Self-Hosting an AI Agent on a $6 VPS: How I Set Up OpenClaw
ChatGPT Plus is $20/month and you get whatever interface they give you. My self-hosted setup costs about $6-10/month total, connects to Telegram and WhatsApp, runs my own tools, and stores nothing outside my infrastructure. Here's the full setup.
I've been running OpenClaw on a cheap VPS for a while now. The agent is available on my phone via WhatsApp, handles file uploads, runs code, and has persistent memory across conversations. It's connected to Anthropic's API so I'm using the same models as Claude.ai — just without Anthropic seeing my conversations or controlling the interface.
What OpenClaw actually is
OpenClaw is a self-hosted gateway that connects chat apps (Telegram, WhatsApp, Discord, Signal, iMessage, and about 15 others) to AI agents. It's MIT licensed, runs on your hardware, and you bring your own API keys. A single Gateway process serves all connected channels simultaneously and exposes a local web dashboard.
The architecture is straightforward:
Chat apps → Gateway → AI agent (Anthropic/OpenAI/Ollama/etc)
↓
Web dashboard (local)Sessions are isolated per channel — a message to the agent's WhatsApp number goes to the main session, a different conversation from a group chat stays separate. Routing is deterministic: replies go back to the originating channel.
It supports 35+ model providers: Anthropic, OpenAI, Google, xAI, Ollama, and anything with an OpenAI-compatible endpoint. I use Claude (Anthropic) as the primary because tool use is excellent.
Why self-host vs just using ChatGPT
The honest answer: control. When I use ChatGPT, I'm using their interface, their data handling, their rate limits, and their tool selection. Self-hosting means:
- Your data stays local. Conversations, memory, and files live on your VPS. The only external traffic is the API call to the model provider.
- Your tools. You can wire up arbitrary shell scripts, MCP servers, or custom tooling. The agent runs in a workspace directory that's just a folder on your server.
- Your channels. WhatsApp, Telegram, Discord — wherever you already communicate. No app switching.
- Cost scales with actual usage. Pay-per-token API pricing is much cheaper than a $20 flat subscription if you're a power user who cares about actual output quality (not volume).
The actual install
Requirements: a Linux VPS, Node 24 (or Node 22.14+). The installer handles detection and setup:
# Installs OpenClaw, detects OS, installs Node if needed, runs onboarding
curl -fsSL https://openclaw.ai/install.sh | bashAfter install, verify everything's healthy:
openclaw --version
openclaw doctor
openclaw gateway statusConnect a channel (Telegram is easiest to start with, since it uses a bot token rather than scanning a QR code):
# Login to your chat channel
openclaw channels login
# Start the gateway
openclaw gateway --port 18789
The gateway runs on http://127.0.0.1:18789 by default. Dashboard is at that address,
local access only.
systemd service (so it survives reboots)
On Linux, OpenClaw installs a systemd user service during onboarding. If you want to manage it manually:
# The onboarding wizard sets this up, but if you're doing it manually:
openclaw onboard --install-daemon
# Check status
systemctl --user status openclaw-gateway
# View logs
journalctl --user -u openclaw-gateway -fVPS configuration
Keep the gateway on loopback (127.0.0.1). You don't want it exposed to the public
internet directly. For remote access from your phone or laptop, use Tailscale:
# Install Tailscale on the VPS
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
# Now your VPS is on your tailnet — access dashboard at http://vps-hostname:18789
If you do need to bind to a non-loopback address (LAN, tailnet, etc.), set an auth token in
~/.openclaw/openclaw.json:
{
"gateway": {
"auth": {
"token": "your-strong-secret-token"
}
}
}UFW setup for the VPS:
ufw default deny incoming
ufw allow ssh
ufw enable
# Port 18789 is NOT opened — access is via Tailscale only
SSH key-only auth — disable password auth in /etc/ssh/sshd_config:
PasswordAuthentication no.
Workspace files: the agent's context
OpenClaw auto-creates a workspace at ~/.openclaw/workspace with several markdown
files. These are loaded into the agent's context and define its behavior:
| File | Purpose |
|---|---|
| AGENTS.md | Agent configuration, capabilities, routing rules |
| SOUL.md | Personality, tone, values — who the agent is |
| TOOLS.md | Available tools and how to use them |
| IDENTITY.md | Name, persona details |
| USER.md | Information about you — the agent's primary user |
| HEARTBEAT.md | Instructions for proactive heartbeat checks |
| MEMORY.md | Optional persistent memory index |
Treat the workspace as a git repo — version control your workspace files. If you need to migrate
to a new VPS, you copy ~/.openclaw/ (the entire directory, not just the config) plus
the workspace.
Example of what SOUL.md might look like:
# Agent Soul
You are a personal assistant for Itamar. Direct and efficient.
You don't pad responses with pleasantries. If something needs a one-word
answer, give one word. You have access to the server and can run commands.
When asked about technical things, assume Itamar knows what he's doing.
Skip the safety warnings unless there's a genuinely novel risk he probably
hasn't considered.Heartbeats: the agent that checks things while you sleep
Heartbeats are a proactive mode where the agent wakes up on a schedule and does things without
being asked. By default, every 30 minutes. It reads HEARTBEAT.md to know what to check.
Practical examples of what I have in my HEARTBEAT.md:
# Heartbeat Instructions
Every 30 minutes:
- Check if any servers in my monitoring list have high load (>80% CPU for >5 min)
- Check for new GitHub notifications and summarize anything that needs action
- If it's morning, summarize any overnight alerts or events
Only message me if there's something that actually needs attention.
Don't send status-is-fine updates. Silence is golden.The agent can send a message to your WhatsApp or Telegram when something needs attention. It's genuinely useful — I've gotten morning summaries that saved me from missing a failing deploy.
Real costs
Here's what this actually costs me per month:
| Item | Cost | Notes |
|---|---|---|
| VPS (Hetzner CAX11) | $4.15/mo | 2 ARM cores, 4 GB RAM, Falkenstein DC |
| Anthropic API | $3–15/mo | Varies by usage. Claude Sonnet ~$3/1M tokens |
| Tailscale | $0 | Free tier covers personal use |
| Total | ~$7–20/mo | Heavy API use pushes it higher |
Compare to ChatGPT Plus at $20/month where you get rate-limited access and no tool customization. If you're a light user, ChatGPT is probably fine. If you want the agent integrated into your actual workflow with your own tools, self-hosting pays off quickly.
The API billing is pay-per-token so heavy usage months cost more. But I find that targeted, high-quality interactions are cheaper than the "leave the tab open all day" ChatGPT pattern.
WhatsApp setup note
Use a dedicated second phone number for the agent's WhatsApp. Don't link it to your personal number. WhatsApp doesn't officially support bots on personal accounts, and you don't want an accidental ban to affect your actual number.
After logging in, lock it down immediately:
# In ~/.openclaw/openclaw.json
{
"channels": {
"whatsapp": {
"allowFrom": ["+972501234567"] // Your personal number only
}
}
}
Without allowFrom, anyone who gets the number can chat with your agent. Set this
before you tell anyone the number exists.
Migration and backup
Everything lives in ~/.openclaw/. To migrate to a new VPS:
# On old VPS: tar up the whole directory
tar -czf openclaw-backup.tar.gz ~/.openclaw/
# Transfer to new VPS
scp openclaw-backup.tar.gz user@newvps:~/
# On new VPS: install OpenClaw, then restore
curl -fsSL https://openclaw.ai/install.sh | bash
tar -xzf openclaw-backup.tar.gz -C ~/
openclaw doctor
The config file alone isn't enough — auth profiles, channel state, and session history all live
in subdirectories under ~/.openclaw/. Copy the whole thing.