Introduction to Hetzner
Hetzner is a well-established German cloud provider known for exceptional value. A CX22 instance (2 cores, 4GB RAM) located in Europe costs just a few euros per month, making it an excellent choice for deploying an AI Agent gateway like OpenClaw. This article provides a detailed guide on deploying OpenClaw on Hetzner Cloud using Docker Compose.
Creating a Hetzner Cloud Server
Log in to the Hetzner Cloud Console (console.hetzner.cloud) and click to create a new project or add a server to an existing project.
Choosing Server Configuration
- Location: Choose based on your user distribution — for example, Falkenstein (Germany), Helsinki (Finland), or Ashburn (USA)
- Image: Select Ubuntu 24.04 LTS
- Type: CX22 (2 vCPU, 4GB RAM) or higher is recommended
- SSH Key: Add your public key for secure login
- Networking: Enable both IPv4 and IPv6
After creation, note the server's public IP address.
Connecting to the Server and Installing Docker
Connect to your new server via SSH:
ssh root@your-server-ip
First, update the system and install Docker:
apt update && apt upgrade -y
apt install -y ca-certificates curl gnupg
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
Verify the Docker installation:
docker --version
docker compose version
Creating the Project Directory
Create a dedicated directory for OpenClaw:
mkdir -p /opt/openclaw
cd /opt/openclaw
Writing the Docker Compose Configuration
Create a docker-compose.yml file:
version: "3.8"
services:
openclaw:
image: node:22-slim
container_name: openclaw-gateway
restart: unless-stopped
working_dir: /app
volumes:
- openclaw_config:/root/.openclaw
- openclaw_app:/app
ports:
- "3000:3000"
environment:
- NODE_ENV=production
command: >
bash -c "
npm install -g openclaw@latest &&
openclaw start
"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
volumes:
openclaw_config:
openclaw_app:
This configuration file defines a container based on Node.js 22 that automatically installs the latest version of OpenClaw and starts the service. We use the named volume openclaw_config to persist OpenClaw's configuration directory ~/.openclaw, ensuring configuration data is not lost when the container restarts.
Note that we are not using the Bun runtime here. While Bun is faster in some scenarios, it has known bugs when handling WhatsApp and Telegram WebSocket connections, so the OpenClaw team officially recommends using Node.js.
Starting the Service
Run the following command to start OpenClaw:
docker compose up -d
View the container logs to confirm startup status:
docker compose logs -f openclaw
On the first startup, the container will install OpenClaw first, which may take 1-2 minutes. After you see the service startup success log, press Ctrl+C to exit the log viewer.
Initializing OpenClaw Configuration
Enter the running container to perform initialization:
docker compose exec openclaw bash
Run the onboarding wizard inside the container:
openclaw onboard --install-daemon
Follow the interactive prompts to complete the following configuration:
- Select and configure AI model providers (e.g., OpenAI, Anthropic, etc.)
- Set up the chat platforms to connect (WhatsApp, Telegram, Discord, etc.)
- Configure Webhook URLs and related credentials
After completion, run the diagnostic command to verify everything is working:
openclaw doctor
Exit the container:
exit
Configuring the Firewall
Hetzner Cloud provides a built-in firewall feature. Configure the following rules in the Cloud Console:
- SSH: Allow TCP port 22 inbound
- HTTP: Allow TCP port 80 inbound
- HTTPS: Allow TCP port 443 inbound
- OpenClaw Dashboard: Allow TCP port 3000 inbound (or forward through a reverse proxy)
You can also use UFW on the server:
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 3000/tcp
ufw enable
Configuring Nginx Reverse Proxy (Recommended)
For HTTPS support and better security, an Nginx reverse proxy is recommended:
apt install -y nginx certbot python3-certbot-nginx
Create the Nginx configuration file /etc/nginx/sites-available/openclaw:
server {
server_name openclaw.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Enable the configuration and obtain an SSL certificate:
ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx
certbot --nginx -d openclaw.yourdomain.com
Automatic OpenClaw Updates
Create a simple update script /opt/openclaw/update.sh:
#!/bin/bash
cd /opt/openclaw
docker compose down
docker compose pull
docker compose up -d
docker compose exec -T openclaw npm install -g openclaw@latest
docker compose restart openclaw
Add it to crontab for scheduled automatic updates:
chmod +x /opt/openclaw/update.sh
crontab -e
# Add the following line to auto-update every Sunday at 3 AM
0 3 * * 0 /opt/openclaw/update.sh >> /var/log/openclaw-update.log 2>&1
Backup Strategy
OpenClaw's critical data is stored in the ~/.openclaw/ directory. You can use Hetzner's snapshot feature to back up the entire server, or manually back up the configuration files:
docker compose exec -T openclaw tar czf - /root/.openclaw > /opt/openclaw/backup-$(date +%Y%m%d).tar.gz
Summary
Hetzner Cloud combined with Docker Compose is a cost-effective solution for deploying OpenClaw. With the configuration described in this article, you can have a stably running OpenClaw AI Agent gateway that connects various chat platforms and AI models. Hetzner's European data centers are particularly advantageous for serving European users, while their US nodes can also meet global deployment needs.