close
Skip to main content

Linux App

The Gateway is fully supported on Linux. Node is the recommended runtime. Bun is not recommended for the Gateway (WhatsApp/Telegram bugs). Native Linux companion apps are planned. Contributions are welcome if you want to help build one.

Beginner quick path (VPS)

  1. Install Node 24 (recommended; Node 22 LTS, currently 22.14+, still works for compatibility)
  2. npm i -g openclaw@latest
  3. openclaw onboard --install-daemon
  4. From your laptop: ssh -N -L 18789:127.0.0.1:18789 <user>@<host>
  5. Open http://127.0.0.1:18789/ and authenticate with the configured shared secret (token by default; password if you set gateway.auth.mode: "password")
Full Linux server guide: Linux Server. Step-by-step VPS example: exe.dev

Install

Gateway

Gateway service install (CLI)

Use one of these: 
openclaw onboard --install-daemon
Or: 
openclaw gateway install
Or: 
openclaw configure
Select Gateway service when prompted. Repair/migrate: 
openclaw doctor

System control (systemd user unit)

OpenClaw installs a systemd user service by default. Use a system service for shared or always-on servers. openclaw gateway install and openclaw onboard --install-daemon already render the current canonical unit for you; write one by hand only when you need a custom system/service-manager setup. The full service guidance lives in the Gateway runbook. Minimal setup: Create ~/.config/systemd/user/openclaw-gateway[-<profile>].service: 
[Unit]
Description=OpenClaw Gateway (profile: <profile>, v<version>)
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/usr/local/bin/openclaw gateway --port 18789
Restart=always
RestartSec=5
TimeoutStopSec=30
TimeoutStartSec=30
SuccessExitStatus=0 143
KillMode=control-group

[Install]
WantedBy=default.target
Enable it: 
systemctl --user enable --now openclaw-gateway[-<profile>].service

Memory pressure and OOM kills

On Linux, the kernel chooses an OOM victim when a host, VM, or container cgroup runs out of memory. The Gateway can be a poor victim because it owns long-lived sessions and channel connections. OpenClaw therefore biases transient child processes to be killed before the Gateway when possible. For eligible Linux child spawns, OpenClaw starts the child through a short /bin/sh wrapper that raises the child’s own oom_score_adj to 1000, then execs the real command. This is an unprivileged operation because the child is only increasing its own OOM kill likelihood. Covered child process surfaces include:
  • supervisor-managed command children,
  • PTY shell children,
  • MCP stdio server children,
  • OpenClaw-launched browser/Chrome processes.
The wrapper is Linux-only and is skipped when /bin/sh is unavailable. It is also skipped if the child env sets OPENCLAW_CHILD_OOM_SCORE_ADJ=0, false, no, or off. To verify a child process: 
cat /proc/<child-pid>/oom_score_adj
Expected value for covered children is 1000. The Gateway process should keep its normal score, usually 0. This does not replace normal memory tuning. If a VPS or container repeatedly kills children, increase the memory limit, reduce concurrency, or add stronger resource controls such as systemd MemoryMax= or container-level memory limits.