Test Server Specs

Baseline Before Installation

Step 1: Connect to the Droplet

Step 2: Update the Server

Step 3: Install Node.js 24

Step 4: Install OpenClaw

Step 5: Run the First Doctor Check

Step 6: Configure DeepSeek

Step 7: Check the Gateway Exposure

Step 8: Run Doctor Again

Step 9: Run a DeepSeek Smoke Test

Security Notes

1. Do not expose the gateway publicly

2. Treat the gateway token as sensitive

3. Configure a command owner before connecting chat channels

4. Keep screenshots clean

Problems I Ran Into

The system update took longer than the OpenClaw install

Install does not equal ready-to-use

openclaw chat --local --message was not the best smoke test

Security warnings are real, not cosmetic

Final Verdict

Next Steps I tested OpenClaw on a fresh DigitalOcean VPS to see whether it can be installed, configured with DeepSeek, and run safely without exposing the gateway to the public internet. This is not a glossy "deploy in five minutes" walkthrough, and it is not a benchmark across multiple VPS providers. It is a hands-on setup note from one DigitalOcean Droplet, with the exact configuration, commands, problems, and security warnings I ran into. For this test, I used a DigitalOcean Droplet with the following setup: I opted for the 4 GB RAM tier instead of skimping on the 1 GB or 2 GB entry-level Droplets because OpenClaw is not just a static web app. It runs an agent runtime, gateway process, model provider configuration, workspace files, plugins, and local state. A smaller VPS might still work for limited tests, but 4 GB gives you more room before memory-related issues start muddying the results. Before installing OpenClaw, the server was almost empty: This matters because it gives us a clean baseline. If something starts listening on a public port later, we can tell whether it came from OpenClaw or from the original server image. I connected as root over SSH: For a production server, I would normally create a non-root user and harden SSH. For this short test, I kept the setup simple and used the root SSH key created through DigitalOcean. On a fresh Ubuntu Droplet, I first updated the system: This pulled a large number of Ubuntu updates and installed a newer kernel. After the update, the server required a reboot. I completed the reboot before continuing, because testing a new install on a half-updated system can create confusing results. After reboot, the server was running: The installed versions were: I installed OpenClaw using the official installer: The installer detected Linux and installed OpenClaw through npm. After installation, the version check showed: The installed version in this test was: After installation, I ran: At this point, OpenClaw was installed, but it was not fully configured yet. The doctor output reported several missing pieces, including: This is an important beginner note: installing OpenClaw does not mean the agent is ready to use. You still need to configure the model provider, gateway mode, authentication, and runtime behavior. For this test, I used DeepSeek as the model provider because it is a low-cost way to verify that OpenClaw can actually make a model call. During onboarding, I selected: I entered the DeepSeek API key interactively. Word of advice: never broadcast your API keys in screenshots, public logs, chat messages, or random Discord threads. After onboarding, OpenClaw created a local gateway and configured DeepSeek as the default model provider. The most important safety check was whether OpenClaw exposed anything to the public internet. I checked open ports with: The result after onboarding: That is the safe outcome for a beginner VPS test. The gateway was running locally on the server, but it was not directly reachable from the public internet. Do not expose 18789 publicly unless you fully understand OpenClaw gateway authentication, token handling, network access, and command permissions. After onboarding and a permission fix, I ran: The updated doctor output looked much better than the first install-only check, but it still reported several useful warnings: For this test, those warnings were acceptable because I was only testing local terminal use. If you plan to connect Telegram, WhatsApp, Slack, or another messaging channel, you should configure a command owner and review the security warnings carefully. I also fixed the .openclaw directory permission: The first non-interactive test I tried was: That opened the local terminal UI, but it did not work well as a clean non-interactive smoke test in this environment. The command that worked was: The response was exactly: The JSON output confirmed: This confirms that the setup was not just installed. OpenClaw successfully called DeepSeek and completed a real agent response. After OpenClaw was installed, DeepSeek was configured, and the local gateway was running, the server still had enough room: This does not prove that 4 GB RAM is enough for every OpenClaw workload. It only shows that the basic install, local gateway, and one short DeepSeek smoke test fit comfortably on this 4 GB DigitalOcean Droplet. For longer tasks, browser automation, more plugins, or multiple users, you may need more memory. Here are the main safety lessons from this test: In this setup, OpenClaw listened on loopback only: That is much safer than binding it to the public interface. OpenClaw doctor warned that gateway.auth.token was stored as plaintext in openclaw.json. For a short local test, this is manageable. For a long-running server, you should review OpenClaw's secrets workflow: The doctor output warned that no command owner was configured. If you connect OpenClaw to Telegram, WhatsApp, Slack, or another external channel, you should configure who is allowed to run privileged commands. Before publishing screenshots, redact: The installation did work, but there were a few beginner traps: The fresh Ubuntu image had many updates. The update and reboot were a real part of the setup time. After installation, openclaw doctor still showed missing gateway and auth configuration. You need onboarding or manual configuration. It opened a terminal UI instead of giving me a clean command-line result. For a scriptable smoke test, openclaw agent --local --json --session-id ... --message ... worked better. The doctor warnings around command owner and plaintext token are worth mentioning in any beginner tutorial. They are exactly the sort of thing that low-effort setup guides often skip. OpenClaw can be installed and run on a DigitalOcean Ubuntu 24.04 VPS with 2 vCPU and 4 GB RAM. To be clear, this is far from a "one-click, set-it-and-forget-it" experience. You still need to understand: For a first safe test, a 4 GB VPS is a reasonable starting point. I would avoid the smallest 1 GB Droplet for OpenClaw unless you are only experimenting and expect to hit limits quickly. The next things I would test are: For now, this first DigitalOcean test proves the basic path: OpenClaw installs, DeepSeek works, and the gateway can stay local-only. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse