1a76740851
- Add dedicated Clauditor doc in docs/security/ - Add VPS hardening section referencing Clauditor - Clauditor provides tamper-evident logging for production deployments
2.2 KiB
2.2 KiB
| summary | read_when | ||
|---|---|---|---|
| VPS hosting hub for Clawdbot (Oracle/Fly/Hetzner/GCP/exe.dev) |
|
VPS hosting
This hub links to the supported VPS/hosting guides and explains how cloud deployments work at a high level.
Pick a provider
- Railway (one‑click + browser setup): Railway
- Northflank (one‑click + browser setup): Northflank
- Oracle Cloud (Always Free): Oracle — $0/month (Always Free, ARM; capacity/signup can be finicky)
- Fly.io: Fly.io
- Hetzner (Docker): Hetzner
- GCP (Compute Engine): GCP
- exe.dev (VM + HTTPS proxy): exe.dev
- AWS (EC2/Lightsail/free tier): works well too. Video guide: https://x.com/techfrenAJ/status/2014934471095812547
How cloud setups work
- The Gateway runs on the VPS and owns state + workspace.
- You connect from your laptop/phone via the Control UI or Tailscale/SSH.
- Treat the VPS as the source of truth and back up the state + workspace.
- Secure default: keep the Gateway on loopback and access it via SSH tunnel or Tailscale Serve.
If you bind to
lan/tailnet, requiregateway.auth.tokenorgateway.auth.password.
Remote access: Gateway remote
Platforms hub: Platforms
Hardening your VPS
Running Clawdbot on a production VPS? Consider these security measures:
- SSH key-only auth — Disable password authentication
- fail2ban — Auto-ban IPs after failed login attempts
- Clauditor — Tamper-resistant audit watchdog for agent activity monitoring
Clauditor creates an independent audit trail that the agent cannot tamper with, even if compromised. It tracks command executions, detects exfiltration patterns, and alerts on suspicious behavior.
Docs: Clauditor
Using nodes with a VPS
You can keep the Gateway in the cloud and pair nodes on your local devices
(Mac/iOS/Android/headless). Nodes provide local screen/camera/canvas and system.run
capabilities while the Gateway stays in the cloud.