Skip to content
ELM Labs
๐Ÿ‡ฌ๐Ÿ‡ง EN
guideAIOpenClawguide

How to Set Up OpenClaw in 2026 (And What It Actually Costs)

OpenClaw is the hottest open-source AI agent in 2026. This guide walks through the DIY setup path, where people get stuck, and what professional deployment actually costs.

8 min readELM Labs

TL;DR

  • OpenClaw is the most popular open-source AI agent in 2026 (247k+ GitHub stars) โ€” it runs locally and integrates with messaging apps, email, and calendars
  • DIY setup is possible but expect 15-25 hours of troubleshooting for security hardening, OAuth, and messaging bridges
  • Professional setup costs 1,200 EUR (hosted VPS) or 1,990 EUR (personal machine) โ€” 57-60% less than other providers charging $3,000-$5,000+
  • You own everything after setup โ€” no lock-in, no recurring fees, no platform dependency

What Is OpenClaw?

If you've been anywhere near the AI space in 2026, you've heard of OpenClaw. With 247k+ GitHub stars, it's the most popular open-source AI agent project ever built. And unlike most open-source AI tools, people actually use it daily.

Here's what OpenClaw does:

  • Runs locally on your own hardware (VPS, personal machine, or any Linux/macOS machine)
  • Integrates with messaging apps โ€” WhatsApp, Telegram, Signal, Discord โ€” so you interact with your AI agent through the apps you already use
  • Manages email and calendars โ€” reads, drafts, schedules, and responds on your behalf
  • 100+ AgentSkills โ€” from web research to file management to code execution to data analysis
  • Privacy-first โ€” your data stays on your hardware, not on someone else's cloud

The appeal is obvious. Instead of paying for fragmented AI subscriptions (one for email, one for scheduling, one for research), you get a single agent that handles everything, running on infrastructure you control.

The catch? Setting it up properly is harder than it looks.

The DIY Setup Path

Let's walk through what it actually takes to deploy OpenClaw yourself. This is the honest version โ€” the steps the documentation covers, and the ones it doesn't.

Step 1: Provision Your Server

For a hosted setup, you need a VPS with at least 4GB RAM, 2 vCPUs, and 40GB storage. Hetzner, Contabo, or DigitalOcean all work. Ubuntu 22.04 LTS is the most tested base.

# After SSH into your fresh VPS
sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io docker-compose git ufw fail2ban

Step 2: Security Hardening

This is where most guides stop at "install Docker and go." In reality, you need:

  • SSH key-only authentication โ€” disable password login entirely
  • Firewall rules โ€” UFW configured to allow only SSH (custom port), HTTPS, and your messaging bridge ports
  • Fail2ban โ€” to block brute-force SSH attempts
  • Docker socket security โ€” the Docker socket is root-equivalent access; it needs proper permissions
  • Automatic security updates โ€” unattended-upgrades configured for critical patches
# Basic firewall setup
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp  # Custom SSH port
sudo ufw allow 443/tcp   # HTTPS
sudo ufw enable

Most people skip half of this. Then they wonder why their agent gets compromised two weeks later.

Step 3: Deploy OpenClaw

The actual OpenClaw deployment uses Docker Compose:

git clone https://github.com/openclaw/openclaw.git
cd openclaw
cp .env.example .env
# Edit .env with your API keys and configuration
docker-compose up -d

Simple enough on the surface. But the .env file has 40+ configuration variables, and getting them wrong means your agent either doesn't start, doesn't connect to your messaging apps, or exposes your API keys.

Step 4: Composio OAuth Setup

OpenClaw uses Composio for OAuth integrations โ€” Gmail, Google Calendar, Microsoft 365, and others. Setting up Composio requires:

  1. Creating a Composio developer account
  2. Registering your OAuth application with Google/Microsoft
  3. Configuring redirect URIs (which need HTTPS, which means you need a domain and TLS certificate)
  4. Generating and securely storing OAuth tokens
  5. Connecting the tokens to OpenClaw's configuration

This step alone takes most people 3-5 hours of troubleshooting. OAuth error messages are notoriously unhelpful, and a single mismatched redirect URI means nothing works.

Step 5: Messaging Bridges

Each messaging platform requires its own bridge:

  • WhatsApp: Requires either the official WhatsApp Cloud API (business account needed) or a Matrix bridge (mautrix-whatsapp). Both have setup complexity.
  • Telegram: Telegram Bot API is straightforward, but configuring it for two-way conversation (not just bot commands) takes additional work.
  • Signal: Signal bridge requires a phone number registration and the signald daemon. This is the most finicky bridge to maintain.
  • Discord: Discord bot token + gateway intents configuration. Relatively straightforward but requires developer portal setup.

Each bridge runs as a separate Docker container, needs its own configuration, and needs to communicate with the OpenClaw core over a shared network.

Step 6: Agent Workflows

Once everything is running, you configure the agent's behavior:

  • What skills to enable (all 100+, or a curated subset?)
  • How to handle different message types (is an email from your boss treated differently than a newsletter?)
  • Scheduling rules (when should the agent proactively check your calendar?)
  • Privacy boundaries (which contacts can trigger actions? which data can the agent access?)

This is where OpenClaw becomes genuinely powerful โ€” but also where the configuration becomes genuinely complex.

Where People Get Stuck

After helping users and reading hundreds of GitHub issues, here are the most common failure points:

Security Hardening

The problem: People run OpenClaw on a VPS with default SSH settings, no firewall, and Docker exposed to the internet. Within days, their server gets compromised.

Why it's hard: Security isn't OpenClaw's domain โ€” it's systems administration. The OpenClaw docs assume you already have a secure server. Most users don't.

OAuth Token Management

The problem: OAuth tokens expire. Refresh tokens sometimes fail. Google's OAuth consent screen has strict requirements. Microsoft requires admin consent for certain scopes.

Why it's hard: OAuth is a maze of provider-specific requirements, and the error messages rarely tell you what's actually wrong. "Invalid grant" could mean 15 different things.

Messaging Bridge Stability

The problem: Bridges disconnect, especially WhatsApp and Signal. WhatsApp has rate limits. Signal's registration process can fail silently.

Why it's hard: These bridges are reverse-engineered or use unofficial APIs. They break when the messaging platform updates, and the fix isn't always immediate.

Docker Networking

The problem: Containers can't communicate with each other. DNS resolution fails inside Docker networks. Port conflicts between bridges.

Why it's hard: Docker networking is a separate skill from Docker itself. Most tutorials don't cover multi-container networking with external bridge services.

The Time-vs-Money Calculation

Let's be honest about the numbers.

DIY setup time (based on community reports and our experience):

TaskOptimisticRealistic
Server provisioning & hardening2h4h
OpenClaw core deployment1h3h
Composio OAuth setup2h5h
Messaging bridges (all 4)3h8h
Agent workflow configuration2h4h
Debugging & troubleshooting0h6h
Total10h30h

If your hour is worth 50 EUR, the DIY path costs 500-1,500 EUR in your time. If your hour is worth 100 EUR, it's 1,000-3,000 EUR. And that's assuming you succeed on the first attempt โ€” many people spend additional hours on Reddit and Discord asking for help.

The other hidden cost: ongoing maintenance. Bridges break, tokens expire, security patches need applying. Budget 1-2 hours per month for upkeep.

Professional Setup Options

Several providers now offer white-glove OpenClaw deployment. Here's the market in 2026:

Provider typeHosted (VPS)personal machine (Remote)Support
US-based providers$3,000+$5,000+14 days typical
ELM Labs1,200 EUR1,990 EUR14 days included

We offer OpenClaw setup as a service because we've already solved every problem in this article. Our deployments include:

  • VPS provisioning and hardening โ€” SSH keys, custom ports, UFW, fail2ban, unattended-upgrades, Docker socket security
  • Docker sandbox deployment โ€” isolated containers with proper networking, volume management, and restart policies
  • Composio OAuth โ€” fully configured for your Google/Microsoft accounts, with documented token refresh procedures
  • Telegram bridge โ€” configured and tested
  • Custom agent workflows โ€” tailored to how you actually work
  • Full documentation โ€” architecture diagram, configuration reference, troubleshooting guide
  • 14-day support โ€” we fix anything that breaks in the first two weeks

The personal machine tier adds local model support (Ollama for offline inference), remote access configuration, and advanced AgentSkills setup.

Additional agents (for family members or team) are 490 EUR each.

What you get that DIY doesn't give you:

  1. A deployment that's actually secure from day one
  2. Documentation specific to your setup (not generic wiki pages)
  3. Someone to call when Telegram bridge disconnects at 2 AM
  4. Confidence that your API keys and personal data aren't exposed

Do I Own Everything?

Yes. After setup, you own:

  • The server (your VPS account or your personal machine)
  • All configuration files
  • All documentation and architecture diagrams
  • Full admin access to everything

No lock-in. No recurring fees from us. No platform dependency. If you want to modify the configuration, switch providers, or take over maintenance entirely โ€” you can. We provide the documentation to make that possible.

After the 14-day support period, you're fully autonomous with the documentation we provide.

The Bottom Line

OpenClaw is genuinely impressive software. It's the kind of tool that makes you wonder why you ever paid for 5 separate AI subscriptions. But like any powerful tool, the gap between "downloaded" and "running securely in production" is real.

If you enjoy systems administration and want to learn, the DIY path is rewarding. Budget 15-30 hours and accept that messaging bridges will be frustrating.

If you value your time and want it done right, professional setup starts at 1,200 EUR โ€” less than what most people spend in billable hours trying to do it themselves.

Either way, OpenClaw is worth running. The question is just how you get there.

Ready to move forward?

30 minutes, no commitment. Let's talk.

Get a professional OpenClaw setup

Related articles

case-study18 min read

We Scored 100/100 on SEO. Here's the Part Nobody Talks About.

Lighthouse SEO 100, Best Practices 100 โ€” that's the easy part. The real edge in 2026 is making your site readable by AI agents, not just search engines. Here's exactly how we did it.

SEOAIcase study
guide18 min read

Generative AI vs Traditional Automation: Which One Does Your Business Need?

Clients come asking for 'AI' when they need a simple automation, or vice versa. Here's how to tell the difference โ€” and pick the right tool for the job.

AIautomationdecision guide
guide16 min read

Why Your Business Still Needs a Website in 2026 (Even With Social Media)

Instagram and TikTok are not your website. Here's why every business still needs its own web presence in 2026 โ€” and what happens when you rely only on social media.

websitebusinessSEO