Host OpenClaw on Hetzner for Solo Builders

What is the cleanest way for a solo builder to host OpenClaw on Hetzner?

Use one small dedicated Hetzner VPS for OpenClaw only, keep the Gateway bound to a private path until you know you need public exposure, and treat the server as the source of truth for agent state. That follows OpenClaw's own Linux server guidance, which recommends a cloud VPS, regular state backups, and loopback or Tailscale-first access by default (OpenClaw Linux server docs).

If you are building alone, the real win is not squeezing the lowest monthly price out of the box. It is keeping the setup simple enough that you can still understand it two weeks later when something breaks.

Quick answer

For most solo builders, the practical starting pattern is:

1. create one Ubuntu VPS on Hetzner
2. use a non-root admin user with SSH keys only
3. install OpenClaw on a dedicated path
4. keep secrets server-side
5. start with one internal workflow before adding more channels

That gives you an always-on home for OpenClaw without turning your personal laptop into the runtime boundary.

Why solo builders keep choosing Hetzner

Hetzner is attractive for three straightforward reasons:

• it is easy to create and rescale cloud servers later (Hetzner server creation)
• it supports both shared vCPU and dedicated vCPU plans, so you can start small and move up when browser work gets heavier (Hetzner server overview)
• it has built-in firewall, network, snapshot, and backup primitives you can use without inventing your own ops stack

That said, Hetzner is still just infrastructure. It does not save you from weak SSH setup, loose secrets handling, or a messy browser automation lane.

When Hetzner is a good fit for OpenClaw

Hetzner is usually a good fit when:

• you want OpenClaw online all the time instead of on your laptop
• you are comfortable with a light Linux admin surface
• you want root access and predictable infrastructure
• you want the freedom to pair OpenClaw with your own model gateway later

It is a bad fit when what you really want is "no server thinking at all." In that case, a managed hosting path is usually the more honest answer.

The smallest Hetzner setup worth paying for

For solo work, avoid the trap of optimizing for the absolute cheapest VM. A box that technically boots but collapses under browser sessions is not actually cheaper.

Good starting defaults:

• Ubuntu LTS
• at least 2 vCPU
• at least 4 GB RAM for light use
• enough disk for logs, browser artifacts, and workspace files
• one public IP only if you truly need it

OpenClaw's VPS guide also recommends treating the server as a dedicated runtime and backing up state plus workspace regularly (OpenClaw Linux server docs).

Step-by-step OpenClaw deployment on Hetzner

1. Create the VPS

In Hetzner Cloud, create a new server and choose Ubuntu. Hetzner lets you add firewalls, volumes, and private networking at creation time, and you can rescale later if needed (Hetzner server creation).

2. Harden admin access first

Before you install anything interesting:

• create a non-root admin user
• add your SSH public key
• disable password login
• allow SSH only

OpenClaw's VPS docs make the same point in plainer language: harden admin access before you expose more services (OpenClaw Linux server docs).

3. Keep the runtime in one directory

Put OpenClaw in one dedicated path such as /opt/openclaw. That gives you one place for:

• runtime files
• logs
• local workspace state
• backups and snapshots

Solo builders get into trouble when the runtime sprawls across a home directory full of unrelated repos and shell experiments.

4. Keep secrets on the server

Do not leave provider keys in random shell history or commit them into local config by accident. OpenAI's own key-safety guidance is blunt: keep keys out of source control and use environment variables or a secure server-side store (OpenAI API key safety).

5. Start with one workflow

Do not connect Slack, Telegram, browser automation, and model failover all at once. Start with one narrow job, get it stable, then expand. That sounds conservative because it is. Solo operations need boring defaults.

Security basics before you leave it running

Use this short checklist before you call the deployment "live":

• SSH key auth only
• no shared admin account
• firewall allowlist in place
• OpenClaw running on its own host
• secrets stored server-side
• one tested restart path
• one tested backup path

If browser automation is involved, treat it as a higher-risk surface than API-only agent work.

Common problems solo builders hit first

Under-sizing RAM

This shows up as browser instability, slow restarts, and a box that looks "fine" until a second session appears.

Leaving secrets unmanaged

The usual pattern is a key in .env, then the file gets copied, backed up, or committed somewhere it should not be.

No restart plan

If you cannot answer "how does this service come back after a reboot?" you are not done.

When to stop self-hosting and move up a level

Self-hosting is worth it when the runtime is still simple and the learning is useful. It stops being a good trade when:

• you are babysitting uptime
• browser tasks are piling up
• approvals and channels are spreading
• the server has become a second product you now operate

That is usually the point where Managed OpenClaw Hosting or a more opinionated platform starts looking less like a luxury and more like basic time management.

FAQ

Is Hetzner a good first host for OpenClaw?

Yes. For solo builders, it is one of the cleaner first VPS choices because the setup is straightforward and you can rescale later.

Should I expose the Gateway publicly right away?

Usually no. OpenClaw's docs lean toward loopback, SSH tunnel, or Tailscale-first access when possible (OpenClaw Linux server docs).

What is the minimum usable server for OpenClaw?

For light solo use, start around 2 vCPU and 4 GB RAM. Browser-heavy work often needs more.

Sources and notes

• OpenClaw Linux server docs
• Hetzner server overview
• Hetzner server creation
• OpenAI API key safety

Related reading: How to run OpenClaw on a private VPS, Best VPS for OpenClaw and autonomous agents, Pricing.