Loading...

How to Install and Secure Nanoclaw on a Self-Managed VPS via SSH

Important Security Rule (Read before you start): NanoClaw is an advanced gateway that continuously manages runtime sandboxes, spins up ephemeral environments, and handles agent communications. Because it is highly autonomous and powerful, installing it on an unhardened server is extremely dangerous. Automated internet scanners can find your open ports and take complete control of your server in minutes. For your own safety, you must secure your server first before downloading or setting up NanoClaw. Complete this hardening guide before running any installation commands.

Deploying NanoClaw shifts traditional server architecture into a persistent, autonomous compute lifecycle. NanoClaw distinguishes itself from generic prompt wrappers via its secure runtime sandboxing capabilities—meaning the gateway continuously isolates execution paths, protects sensitive data streams, and spins up microservices directly on your machine. Because an active NanoClaw environment dynamically translates agent workflow instructions into running container terminal instructions, protecting the underlying instance environment is mandatory.

System Requirements

Since NanoClaw creates microservice container orchestration and secure guest sandbox compilation locally on your computer, the VPS partition of your computer must meet these minimum hardware requirements:

Resource Minimum Specification Recommended Specification
Processor (CPU) 1 vCPU (64-bit architecture) 2 vCPUs or higher
Memory (RAM) 1 GB available space 2 GB to 4 GB RAM
Disk Space 10 GB available SSD Storage 25 GB or higher SSD Storage
Operating System Ubuntu 22.04 LTS (amd64) Ubuntu 24.04 LTS (amd64)

Prerequisites

Before beginning your deployment workflow, ensure you have the following resources available:

  1. A Self-Managed VPS configured to match or exceed the hardware specifications listed above.
  2. Administrative SSH Access: The server IP address along with root or sudo user security keys.
  3. An Operational LLM Endpoint: A valid Anthropic or OpenAI API token string.

Connect to Your VPS Infrastructure via SSH

  1. Open your local terminal (macOS/Linux) or Command Prompt/PowerShell (Windows).
  2. Run the following SSH command (replace your_server_ip with your actual VPS IP address):
  3. Enter your root password when prompted to access the server console.
ssh root@your_server_ip

Example Output:

$ ssh [email protected]
The authenticity of host '192.0.2.44 (192.0.2.44)' can't be established.
ECDSA key fingerprint is SHA256:DdkoWy/LnXyD4wq86zKE8Yh4cPyGz/Q5y4rwl2DElV0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.0.2.44' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.5.0-27-generic x86_64)

Last login: Fri Mar 15 10:25:00 2024 from 198.51.100.23
root@vps-123456:~#

1. Baseline Linux Host Hardening

Security starts with the OS itself. It is crucial to make your Linux host system secure to avoid automated scanning and password-guessing attempts by an attacker.

Create an Unprivileged Deployment User

Running installation tasks directly as root poses systemic risks. Create a dedicated user account with sudo administrative privileges:

adduser nanoclawadmin

Assign your new deployment user account to the system administration security groups:

usermod -aG sudo nanoclawadmin

Install the nano Text Editor (If Not Present)

The nano text editor is referenced throughout this guide to make file edits such as /etc/ssh/sshd_config and .env configuration files. On some minimal or hardened Linux servers, nano may not be installed by default. If you see a "command not found" error or want to ensure nano is available, run:

sudo apt install nano -y

Once installed, you can safely use nano to edit system and configuration files as shown in this documentation.

Enforce Cryptographic SSH Authentication

Open the primary secure shell configuration file using a host text editor:

sudo nano /etc/ssh/sshd_config

Deactivate the native administrative remote log-in paths completely:

PermitRootLogin no

Turn off plain-text password-based authentication paths entirely:

PasswordAuthentication no

Ensure that cryptographic public keys are explicitly required to access the host:

PubkeyAuthentication yes

Commit the rules and restart your active host SSH service daemon:

sudo systemctl restart ssh

Configure the Network Firewall Gateway

Block unknown inbound tracking traffic across all baseline machine layers using the Uncomplicated Firewall tool:

sudo ufw default deny incoming

Example Output:

Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

Keep your outbound communication pathways completely clear so the model loop can consult model registries and provider endpoints:

sudo ufw default allow outgoing

Example Output:

Default outgoing policy changed to 'allow'

Whitelist your designated management SSH communication channel:

sudo ufw allow ssh

Example Output:

Rule added
Rule added (v6)

Open network hooks for the internal gateway dashboard or reverse proxy interfaces:

sudo ufw allow 8080/tcp

Example Output:

Rule added
Rule added (v6)

Apply these access variables and activate your firewall engine:

sudo ufw enable

Example Output:

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Deploy Fail2Ban Intrusion Prevention

Install the tracking suite to detect brute-force activity and immediately block offending connection vectors:

sudo apt install fail2ban -y

Bring the tracking system online and register its startup lifecycle hooks:

sudo systemctl enable --now fail2ban

Example Output:

Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /lib/systemd/system/fail2ban.service.

Next, switch execution context over to your hardened user profile to run all following installation steps:

su - nanoclawadmin

Example Output:

nanoclawadmin@vps-server-node:~$

2. Isolate Execution Contexts via Sandboxing

NanoClaw handles sensitive data paths and execution layers. In a server setting, running arbitrary tool parameters or dependencies without barriers is highly hazardous.

Isolate Tool Runtimes inside Docker

Always route NanoClaw through its containerized target profile paths. If code processed by an agent context contains unintended bugs or suffers from an external injection, execution parameters break inside an isolated, non-root ephemeral file layer rather than reaching the parent core kernel.

Implement Granular Directory Mount Bounds

In the process of creating your storage infrastructure or while coding docker-compose.yml mapping instructions, never use the default path of the host system as your base for the workspace directory. Restrict your scope to just certain user directories that contain your data:

volumes:
  - ./nanoclaw_workspace:/root/.nanoclaw:rw   # Confine memory files and skill definitions securely

Step 3: Initialize Core Dependencies and Container Runtimes

With host defenses initialized, sync your active platform repositories and provision the underlying dependencies required to handle container formatting layers.

Update and patch active server packaging arrays:

sudo apt update && sudo apt upgrade -y

Example Output:

Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
Get:2 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Fetched 126 kB in 1s (145 kB/s)
Reading package lists... Done
All packages are up to date.

Verify foundational network and data ingestion utilities are active:

sudo apt install git curl ca-certificates -y

Example Output:

Reading package lists... Done
Building dependency tree... Done
git is already the newest version (1:2.43.0-1ubuntu7.1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Set Up the Official Docker Repository

NanoClaw relies on modern Docker Engine instances to securely isolate code execution layers. Follow these steps to introduce the tracking sources:

sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Map the package index tracking route to your sources list:

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update

Example Output:

Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
Get:2 https://download.docker.com/linux/ubuntu noble InRelease [48.9 kB]
Fetched 61.1 kB in 1s (78.4 kB/s)
Reading package lists... Done

Install the standardized core Docker environment and Compose engine plugins:

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Example Output:

Reading package lists... Done
Selecting previously unselected package docker-ce.
Unpacking docker-ce (26.1.4-1ubuntu.24.04~noble) ...
Setting up docker-ce (26.1.4-1ubuntu.24.04~noble) ...

Step 4: Wake and Enable the Docker Daemon System

Ensure your docker subsystems are added to regular system boot sequences.

1. Start the daemon engine and append it to system boot routines:

sudo systemctl start docker
sudo systemctl enable docker

Example Output:

Synchronizing state of docker.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable docker

2. To allow your nanoclawadmin non-root account profile to issue socket instructions directly, add the account to your engine runtime groups:

sudo usermod -aG docker nanoclawadmin
newgrp docker

3. Isolate the Network Interface:

Provision an isolated software bridge layout to safely lock down internal data handshakes between the agent application and your primary server:

docker network create nanoclaw-net

Example Output:

4f971b3846e10b65288b8e8fbc8a23d9bf3cceb6d511ea5408ab2e340a6b7d2f

Step 5: Clone the Source Tree and Configure Environment Credentials

Download the official NanoClaw application distribution package to your working home directory structure:

git clone https://github.com/nanoclaw/nanoclaw.git

Example Output:

Cloning into 'nanoclaw'...
Receiving objects: 100% (342/342), 124.50 KiB | 2.15 MiB/s, done.
Resolving deltas: 100% (162/162), done.
cd nanoclaw

Construct your environment file layout using the baseline deployment template:

cp .env.example .env
nano .env

Define your primary integration access strings and root configuration attributes within the file layout, ensuring your individual provider keys are mapped correctly:

# Operational Endpoint Access
OPENAI_API_KEY=sk-proj-4Wv9Xb7yZ2M1N5K4J3H2G1F0D9S8A7P6O5I4U3Y2T1R0E
ANTHROPIC_API_KEY=sk-ant-api03-L9k8J7h6G5f4D3s2A1q0WeRtYuIoPlKjHgFfDsSaA-1a2b3c4

# Administrative UI Security Elements
NANOCLAW_SECRET=7f8a9b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e
PORT_BINDING=8080
SYSTEM_USER=nanoclaw_admin
SYSTEM_PASS=Mypassword_2026_Secure!

6. Profile Isolation & Control Interface Hardening

NanoClaw environments largely depend on isolated configurations known as Profiles. The profile runs its own execution identity, memory thresholds, and scoped permissions.

Separate Intent Blocks Cleanly

Do not combine unrelated jobs into one profile environment. For instance, when configuring workspaces for infrastructural tracking and public-facing automations, respectively, ensure each runs separately within its own workspace folder. Such an approach reduces the risks involved because should one profile context be compromised, its scope does not enable access to other structural parameters in the system.

Lock Down the Local Web Dashboard

Before initiating the web dashboard for editing configuration parameters, ensure the port settings are properly tied down to the local machine IP address (loopback interface):

nanoclaw dashboard --port 8080

Example Output:

Starting NanoClaw Gateway Dashboard on http://127.0.0.1:8080 (Press Ctrl+C to quit)

If you intend to navigate this builder screen across remote machines, do not bind it to the public WAN (0.0.0.0). Instead, keep it local on 127.0.0.1 and route your traffic through an encrypted SSH tunnel or an identity-validated access tool.

Step 7: Verify the Multi-Container Compose Framework

Review the root file components to make sure your folder is properly set up:

ls -la

Example Output:

total 48
drwxr-xr-x 4 nanoclawadmin nanoclawadmin 4096 Jun 13 10:14 .
drwx------ 5 nanoclawadmin nanoclawadmin 4096 Jun 13 10:12 ..
-rw-r--r-- 1 nanoclawadmin nanoclawadmin  412 Jun 13 10:14 .env
-rw-r--r-- 1 nanoclawadmin nanoclawadmin 1245 Jun 13 10:14 docker-compose.yml

Step 8: Build the Images and Execute the Deployment Cluster

Compile your application image stacks directly inside your clean server user space environment before initial launch.

1. Compile and build the NanoClaw localized framework containers:

docker compose build

Example Output:

[+] Building 14.2s (12/12) FINISHED
 => [core-gateway stage-0 1/5] FROM docker.io/library/node:20-alpine              2.3s
 => [core-gateway stage-0 5/5] RUN npm run build                                  5.8s
 => => naming to docker.io/library/nanoclaw:local                                 0.0s

2. Bring the application suite online in detached mode:

docker compose up -d

Example Output:

[-] Running 3/3
✔ Network nanoclaw-net Created
✔ Container nanoclaw-sandbox-runner Started
✔ Container nanoclaw-core-gateway Started

Step 9: Confirm Service Access and Run Diagnostics

Test the cluster health internally to confirm everything is running smoothly:

curl http://localhost:8080/api/health

Example Output:

{"status":"healthy","version":"1.0.0","sandbox":"connected"}

Step 10: Interface Access & Proxy Gateways

Open a local browser on your computer workstation and connect to your destination VPS server through your assigned configuration port:

http://your_server_ip:8080

Authenticate inside the secure splash view panels by providing the SYSTEM_USER and SYSTEM_PASS entries established back inside your .env file layer to begin configuring your individual execution workers, managing automation pipelines, and building private sandboxed spaces!

Proxy Gateways & Communication Safety

Since automated agents usually interface using external webhooks or message buses to get their execution instructions, encryption of these interfaces is very important.

  • Hardcode Explicit Access Tokens: Within your active gateway environment properties, enforce literal structural rules to validate senders. Configure execution protocols so NanoClaw drops, blocks, and alerts you to any traffic arriving from unauthorized nodes.
  • Encrypt Outbound Integrations: Guard internal communication endpoints behind a structured gateway proxy layer, such as Nginx or Caddy, to guarantee absolute Transport Layer Security (TLS) formatting for your webhooks.

Summary

Setting up the NanoClaw server must be done with the utmost security considerations because of the potential dangers that can arise from autonomous orchestration layers. It is possible to ensure high levels of security through implementing secure SSH key authentication, setting up a proper firewall using UFW and Fail2Ban, running everything inside an isolated Docker network infrastructure, restricting root application permissions, and ensuring web interfaces are strictly tied to hardened authentication models.

Loading...