Deployment Procedure

1. VPS Preparation

sudo apt update && sudo apt upgrade -y
sudo apt install -y ufw fail2ban git curl
sudo adduser deployer && sudo usermod -aG sudo deployer
  • Copy SSH keys into /home/deployer/.ssh/authorized_keys (chmod 600).
  • Harden SSH (/etc/ssh/sshd_config): disable root login/password auth, then sudo systemctl reload sshd.

2. Docker & Compose

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker deployer
sudo apt install -y docker-compose-plugin

Create /opt/openclaw/docker-compose.yml:

services:
  caddy:
    image: caddy:2
    ports: ["80:80", "443:443"]
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    depends_on: [gateway]
  gateway:
    image: openclaw/gateway:2026.2.18
    environment:
      - OPENCLAW_GATEWAY_TOKEN=<REDACTED>
      - OPENAI_API_KEY=<REDACTED>
    command: ["openclaw","gateway","start","--bind","127.0.0.1:18789"]
    expose: ["18789"]
volumes:
  caddy_data:
  caddy_config:

3. Caddy Configuration

/opt/openclaw/Caddyfile:

fopenclaw.com {
    encode gzip
    basicauth {
        deployer <REDACTED>
    }
    reverse_proxy 127.0.0.1:18789
    log {
        output file /var/log/caddy/access.log
    }
}

Reload with docker compose exec caddy caddy reload --config /etc/caddy/Caddyfile.

4. Initial Bring-up

cd /opt/openclaw
docker compose pull
docker compose up -d
docker compose logs -f gateway

Verify health:

curl -u deployer:<REDACTED> https://fopenclaw.com/status

5. Rollback Strategy

  • Pin known-good tags in compose file.
  • If upgrade fails:
    docker compose down
    docker pull openclaw/gateway:2026.2.18
    docker compose up -d
    
  • Keep tarball backups (docker save openclaw/gateway:2026.2.18 > gateway.tar) for offline restore.

Security Note: Keep /opt/openclaw/.env restricted (chmod 600) since it holds <REDACTED> secrets.


This site uses Just the Docs, a documentation theme for Jekyll.