Home NemoClaw VPS Setup Guide

Last updated: 2026-04-06

NemoClaw VPS Setup — Install on Hostinger with Telegram in 10 Minutes

This guide walks you through running NemoClaw on a cloud VPS so your agent is up 24/7 without leaving a laptop on. You'll end with OpenClaw running inside an OpenShell security sandbox, served over HTTPS, connected to Claude or OpenAI, and with Telegram already wired in.

🎬 Guide and video by the original creator — watch on YouTube ↗. We summarise and annotate the best guides; all credit belongs to the creator. If you find this helpful, subscribe to their channel.

What You're Building — 60-Second Architecture Overview

Three components, one stack:

  • OpenClaw — the AI agent you chat with. Connects to Claude or ChatGPT and can talk to Telegram, email, and any app you give it access to.
  • NemoClaw — the OpenClaw plug-in for NVIDIA OpenShell. It runs OpenClaw inside a secure isolated container (the OpenShell sandbox). Every network call, every file access, every AI request goes through a policy engine you control. Your API keys never touch the inside of the container.
  • Caddy — a reverse proxy that gives you a clean HTTPS address (your Hostinger subdomain) without a port number in the URL.

Why Hostinger Instead of NVIDIA's Own Platform?

You can deploy NemoClaw directly on NVIDIA's platform — but their smallest VM (8 GB RAM, 2 vCPUs) costs around $43/month. A comparable Hostinger KVM2 VPS runs around $10/month. For this use case, where the inference is handled by a cloud model (Claude, OpenAI) and the sandbox is just running the gateway, you don't need NVIDIA GPU hardware on the server.

Prerequisites

  • A Hostinger VPS — KVM2 tier, with Docker pre-selected during setup. Get the terminal access credentials (root password) from your dashboard.
  • A free NVIDIA API key from build.nvidia.com — create a free account, click your profile → API keys → Generate new key. Save it somewhere safe.
  • An Anthropic or OpenAI API key if you want to switch from the default Nemotron model to Claude or GPT.

Step 1 — Set Up the Hostinger VPS and Firewall

When creating your VPS, scroll down and select KVM2, choose your billing period, and make sure Docker is selected as a pre-installed package. Complete payment and set a root password.

Once the VPS is ready:

  1. In your Hostinger dashboard go to Security → Firewall → Create Firewall. Name it (e.g. "nemoclaw-firewall").
  2. Add two rules:
    • Protocol: TCP · Port: 80 · Source: Anywhere
    • Protocol: TCP · Port: 443 · Source: Anywhere
  3. Go back, activate the firewall, then edit it again and click Synchronize to apply the rules.

Now open the Hostinger terminal (Dashboard → Terminal) to get a root shell on your VPS.

Step 2 — Install Docker, OpenShell, and NemoClaw

In the VPS terminal, run the Docker install commands (copy them from your setup guide). When prompted about the existing SSHD config, stay on the local version.

Install OpenShell:

# Run the OpenShell install commands from your setup guide

Install NemoClaw:

# Run the NemoClaw install commands from your setup guide

The installer wizard will ask for:

  1. Sandbox name — enter something like nemoclaw-sandbox. OpenClaw will run inside this sandbox.
  2. NVIDIA API key — paste the key you generated at build.nvidia.com.
  3. Policy presets — these are the services your AI is allowed to connect to. The wizard suggests pypm and npm (package managers OpenClaw needs). Also add slack and telegram to allow those channels. Enter each and press Enter.

The wizard builds the sandbox. When you see the summary screen, the install is done.

Step 3 — Fix PATH for New Terminal Sessions

After install, nemoclaw and openshell may not be found in new terminal sessions. Run this once to fix all path issues:

# Run the path-fix commands from your setup guide once

If the install wizard didn't ask for your sandbox name and API key (it was already completed), you can trigger it manually:

nemoclaw onboard

Step 4 — Get Your Gateway Token

You need the gateway token to connect the OpenClaw web UI to your running instance.

# Enter your sandbox (replace 'nemoclaw-sandbox' with your sandbox name)
claw connect nemoclaw-sandbox

# Get the gateway token (run this inside the sandbox)
openclaw gateway token

# Save the token output — you'll paste it into the web UI
exit   # leave the sandbox when done

Step 5 — Set Up Caddy for HTTPS

Caddy gives you a clean HTTPS address using your Hostinger subdomain (visible in your VPS dashboard at the top, formatted like srv123456.hostinger-vps.com).

# Install Caddy (run the install commands from your setup guide — make sure
# you are in root, NOT inside the sandbox)

# Edit the Caddyfile to replace YOUR_SUBDOMAIN with your actual Hostinger subdomain
# Then restart Caddy:
systemctl restart caddy

Step 6 — Connect OpenShell to the Gateway

# Run these two commands to tell OpenShell to forward traffic to the OpenClaw gateway:
# (copy the exact commands from your setup guide)

# If status shows 'dead', restart the sandbox connection first:
claw connect nemoclaw-sandbox
exit
# Then re-run the two commands

Finally, allow your Hostinger subdomain in the OpenClaw gateway:

# Enter the sandbox
claw connect nemoclaw-sandbox

# Allow your subdomain (replace YOUR_SUBDOMAIN):
openclaw gateway allow YOUR_SUBDOMAIN.hostinger-vps.com

exit

Step 7 — Access the Chat Interface

Open your Hostinger subdomain in a browser. You'll see the OpenClaw dashboard.

  1. Go to Overview and paste your gateway token.
  2. Click Connect.
  3. Start a new session and send a message — the agent should reply using the default Nemotron model.

Step 8 (Optional) — Switch to Claude or OpenAI

The default model is NVIDIA Nemotron. To use Claude or OpenAI instead:

# From the VPS root (NOT inside the sandbox):

# For Anthropic/Claude:
export ANTHROPIC_API_KEY="your-anthropic-key"
openshell provider add anthropic

# For OpenAI:
export OPENAI_API_KEY="your-openai-key"
openshell provider add openai

Point the inference router at your new provider:

# For OpenAI GPT-4.1:
openshell inference set --provider openai --model gpt-4.1

# For Claude Opus 4.6:
openshell inference set --provider anthropic --model claude-opus-4-6

Update the OpenClaw config inside the sandbox to include the new provider:

claw connect nemoclaw-sandbox
# Paste and run the provider-config script from your setup guide
openclaw gateway restart
exit

Refresh the web UI → switch to raw mode → scroll to models — you'll see the new provider listed. Your agent is now running on Claude or GPT.

Connect Telegram

Telegram is already whitelisted in the security policy (you added it in Step 2). Ask your agent how to connect:

"How do I connect my Telegram to this OpenClaw instance?"

The agent will walk you through creating a Telegram bot via BotFather, pasting the bot token, and configuring the channel allowlist.

What's Next

You now have OpenClaw running inside a NemoClaw sandbox on a VPS, served over HTTPS, connected to your chosen model, with Telegram wired in. The foundation is solid.

From here:

  • Expand policies — to connect Gmail, WhatsApp, or other services, add each to your OpenShell policy config explicitly. NemoClaw denies all outbound calls by default.
  • Install official skills — see the OpenClaw Skills Database for the 53 verified official skills.
  • Write custom skills — see the OpenClaw Skills Guide to have your agent build exactly what you need.
  • Security hardening — see the OpenClaw Security Hardening guide for hardening steps that apply equally to NemoClaw deployments.
🎬 This guide is based on the video walkthrough by the original creator. Watch the full video on YouTube ↗ to see every command executed live, including the exact setup guide doc referenced in the video (available in their free Skool community — link in the video description).

← Back to NemoClaw hub · See also: OpenClaw Skills Guide · Skills Database · Security Hardening