self-hosted

Setting Up OpenClaw with Docker in a VM

A complete guide to setting up your own self-hosted AI assistant with OpenClaw, Docker, Tailscale, and Telegram on an Ubuntu VM.

Tom Wright

20 Feb 2026 — 6 min read

I recently set up OpenClaw — an open-source AI assistant platform — on one of my Proxmox VMs. OpenClaw lets you run your own AI agent that connects to messaging platforms like Telegram, Discord, and WhatsApp. It's self-hosted, privacy-respecting, and surprisingly capable once it's up and running.

This guide walks through the full setup: Docker, OpenClaw, Tailscale for remote access, and Telegram for chatting with your agent from anywhere. I'm assuming you already have a VM running Ubuntu Server — if you need help with that, check out my earlier post on setting up virtual machines on Proxmox.

💡

OpenClaw requires an AI provider API key (Anthropic recommended). You'll need this during setup. Get one at console.anthropic.com.

Prerequisites

An Ubuntu Server VM (22.04 or 24.04 LTS) with SSH access
At least 2GB RAM and 20GB disk space
An Anthropic API key (or OpenAI key)
A Telegram account
A Tailscale account (free tier is fine)

Step 1: Update Your System

First things first — make sure everything is up to date.

sudo apt update && sudo apt upgrade -y

Step 2: Install Docker

We're running OpenClaw in Docker, so let's get that installed. Remove any old Docker packages first, then install from the official repository.

# Remove old versions
sudo apt remove -y docker docker-engine docker.io containerd runc 2>/dev/null

# Install prerequisites
sudo apt install -y ca-certificates curl gnupg

# Add Docker's GPG key
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Add the Docker repository
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Add your user to the Docker group so you don't need sudo for every Docker command:

sudo usermod -aG docker $USER

Log out and back in (or run newgrp docker) for the group change to take effect. Verify Docker is working:

docker run hello-world

You should see a "Hello from Docker!" message.

Step 3: Install Tailscale

Tailscale creates a secure mesh network between your devices. We'll use it to access the OpenClaw Control UI remotely and to let OpenClaw serve its dashboard over your tailnet.

curl -fsSL https://tailscale.com/install.sh | sh

Start Tailscale and authenticate:

sudo tailscale up

This will print a URL — open it in your browser and log in to your Tailscale account. Once authenticated, your VM will appear in your tailnet.

Verify the connection and note your Tailscale IP:

tailscale ip -4

You'll need this IP later for accessing the Control UI from other devices on your tailnet.

💡

If you're already using Tailscale on your other devices (laptop, phone), they'll be able to reach this VM directly via its Tailscale IP — no port forwarding needed.

Step 4: Clone the OpenClaw Repository

Install Git if it's not already present, then clone the OpenClaw repository:

sudo apt install -y git
git clone https://github.com/openclaw/openclaw.git
cd openclaw

Step 5: Run the Docker Setup Script

OpenClaw provides an automated setup script that builds the Docker image, runs the onboarding wizard, and starts the gateway. This is the fastest way to get up and running.

./docker-setup.sh

The script will walk you through the onboarding wizard. Here's what to expect:

Choose QuickStart or Advanced

Select Advanced if you want full control, or QuickStart for sensible defaults. For this guide, I'll cover the Advanced flow so you understand each option.

AI Provider

Select Anthropic (recommended) and paste your API key when prompted. Choose a default model — claude-sonnet-4-20250514 is a good balance of speed and capability.

Gateway Settings

Port: Leave as default 18789
Bind: Select lan (this is the default for Docker and allows access from your network)
Auth: Select token — a token will be auto-generated

Tailscale Exposure

When asked about Tailscale, select serve to expose the Control UI over your tailnet with HTTPS. This lets you access the dashboard from any device on your Tailscale network.

⚠️

Important: Make sure the tailscale CLI is installed and authenticated (Step 3) before selecting Tailscale Serve. The wizard will configure it automatically.

Channels

Skip channels for now — we'll set up Telegram in the next step. You can also add channels later with openclaw configure.

Once the wizard finishes, the Docker image will be built and the gateway will start. The script will print your gateway token and Control UI URL — save these.

# Check that the containers are running
docker compose ps

You should see openclaw-gateway running and healthy.

Step 6: Access the Control UI

Open the Control UI to verify everything is working. You have two options:

From the VM itself or local network:

# Get the dashboard URL with token
docker compose run --rm openclaw-cli dashboard --no-open

From any device on your tailnet:

If you enabled Tailscale Serve, open https://your-tailscale-hostname/ in your browser. You can find your hostname with:

tailscale status

Paste your gateway token when prompted. You should see the OpenClaw chat interface — you can start chatting with your agent right here.

Step 7: Set Up Telegram

The Control UI is great, but the real power of OpenClaw is chatting with your agent from your phone via Telegram. Here's how to set it up.

Create a Telegram Bot

Open Telegram and search for @BotFather (make sure it's the verified one)
Send /newbot
Choose a name for your bot (e.g., "My OpenClaw Agent")
Choose a username (must end in bot, e.g., my_openclaw_bot)
BotFather will give you an API token — copy it

Add the Telegram Channel to OpenClaw

docker compose run --rm openclaw-cli channels add --channel telegram --token "YOUR_BOT_TOKEN_HERE"

Restart the gateway to pick up the new channel:

docker compose restart openclaw-gateway

Pair Your Telegram Account

OpenClaw uses a pairing system to control who can chat with your bot. Open Telegram and send any message to your new bot. It won't respond yet — it's waiting for you to approve the pairing request.

Back in your terminal:

# List pending pairing requests
docker compose run --rm openclaw-cli pairing list telegram

# Approve your request (use the code shown)
docker compose run --rm openclaw-cli pairing approve telegram YOUR_CODE

Now send another message to your bot in Telegram. This time, it should respond. 🎉

💡

Pairing codes expire after 1 hour. If you miss one, just send another message to the bot and approve the new code.

Step 8: Find Your Telegram User ID (Optional)

If you want to lock down your bot to only respond to you (recommended), you'll need your numeric Telegram user ID. The easiest way:

# Watch the logs while you send a message to the bot
docker compose logs -f openclaw-gateway

Look for from.id in the log output — that's your numeric user ID. You can then add it to the config to permanently allowlist yourself:

docker compose run --rm openclaw-cli configure --section channels

Set dmPolicy to allowlist and add your numeric user ID to allowFrom.

Step 9: Make It Persistent

The Docker Compose file already includes restart: unless-stopped, so your OpenClaw gateway will survive reboots. But let's make sure Docker itself starts on boot:

sudo systemctl enable docker

You can also verify your config and workspace are being persisted on the host:

ls ~/.openclaw/          # Config directory
ls ~/.openclaw/workspace/ # Agent workspace

These directories are bind-mounted into the container, so your agent's memory, skills, and configuration survive container rebuilds.

Useful Commands

Here's a cheat sheet for managing your OpenClaw Docker setup:

# View logs
docker compose logs -f openclaw-gateway

# Restart the gateway
docker compose restart openclaw-gateway

# Stop everything
docker compose down

# Start everything
docker compose up -d

# Open the Control UI dashboard
docker compose run --rm openclaw-cli dashboard --no-open

# Run the configuration wizard again
docker compose run --rm openclaw-cli configure

# Update OpenClaw
git pull
docker compose build
docker compose up -d

What You Should Have Now

If you've followed along, you now have:

✅ OpenClaw running in Docker on your VM
✅ Tailscale providing secure remote access to the Control UI
✅ A Telegram bot connected to your personal AI agent
✅ Persistent config and workspace surviving container restarts

Your agent is ready to go. It can search the web, read and write files, run commands, manage cron jobs, and learn about you over time through its workspace files. The more you use it, the more useful it becomes.

Next Steps

Now that the basics are running, there's plenty more to explore:

Customise your agent — edit SOUL.md and IDENTITY.md in the workspace to give your agent a personality
Add more channels — Discord, WhatsApp, Signal, and more are supported
Set up skills — OpenClaw has a skill system for specialised tasks (weather, web search, etc.)
Enable sandboxing — run agent tools in isolated Docker containers for security
Configure a Brave Search API key — gives your agent proper web search (openclaw configure --section web)

For the full documentation, visit docs.openclaw.ai or check the /app/docs directory inside the container.

If you're running a homelab, having your own AI agent that lives on your infrastructure and respects your privacy is pretty satisfying. It's one of those self-hosted setups that genuinely makes daily life easier once you've got it dialled in.