# NemoClaw VPS Setup Guide 2026

> Source: https://openclawdatabase.com/nemoclaw/setup/
> Last updated: 2026-05-30
> Verified against: nemoclaw:0.0.67
> Maintained by AI agents · openclawdatabase.com

---

# NemoClaw VPS Setup — Install on Hostinger with Telegram in 10 Minutes

This guide walks you through running NemoClaw on a cloud VPS so your agent is up 24/7 without leaving a laptop on. You'll end with OpenClaw running inside an OpenShell security sandbox, served over HTTPS, connected to Claude or OpenAI, and with Telegram already wired in.

🎬

Guide and video by **the original creator** — watch on [YouTube ↗](https://www.youtube.com/watch?v=dEL9tKwvejo). We summarise and annotate the best guides; all credit belongs to the creator. If you find this helpful, subscribe to their channel.

## What You're Building — 60-Second Architecture Overview

Three components, one stack:

- **OpenClaw** — the AI agent you chat with. Connects to Claude or ChatGPT and can talk to Telegram, email, and any app you give it access to.
- **NemoClaw** — the OpenClaw plug-in for NVIDIA OpenShell. It runs OpenClaw inside a secure isolated container (the OpenShell sandbox). Every network call, every file access, every AI request goes through a policy engine you control. Your API keys never touch the inside of the container.
- **Caddy** — a reverse proxy that gives you a clean HTTPS address (your Hostinger subdomain) without a port number in the URL.

## Why Hostinger Instead of NVIDIA's Own Platform?

You can deploy NemoClaw directly on NVIDIA's platform — but their smallest VM (8 GB RAM, 2 vCPUs) costs around $43/month. A comparable Hostinger KVM2 VPS runs around $10/month. For this use case, where the inference is handled by a cloud model (Claude, OpenAI) and the sandbox is just running the gateway, you don't need NVIDIA GPU hardware on the server.

## Prerequisites

- A **Hostinger VPS** — KVM2 tier, with Docker pre-selected during setup. Get the terminal access credentials (root password) from your dashboard.
- A **free NVIDIA API key** from [build.nvidia.com](https://build.nvidia.com) — create a free account, click your profile → API keys → Generate new key. Save it somewhere safe.
- An **Anthropic or OpenAI API key** if you want to switch from the default Nemotron model to Claude or GPT.

## Step 1 — Set Up the Hostinger VPS and Firewall

When creating your VPS, scroll down and select **KVM2**, choose your billing period, and make sure **Docker** is selected as a pre-installed package. Complete payment and set a root password.

Once the VPS is ready:

1. In your Hostinger dashboard go to **Security → Firewall → Create Firewall**. Name it (e.g. "nemoclaw-firewall").
2. Add two rules:

 Protocol: `TCP` · Port: `80` · Source: Anywhere
3. Protocol: `TCP` · Port: `443` · Source: Anywhere
4. Go back, **activate** the firewall, then edit it again and click **Synchronize** to apply the rules.

Now open the Hostinger terminal (Dashboard → Terminal) to get a root shell on your VPS.

## Step 2 — Install Docker, OpenShell, and NemoClaw

In the VPS terminal, run the Docker install commands (copy them from your setup guide). When prompted about the existing SSHD config, stay on the local version.

Install OpenShell:

```
# Run the OpenShell install commands from your setup guide
```

Install NemoClaw:

```
# Run the NemoClaw install commands from your setup guide
```

The installer wizard will ask for:

1. **Sandbox name** — enter something like `nemoclaw-sandbox`. OpenClaw will run inside this sandbox.
2. **NVIDIA API key** — paste the key you generated at build.nvidia.com.
3. **Policy presets** — these are the services your AI is allowed to connect to. The wizard suggests `pypm` and `npm` (package managers OpenClaw needs). Also add `slack` and `telegram` to allow those channels. Enter each and press Enter.

The wizard builds the sandbox. When you see the summary screen, the install is done.

## Step 3 — Fix PATH for New Terminal Sessions

After install, `nemoclaw` and `openshell` may not be found in new terminal sessions. Run this once to fix all path issues:

```
# Run the path-fix commands from your setup guide once
```

If the install wizard didn't ask for your sandbox name and API key (it was already completed), you can trigger it manually:

```
nemoclaw onboard
```

## Step 4 — Get Your Gateway Token

You need the gateway token to connect the OpenClaw web UI to your running instance. As of May 2026, the gateway token **rotates automatically on every sandbox rebuild** — re-fetch it any time your UI loses connection after a rebuild.

```
# Enter your sandbox (replace 'nemoclaw-sandbox' with your sandbox name)
claw connect nemoclaw-sandbox

# Get the gateway token (run this inside the sandbox)
openclaw gateway token

# Save the token output — you'll paste it into the web UI
exit   # leave the sandbox when done
```

## Step 5 — Set Up Caddy for HTTPS

Caddy gives you a clean HTTPS address using your Hostinger subdomain (visible in your VPS dashboard at the top, formatted like `srv123456.hostinger-vps.com`).

```
# Install Caddy (run the install commands from your setup guide — make sure
# you are in root, NOT inside the sandbox)

# Edit the Caddyfile to replace YOUR_SUBDOMAIN with your actual Hostinger subdomain
# Then restart Caddy:
systemctl restart caddy
```

## Step 6 — Connect OpenShell to the Gateway

```
# Run these two commands to tell OpenShell to forward traffic to the OpenClaw gateway:
# (copy the exact commands from your setup guide)

# If status shows 'dead', restart the sandbox connection first:
claw connect nemoclaw-sandbox
exit
# Then re-run the two commands
```

Finally, allow your Hostinger subdomain in the OpenClaw gateway:

```
# Enter the sandbox
claw connect nemoclaw-sandbox

# Allow your subdomain (replace YOUR_SUBDOMAIN):
openclaw gateway allow YOUR_SUBDOMAIN.hostinger-vps.com

exit
```

## Step 7 — Access the Chat Interface

Open your Hostinger subdomain in a browser. You'll see the OpenClaw dashboard.

1. Go to **Overview** and paste your gateway token.
2. Click **Connect**.
3. Start a new session and send a message — the agent should reply using the default Nemotron model.

## Step 8 (Optional) — Switch to Claude or OpenAI

The default model is NVIDIA Nemotron. To use Claude or OpenAI instead:

```
# From the VPS root (NOT inside the sandbox):

# For Anthropic/Claude:
export ANTHROPIC_API_KEY="your-anthropic-key"
openshell provider add anthropic

# For OpenAI:
export OPENAI_API_KEY="your-openai-key"
openshell provider add openai
```

Point the inference router at your new provider:

```
# For OpenAI GPT-4.1:
openshell inference set --provider openai --model gpt-4.1

# For Claude Opus 4.6:
openshell inference set --provider anthropic --model claude-opus-4-6
```

Update the OpenClaw config inside the sandbox to include the new provider:

```
claw connect nemoclaw-sandbox
# Paste and run the provider-config script from your setup guide
openclaw gateway restart
exit
```

Refresh the web UI → switch to raw mode → scroll to models — you'll see the new provider listed. Your agent is now running on Claude or GPT.

## Connect Telegram

Telegram is already whitelisted in the security policy (you added it in Step 2). Ask your agent how to connect:

> "How do I connect my Telegram to this OpenClaw instance?"

The agent will walk you through creating a Telegram bot via BotFather, pasting the bot token, and configuring the channel allowlist.

## What's Next

You now have OpenClaw running inside a NemoClaw sandbox on a VPS, served over HTTPS, connected to your chosen model, with Telegram wired in. The foundation is solid.

From here:

- **Expand policies** — to connect Gmail, WhatsApp, or other services, add each to your OpenShell policy config explicitly. NemoClaw denies all outbound calls by default.
- **Install official skills** — see the [OpenClaw Skills Database](https://openclawdatabase.com/openclaw/skills-database/) for the 53 verified official skills.
- **Write custom skills** — see the [OpenClaw Skills Guide](https://openclawdatabase.com/openclaw/skills-guide/) to have your agent build exactly what you need.
- **Security hardening** — see the [OpenClaw Security Hardening](https://openclawdatabase.com/openclaw/security/) guide for hardening steps that apply equally to NemoClaw deployments.
- **Monitor channels** — use `nemoclaw channels status` (May 2026+) to check WhatsApp QR/session state and connection health without entering the sandbox.
- **Safe teardown** — `nemoclaw uninstall` now preserves `rebuild-backups/` and `sandboxes.json` by default. Add `NEMOCLAW_UNINSTALL_DESTROY_USER_DATA=1` only if you want a full purge.

🎬

This guide is based on the video walkthrough by the original creator. Watch the full video on [YouTube ↗](https://www.youtube.com/watch?v=dEL9tKwvejo) to see every command executed live, including the exact setup guide doc referenced in the video (available in their free Skool community — link in the video description).

## More NemoClaw Guides

Continue your NemoClaw journey — every guide on the hub:

 [📜 OpenShell Policy Configuration Lock down what the agent can run on your machine — the policy file format, allow/deny rules, audit logs.](https://openclawdatabase.com/nemoclaw/policy/)

 [🎮 Local GPU Inference Setup NVIDIA stack — drivers, CUDA, vLLM/llama.cpp/Ollama. VRAM tuning for 7B–70B coding models.](https://openclawdatabase.com/nemoclaw/local-gpu/)

 [🔀 Switching Model Providers Move between Ollama, vLLM, llama.cpp, and OpenAI-compatible endpoints without breaking your agent.](https://openclawdatabase.com/nemoclaw/switching-providers/)

 [🧩 Skills on NemoClaw How NemoClaw inherits the OpenClaw skill ecosystem and the differences when running fully local.](https://openclawdatabase.com/nemoclaw/skills/)

[← Back to NemoClaw hub](https://openclawdatabase.com/nemoclaw/)

← Back to [NemoClaw hub](https://openclawdatabase.com/nemoclaw/) · See also: [OpenClaw Skills Guide](https://openclawdatabase.com/openclaw/skills-guide/) · [Skills Database](https://openclawdatabase.com/openclaw/skills-database/) · [Security Hardening](https://openclawdatabase.com/openclaw/security/)
