Running OpenClaw
in Production

Executive Summary

OpenClaw is an open-source AI agent platform that gives autonomous bots full system access: shell commands, file systems, browser control, and messaging APIs. It is one of the most capable self-hosted agent frameworks available. It is also one of the most difficult to deploy safely and maintain over time.

Out of the box, OpenClaw is designed for local development. Moving it to a production environment — where it handles real customer interactions, processes sensitive data, and runs 24/7 — requires expertise across server administration, container security, network architecture, backup strategy, monitoring, and the OpenClaw platform itself.

ManagedOpenClaw is a managed service that handles all of it. We deploy hardened OpenClaw instances on dedicated infrastructure, maintain them over time, and support the businesses that rely on them. This white paper explains why that matters, what we do, and how it works.

Why OpenClaw

The AI agent landscape is evolving rapidly. Most platforms fall into one of two categories: hosted SaaS products where you rent access to someone else's infrastructure, or open-source frameworks you run yourself. Each has tradeoffs.

Hosted platforms are convenient. Sign up, configure a bot, connect a channel. But your data lives on their servers, alongside every other customer's data. You don't control the infrastructure, you can't audit the security, and if the platform changes pricing or shuts down, your agent goes with it.

OpenClaw sits in the other camp. It's open-source, self-hosted, and extraordinarily capable. Your agent runs on hardware you control. Your data never leaves your server. Your API keys stay in your possession. You can customize everything — tools, skills, models, channels, workflows — without waiting for a vendor to ship a feature.

For businesses that handle client data, proprietary workflows, financial information, legal documents, or anything where data sovereignty matters, self-hosted is the right posture. The question is not whether to self-host, but how to do it well.

The Gap Between Development and Production

OpenClaw's maintainers are transparent about the platform's maturity. The onboarding wizard displays a security warning that reads: "OpenClaw is a hobby project and still in beta. Expect sharp edges... A bad prompt can trick it into doing unsafe things."

This honesty is admirable. It also means that the default installation is optimized for developers experimenting on their own machines, not businesses running agents in production. The gap between those two contexts is significant:

• Security. Authentication is disabled by default. The gateway is exposed to the public internet. There is no firewall, no encryption in transit, and no access control. Security researchers at Kaspersky, Palo Alto Networks, and Cisco Talos have all flagged default OpenClaw installations as high-risk.
• Reliability. There is no built-in health monitoring, no automatic restart on failure, no backup system, and no structured approach to updates. If the container crashes at 2am, nobody knows until a customer reports it.
• Operations. OpenClaw updates frequently. Each update may introduce breaking changes, new configuration requirements, or security patches that need prompt attention. Somebody needs to track releases, test updates, apply patches, and verify that everything still works.
• Expertise. Getting OpenClaw into a production-ready state requires knowledge of Linux server administration, Docker, reverse proxies, TLS certificates, firewall configuration, DNS, backup tooling, and the OpenClaw platform itself. Most businesses don't have this expertise on staff, and hiring for it is expensive.

Security Hardening

Security is the most visible gap in default OpenClaw, and the most dangerous to leave unaddressed. Every ManagedOpenClaw deployment includes the following controls, configured automatically during provisioning.

Operating System

• SSH key-only authentication. Password login is disabled. Root login is disabled. Only the designated service user can connect, and only with a pre-authorized SSH key.
• Firewall with explicit allowlist. UFW is configured with a default-deny policy. Only ports 22 (SSH), 80 (HTTP for certificate issuance), and 443 (HTTPS) are open.
• Brute-force protection. fail2ban monitors SSH logs and automatically bans IPs after repeated failed authentication attempts.
• Automatic security updates. The OS security pocket receives unattended upgrades. Critical patches are applied without manual intervention.

Network Architecture

Docker has a well-known behavior where published ports bypass the host firewall by manipulating iptables directly. This means even with UFW configured, a Docker container can expose ports to the internet. We solve this at the Docker daemon level: all published ports bind to 127.0.0.1 by default. No container on the server can expose a port externally.

All external traffic flows through Caddy, a production-grade reverse proxy that automatically provisions and renews TLS certificates. The gateway is only reachable via HTTPS. There is no plain HTTP path to the application.

Application Security

• Gateway authentication. A cryptographically random 256-bit token is generated during provisioning. The dashboard and API reject all connections without it.
• Device pairing. Each browser must be explicitly approved from the server's command line before it can interact with the gateway. This provides a second layer of access control.
• CORS restrictions. The Control UI only accepts requests from the deployment's HTTPS subdomain. Cross-origin requests are rejected.
• Credential isolation. OAuth tokens are stored with owner-only file permissions (600). Other configuration files use permissions that allow the Docker container to read/write without exposing credentials.

Infrastructure

Every ManagedOpenClaw deployment runs on dedicated infrastructure. This is not a shared platform. There is no multi-tenancy. Each client gets their own server that nobody else touches.

Cloud Provider

We deploy on your choice of cloud provider — Hetzner, AWS, DigitalOcean, or others. The architecture is platform-agnostic. We recommend the provider and server specification that best fits your usage profile and budget. For most deployments, a modest VPS with 2 vCPUs and 4 GB RAM is more than sufficient to run an OpenClaw agent handling hundreds of conversations per day.

Architecture

• Dedicated VPS — one server per client, isolated from every other customer.
• Ubuntu LTS — minimal image with automatic security updates.
• Docker + Docker Compose — application runs in isolated containers with the daemon locked to localhost.
• Caddy reverse proxy — automatic HTTPS, TLS termination, single ingress point.
• Custom subdomain — your agent gets a dedicated URL with automatic certificate provisioning.
• Encrypted backups — nightly restic backups to off-server storage with 30-day retention and AES-256 encryption at rest.
• Health monitoring — automated checks every 5 minutes with automatic restart on failure.

Disaster Recovery

Every deployment includes automated nightly backups covering configuration, agent memory, conversation history, workspace files, and all OpenClaw data. Backups are encrypted and stored on separate infrastructure from the server itself. If a server fails catastrophically, we can restore a fully functional deployment from backup. Managed care clients receive monthly restore tests to verify backup integrity.

Deployment & Onboarding

Getting a new OpenClaw instance from zero to production involves dozens of steps across multiple systems: cloud provisioning, DNS configuration, OS hardening, Docker installation, OpenClaw build, gateway configuration, OAuth handshake, channel integration, permission tuning, and verification. Done manually, this takes hours and is error-prone.

We've automated the entire process. Our provisioning toolkit creates a fully hardened, production-ready OpenClaw server in under 10 minutes. The only manual step is the OAuth handshake (connecting your AI model provider), which requires human interaction for security reasons — we sit with you on a call or walk you through it asynchronously.

After provisioning, we configure your agent's personality, connect messaging channels (Discord, Telegram, Slack, or custom integrations), set up tool access levels, and verify that everything works end-to-end. You get a working agent that's live and responding to messages.

Ongoing Operations

Deployment is the beginning, not the end. Running an AI agent in production is an ongoing operation. Things break, dependencies update, models change, costs fluctuate, and the business needs evolve. Someone needs to be watching.

Patching & Updates

• Critical security patches (CVSS 9.0+) are applied the same day they become available for any component in the stack: Ubuntu, Docker, Caddy, Node.js, or OpenClaw itself.
• Routine updates — non-critical OpenClaw releases, dependency bumps, and minor patches — are applied within 48 hours of stable release.
• Breaking changes are tested in isolation before applying. If an update requires configuration changes or has known issues, we handle the migration and notify you of any behavioral changes.

Monitoring & Health

• Automated health checks run every 5 minutes. If the gateway container goes down, it's restarted automatically.
• Weekly operational reviews cover uptime, container status, disk usage, error rates, and gateway logs. Issues are caught and resolved before they become incidents.
• API cost monitoring tracks your AI model spend. If costs spike unexpectedly — a signal of abuse, misconfiguration, or runaway loops — you're notified immediately.

Backup & Recovery

• Nightly encrypted backups capture everything: configuration, agent memory, sessions, workspace, and conversation history.
• 30-day retention with daily granularity. You can recover to any point in the last month.
• Monthly restore tests verify that backups actually work. We spin up a test instance from the latest backup and confirm the gateway comes up correctly.
• Off-server storage. Backups live on separate infrastructure. If the server is compromised or lost, backups survive.

Support

When something goes wrong — or when you want to change how your agent works — you talk to a human who knows your deployment. Our support is not a ticketing system staffed by generalists. We know your server, your configuration, and your use case. Priority support clients receive responses within 4 business hours.

Agent Development & Customization

A running OpenClaw instance is a foundation, not a finished product. The value comes from what you build on top of it: the agent's personality, the tools it has access to, the workflows it automates, and the channels it connects to.

Template Bots

We maintain a library of proven bot templates for common business use cases: sales prospecting, customer support triage, internal knowledge Q&A, team training, and SOP helpers. These are battle-tested configurations that we deploy and customize to your specific business context. For most businesses, a template bot is the fastest path to value.

Custom Agents

For businesses with unique workflows, we build custom agents from scratch. This starts with a discovery process: understanding your operations, identifying automation opportunities, and designing an agent that fits your team's actual work. We handle the technical implementation — custom tools, integrations, guardrails, testing — and hand off a documented, production-ready agent.

Iterating Over Time

AI agents get better with use. As your team works with the agent, you'll discover new capabilities to add, edge cases to handle, and workflows to automate. We support ongoing iteration: adding new tools, refining prompts, connecting new channels, and adjusting behavior based on real-world feedback. This is not a one-time project — it's a long-term partnership.

Cost Model

ManagedOpenClaw has no hidden fees and no markups on infrastructure. The cost structure is transparent:

Your Direct Costs

• Cloud hosting: $5–12/month for the VPS, paid directly to your cloud provider.
• AI model API usage: $20–60/month typical for an active agent, paid directly to your model provider (OpenAI, Anthropic, etc.).

Total infrastructure cost for most deployments: roughly $25–75/month.

Our Fees

• Setup: One-time fee based on scope (guided setup, template bot, or custom build).
• Managed care: Monthly fee for ongoing operations, security, backups, and support.

We add zero markup to your infrastructure or API costs. You pay your cloud provider and your model provider directly, at their published rates. We earn our fee by keeping everything running, secure, and improving over time.

Default OpenClaw vs. ManagedOpenClaw

The Ownership Model

ManagedOpenClaw is not a SaaS platform. We do not host your agent on our infrastructure. We do not hold your API keys. We do not have ongoing access to your server unless you explicitly grant it for managed care.

Every deployment is built on infrastructure that you own. The VPS is in your cloud account (or a dedicated account we create for you). The domain points to your server. The API keys are yours. The conversation history, agent memory, and all data stays on your hardware.

If you stop working with us, everything keeps running exactly as it was. There is no kill switch, no license expiration, no data held hostage. The OpenClaw software is open-source. The server is yours. You walk away with a fully operational system.

This model exists because we believe businesses running AI agents with access to sensitive data should own and control the infrastructure those agents run on. Multi-tenant platforms are fine for experimentation. For production use with client data, employee data, or proprietary workflows, owned infrastructure is the right choice.

For Agencies

Marketing agencies, consulting firms, and service providers represent one of our most common client profiles. The pattern is consistent: an agency wants to offer AI capabilities to their clients without building or managing the infrastructure themselves.

ManagedOpenClaw supports this with isolated, per-client deployments. Each of your clients gets their own dedicated server, their own subdomain, their own agent configuration. There is no cross-contamination of data between clients. You own the client relationship and the pricing — we handle the backend.

This gives agencies a new revenue stream (AI agent services) with zero DevOps overhead. You don't need to hire a systems administrator or learn Docker. You need a partner who handles the technical layer while you focus on your clients' business outcomes.

We work with agencies at every scale, from solo consultants deploying their first bot to firms managing dozens of client instances. The infrastructure and support scales with you.

Conclusion

OpenClaw is one of the most powerful self-hosted AI agent platforms available. Its default configuration is designed for developers experimenting locally. Moving it to production — where it serves real customers, handles sensitive data, and needs to run reliably around the clock — is a different challenge entirely.

That challenge requires security hardening, infrastructure provisioning, ongoing operations, backup and recovery strategy, update management, cost monitoring, and platform expertise. Most businesses don't have this expertise on staff, and building it internally is expensive and slow.

ManagedOpenClaw exists to solve that problem. We handle the infrastructure so you can focus on what the agent actually does for your business. Every deployment is hardened, monitored, backed up, and supported. You own everything. We keep it running.

If you're considering OpenClaw for your business — or if you've already deployed it and want it production-ready — we'd welcome the conversation.