Operational deployment repository for cloud service or VPS

NemoClaw OpenClaw Sandbox

A documentation-first repository for deploying `NemoClaw` with `OpenClaw` on Ubuntu `24.04`, publishing it safely through `Caddy`, and operating it with repeatable install, update, rollback, and uninstall workflows.

The repository aligns installation steps, provider configuration, policy handling, runbooks, governance files, and lifecycle scripts so operators can manage the service consistently.

Install Browse Docs
curl -fsSL https://nemclaw.hitechclaw.com/install.sh | sudo bash -s -- install

What This Project Delivers

Built for repeatable deployment and strong operational hygiene, not generic product marketing.

01

Documented Bootstrap

Follow repository guides to install the host runtime, onboard the sandbox, configure the reverse proxy, and keep the connection persistent across reboot.

02

Lifecycle Automation

Pin repository refs for controlled upgrades or downgrades and use managed cleanup when decommissioning the host.

03

Operations Baseline

Use checklists, validation matrices, readiness reviews, maintenance planning, and incident documents to support day-2 operations.

04

Security Guidance

Limit public exposure to `80/443`, keep the gateway on loopback, store provider secrets on the host, and follow documented hardening rules.

05

Provider and Policy Model

Register providers through `OpenShell`, set active inference cleanly, and apply network or channel policies with documented workflows.

06

Repository Governance

Contribution rules, CI validation, release notes, templates, and changelog management are already organized in the repository.

Security Baseline

Operational controls reflected from the repository documentation.

Private Gateway

`OpenClaw Gateway` is expected on `127.0.0.1:18789`, with public access handled through `Caddy`.

Minimal Exposure

Only ports `80` and `443` should be public. Internal ports remain private to the host.

Credential Handling

Provider credentials belong on the host via `OpenShell` provider configuration rather than in public-facing configs.

Controlled Recovery

Rollback, disaster recovery, audit, and decommissioning flows are documented to reduce improvised changes.

Reference Architecture

A simple deployment chain from public domain to private gateway and provider-backed inference.

Public edge
DomainCloud service or VPS DNS entry
CaddyTLS termination and reverse proxy
Private host
OpenClaw GatewayLoopback endpoint on `127.0.0.1:18789`
Control plane
NemoClawOnboard and connect workflow
OpenShellProviders and policy management
systemdPersistent reconnect service
DockerRuntime dependency for documented stack
Provider integrations
AnthropicSupported provider workflow
OpenAIOptional provider workflow
TelegramOptional channel integration
Ubuntu 24.04

Documented target platform

80 / 443

Expected public ports

127.0.0.1:18789

Private gateway bind

4 lifecycle scripts

Install, update, sync, uninstall

Deployment Baseline

Starting assumptions from `INSTALL.md` and related runbooks.

Category Baseline Notes
Platform Cloud service or VPS Root shell access required
Operating system Ubuntu 24.04 Primary documented environment
Minimum size 4 vCPU / 8 GB RAM / 50 GB disk Recommended initial host profile
Public ports 80 and 443 Do not expose 18789 publicly
Core services Docker, OpenShell, NemoClaw, Caddy, systemd Installed through documented sequence

Install Flow

Use the script, then continue with the repository runbooks for domain, provider, and service validation.

Step 1

Prepare the host

Update the VPS, configure firewall rules, and ensure only `80/443` will be public.

Step 2

Run the installer

Use `install.sh` for repo-based setup or pin a repository ref for a controlled version.

Step 3

Onboard and connect

Run the `NemoClaw` onboarding flow, connect the sandbox, and verify the loopback gateway is available.

Step 4

Persist services

Create SSH keepalive settings and enable the `systemd` reconnect service.

Step 5

Publish with Caddy

Proxy the public domain to `127.0.0.1:18789` and validate TLS and reachability.

Step 6

Operate with docs

Use the troubleshooting, monitoring, rollback, validation, and readiness documents for day-2 work.

curl -fsSL https://nemclaw.hitechclaw.com/install.sh | sudo bash -s -- install

Documentation Sets

Core documents grouped by operator need.

Bootstrap

  • `INSTALL.md`
  • `docs/cloudservice-vps-setup.md`
  • `docs/services-and-dependencies.md`
  • `docs/install-script.md`

Operations

  • `docs/command-reference.md`
  • `docs/troubleshooting.md`
  • `docs/monitoring.md`
  • `docs/rollback-strategy.md`
  • `docs/service-readiness.md`

Governance

  • `CONTRIBUTING.md`
  • `SECURITY.md`
  • `RELEASING.md`
  • `CHANGELOG.md`
  • `docs/README.md`

License

Non-commercial use only. Commercial rights remain reserved unless separately granted in writing.

Usage Terms

  • Allowed: personal learning, education, research, testing, evaluation, and internal non-commercial use.
  • Attribution: `Nguyen Thanh An by Pho Tue SoftWare Solutions JSC`.
  • Important: availability on GitHub, npm, or any public source distribution channel does not grant any commercial right.

Not Allowed Without Permission

  • Commercialization, resale, sublicensing, or derivative commercial products.
  • Paid consulting, implementation, integration, deployment, training, or client delivery.
  • Paid products, hosted services, SaaS, subscriptions, bundles, marketplace listings, or revenue-generating workflows.