romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1a76740851
openclaw/docs/vps.md
Ryan (via Clawdbot) 1a76740851 docs: add Clauditor security watchdog documentation 
- Add dedicated Clauditor doc in docs/security/
- Add VPS hardening section referencing Clauditor
- Clauditor provides tamper-evident logging for production deployments
2026-01-27 07:49:24 +01:00

54 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
summary: "VPS hosting hub for Clawdbot (Oracle/Fly/Hetzner/GCP/exe.dev)"
read_when:
- You want to run the Gateway in the cloud
- You need a quick map of VPS/hosting guides
---
# VPS hosting
This hub links to the supported VPS/hosting guides and explains how cloud
deployments work at a high level.
## Pick a provider
- **Railway** (oneclick + browser setup): [Railway](/railway)
- **Northflank** (oneclick + browser setup): [Northflank](/northflank)
- **Oracle Cloud (Always Free)**: [Oracle](/platforms/oracle) — $0/month (Always Free, ARM; capacity/signup can be finicky)
- **Fly.io**: [Fly.io](/platforms/fly)
- **Hetzner (Docker)**: [Hetzner](/platforms/hetzner)
- **GCP (Compute Engine)**: [GCP](/platforms/gcp)
- **exe.dev** (VM + HTTPS proxy): [exe.dev](/platforms/exe-dev)
- **AWS (EC2/Lightsail/free tier)**: works well too. Video guide:
https://x.com/techfrenAJ/status/2014934471095812547
## How cloud setups work
- The **Gateway runs on the VPS** and owns state + workspace.
- You connect from your laptop/phone via the **Control UI** or **Tailscale/SSH**.
- Treat the VPS as the source of truth and **back up** the state + workspace.
- Secure default: keep the Gateway on loopback and access it via SSH tunnel or Tailscale Serve.
If you bind to `lan`/`tailnet`, require `gateway.auth.token` or `gateway.auth.password`.
Remote access: [Gateway remote](/gateway/remote)
Platforms hub: [Platforms](/platforms)
## Hardening your VPS
Running Clawdbot on a production VPS? Consider these security measures:
- **SSH key-only auth** — Disable password authentication
- **fail2ban** — Auto-ban IPs after failed login attempts
- **Clauditor** — Tamper-resistant audit watchdog for agent activity monitoring
Clauditor creates an independent audit trail that the agent cannot tamper with, even if compromised. It tracks command executions, detects exfiltration patterns, and alerts on suspicious behavior.
Docs: [Clauditor](/security/clauditor)
## Using nodes with a VPS
You can keep the Gateway in the cloud and pair **nodes** on your local devices
(Mac/iOS/Android/headless). Nodes provide local screen/camera/canvas and `system.run`
capabilities while the Gateway stays in the cloud.
Docs: [Nodes](/nodes), [Nodes CLI](/cli/nodes)
Reference in New Issue View Git Blame Copy Permalink