OpenClaw Setup

SwarmClaw can deploy, verify, save, and operate OpenClaw control planes directly from the app and CLI. The goal is simple: let non-technical users stand up a local or remote OpenClaw instance using only official OpenClaw sources and their own infrastructure.

Smart Deploy

Smart Deploy is available in three places:

Onboarding — deploy OpenClaw before you finish first-run setup
Providers -> OpenClaw Gateways — add new control planes later from the main app
Gateway editor — re-run the same deployment flow while editing any saved gateway profile

The built-in flow stays official-only:

Local deploys use the bundled official openclaw CLI already shipped with SwarmClaw
VPS deploys use the official OpenClaw Docker image
Hosted templates target the official OpenClaw repo for Render, Fly.io, and Railway

SwarmClaw also carries the resulting endpoint, token, deployment metadata, and verification state back into the gateway profile you save from onboarding or the Providers screen.

Local Quickstart

Use Smart Deploy -> Local when SwarmClaw and OpenClaw should run on the same machine.

What SwarmClaw does for you:

picks the standard OpenClaw port by default
generates a gateway token if you do not provide one
starts a managed local runtime
prefills the endpoint and token back into the setup form or provider screen
verifies the endpoint and gives you copyable launch and persistent-install commands

This is the easiest path for a laptop, desktop, Mac mini, or homelab box.

Choose a Template

Smart Deploy includes outcome-based defaults:

Local Dev: one-machine setup, loopback exposure, fast local verification
Single VPS: balanced default for most remote installs
Private Tailnet: assumes the gateway should stay private behind a tailnet
Browser Heavy: roomier defaults for browser-backed workers and automation
Team Control: shared operator setup with backup-friendly defaults

These templates are saved into the gateway profile so agents and route targets can later prefer gateways by use case.

Safe Exposure Presets

Smart Deploy also includes exposure presets:

Private LAN: only for trusted local networks
Tailscale: best default for private remote installs
Caddy: reverse proxy with simple HTTPS termination
Nginx: reverse proxy for teams with an existing TLS story
SSH Tunnel: keep the gateway private and forward it only when needed

For most remote users, start with Tailscale or SSH Tunnel. Use Caddy or Nginx only when you intentionally want public or shared HTTPS ingress.

VPS Smart Deploy

Use Smart Deploy -> Remote -> VPS Smart Deploy when the control plane should live on another machine.

Supported presets:

Hetzner
DigitalOcean
Vultr
Linode
Lightsail
Google Cloud
Azure
OCI
Generic Ubuntu VPS

For VPS targets, SwarmClaw generates:

cloud-init.yaml
.env
docker-compose.yml
bootstrap.sh

These files are preconfigured with smart defaults:

official OpenClaw Docker image
generated gateway token
standard gateway and bridge ports
persistent config/workspace paths
provider-specific runbook text for the selected VPS host

For most users, the fastest path is:

Pick a VPS provider preset.
Generate the bundle.
Paste cloud-init.yaml into the provider's user-data or cloud-init field when creating the VM.
Wait for first boot to finish.
Paste the generated endpoint and token back into SwarmClaw, verify the gateway, and save the gateway profile.

In-House SSH Deploy

If you already have a VPS, use Smart Deploy -> Remote -> Deploy Over SSH.

SwarmClaw will:

generate the official-image Docker bundle
copy it to your host over SSH
run the bootstrap there
save the SSH target details into the gateway profile
keep remote lifecycle controls attached to that saved gateway

This keeps the entire flow inside your own infrastructure and avoids unofficial OpenClaw deployment services.

Hosted Repo-Backed Deploys

If you prefer a managed platform instead of a raw VPS, Smart Deploy can also generate templates for:

Render
Fly.io
Railway

These flows are repo-backed and assume the official OpenClaw repository, not a third-party OpenClaw deployment service.

Remote Lifecycle

For SSH-managed gateways, SwarmClaw can also run:

start
stop
restart
upgrade
backup
restore backup
rotate gateway token

These controls are available from the main Providers screen and from the gateway editor, not only during onboarding.

Gateway Profiles, Import, and Clone

Once a control plane exists, save it as a named OpenClaw gateway profile.

That gives you:

verified endpoint/token reuse across multiple agents
notes, tags, use-case metadata, and exposure metadata on the saved profile
import/export JSON flows from the gateway editor
quick clone flows from the Providers screen
a reusable control plane for a swarm of OpenClaw-backed agents

CLI Equivalents

Everything exposed in the UI also has CLI coverage:

swarmclaw openclaw deploy-status
swarmclaw openclaw deploy-local-start --data '{"port":18789}'
swarmclaw openclaw deploy-local-restart --data '{"port":18789}'
swarmclaw openclaw deploy-local-stop
swarmclaw openclaw deploy-bundle --data '{"template":"docker","provider":"hetzner","target":"openclaw.example.com"}'
swarmclaw openclaw deploy-ssh --data '{"target":"openclaw.example.com","provider":"hetzner","ssh":{"host":"your-vps-ip"}}'
swarmclaw openclaw remote-backup --data '{"ssh":{"host":"your-vps-ip"}}'
swarmclaw openclaw remote-restore --data '{"backupPath":"/opt/openclaw/backups/openclaw-backup-123.tgz","ssh":{"host":"your-vps-ip"}}'
swarmclaw openclaw deploy-verify --data '{"endpoint":"https://openclaw.example.com/v1"}'

The JSON response includes generated tokens, endpoints, runbook steps, file contents, lifecycle summaries, and remote status so the same flow can be automated from scripts.

Security Guidance

Prefer private access paths such as Tailscale or SSH tunnels.
If you expose a gateway publicly, put it behind TLS and keep the gateway token private.
Do not use unofficial OpenClaw deployment services or unverified prebuilt images.
Back up persistent state on remote hosts if the gateway matters to your workflow.