How to Install and Secure Nanoclaw on a Self-Managed VPS via SSH
Deploying NanoClaw shifts traditional server architecture into a persistent, autonomous compute lifecycle. NanoClaw distinguishes itself from generic prompt wrappers via its secure runtime sandboxing capabilities—meaning the gateway continuously isolates execution paths, protects sensitive data streams, and spins up microservices directly on your machine. Because an active NanoClaw environment dynamically translates agent workflow instructions into running container terminal instructions, protecting the underlying instance environment is mandatory.
System Requirements
Since NanoClaw creates microservice container orchestration and secure guest sandbox compilation locally on your computer, the VPS partition of your computer must meet these minimum hardware requirements:
| Resource | Minimum Specification | Recommended Specification |
|---|---|---|
| Processor (CPU) | 1 vCPU (64-bit architecture) | 2 vCPUs or higher |
| Memory (RAM) | 1 GB available space | 2 GB to 4 GB RAM |
| Disk Space | 10 GB available SSD Storage | 25 GB or higher SSD Storage |
| Operating System | Ubuntu 22.04 LTS (amd64) | Ubuntu 24.04 LTS (amd64) |
Prerequisites
Before beginning your deployment workflow, ensure you have the following resources available:
- A Self-Managed VPS configured to match or exceed the hardware specifications listed above.
- Administrative SSH Access: The server IP address along with root or sudo user security keys.
- An Operational LLM Endpoint: A valid Anthropic or OpenAI API token string.
Connect to Your VPS Infrastructure via SSH
- Open your local terminal (macOS/Linux) or Command Prompt/PowerShell (Windows).
- Run the following SSH command (replace
your_server_ipwith your actual VPS IP address): - Enter your root password when prompted to access the server console.
ssh root@your_server_ip
Example Output:
$ ssh [email protected]
The authenticity of host '192.0.2.44 (192.0.2.44)' can't be established.
ECDSA key fingerprint is SHA256:DdkoWy/LnXyD4wq86zKE8Yh4cPyGz/Q5y4rwl2DElV0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.0.2.44' (ECDSA) to the list of known hosts.
[email protected]'s password:
Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.5.0-27-generic x86_64)
Last login: Fri Mar 15 10:25:00 2024 from 198.51.100.23
root@vps-123456:~#
1. Baseline Linux Host Hardening
Security starts with the OS itself. It is crucial to make your Linux host system secure to avoid automated scanning and password-guessing attempts by an attacker.
Create an Unprivileged Deployment User
Running installation tasks directly as root poses systemic risks. Create a dedicated user account with sudo administrative privileges:
adduser nanoclawadmin
Assign your new deployment user account to the system administration security groups:
usermod -aG sudo nanoclawadmin
Install the nano Text Editor (If Not Present)
The nano text editor is referenced throughout this guide to make file edits such as /etc/ssh/sshd_config and .env configuration files. On some minimal or hardened Linux servers, nano may not be installed by default. If you see a "command not found" error or want to ensure nano is available, run:
sudo apt install nano -y
Once installed, you can safely use nano to edit system and configuration files as shown in this documentation.
Enforce Cryptographic SSH Authentication
Open the primary secure shell configuration file using a host text editor:
sudo nano /etc/ssh/sshd_config
Deactivate the native administrative remote log-in paths completely:
PermitRootLogin no
Turn off plain-text password-based authentication paths entirely:
PasswordAuthentication no
Ensure that cryptographic public keys are explicitly required to access the host:
PubkeyAuthentication yes
Commit the rules and restart your active host SSH service daemon:
sudo systemctl restart ssh
Configure the Network Firewall Gateway
Block unknown inbound tracking traffic across all baseline machine layers using the Uncomplicated Firewall tool:
sudo ufw default deny incoming
Example Output:
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Keep your outbound communication pathways completely clear so the model loop can consult model registries and provider endpoints:
sudo ufw default allow outgoing
Example Output:
Default outgoing policy changed to 'allow'
Whitelist your designated management SSH communication channel:
sudo ufw allow ssh
Example Output:
Rule added
Rule added (v6)
Open network hooks for the internal gateway dashboard or reverse proxy interfaces:
sudo ufw allow 8080/tcp
Example Output:
Rule added
Rule added (v6)
Apply these access variables and activate your firewall engine:
sudo ufw enable
Example Output:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
Deploy Fail2Ban Intrusion Prevention
Install the tracking suite to detect brute-force activity and immediately block offending connection vectors:
sudo apt install fail2ban -y
Bring the tracking system online and register its startup lifecycle hooks:
sudo systemctl enable --now fail2ban
Example Output:
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /lib/systemd/system/fail2ban.service.
Next, switch execution context over to your hardened user profile to run all following installation steps:
su - nanoclawadmin
Example Output:
nanoclawadmin@vps-server-node:~$
2. Isolate Execution Contexts via Sandboxing
NanoClaw handles sensitive data paths and execution layers. In a server setting, running arbitrary tool parameters or dependencies without barriers is highly hazardous.
Isolate Tool Runtimes inside Docker
Always route NanoClaw through its containerized target profile paths. If code processed by an agent context contains unintended bugs or suffers from an external injection, execution parameters break inside an isolated, non-root ephemeral file layer rather than reaching the parent core kernel.
Implement Granular Directory Mount Bounds
In the process of creating your storage infrastructure or while coding docker-compose.yml mapping instructions, never use the default path of the host system as your base for the workspace directory. Restrict your scope to just certain user directories that contain your data:
volumes:
- ./nanoclaw_workspace:/root/.nanoclaw:rw # Confine memory files and skill definitions securely
Step 3: Initialize Core Dependencies and Container Runtimes
With host defenses initialized, sync your active platform repositories and provision the underlying dependencies required to handle container formatting layers.
Update and patch active server packaging arrays:
sudo apt update && sudo apt upgrade -y
Example Output:
Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
Get:2 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Fetched 126 kB in 1s (145 kB/s)
Reading package lists... Done
All packages are up to date.
Verify foundational network and data ingestion utilities are active:
sudo apt install git curl ca-certificates -y
Example Output:
Reading package lists... Done
Building dependency tree... Done
git is already the newest version (1:2.43.0-1ubuntu7.1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Set Up the Official Docker Repository
NanoClaw relies on modern Docker Engine instances to securely isolate code execution layers. Follow these steps to introduce the tracking sources:
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
Map the package index tracking route to your sources list:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
Example Output:
Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
Get:2 https://download.docker.com/linux/ubuntu noble InRelease [48.9 kB]
Fetched 61.1 kB in 1s (78.4 kB/s)
Reading package lists... Done
Install the standardized core Docker environment and Compose engine plugins:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
Example Output:
Reading package lists... Done
Selecting previously unselected package docker-ce.
Unpacking docker-ce (26.1.4-1ubuntu.24.04~noble) ...
Setting up docker-ce (26.1.4-1ubuntu.24.04~noble) ...
Step 4: Wake and Enable the Docker Daemon System
Ensure your docker subsystems are added to regular system boot sequences.
1. Start the daemon engine and append it to system boot routines:
sudo systemctl start docker
sudo systemctl enable docker
Example Output:
Synchronizing state of docker.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable docker
2. To allow your nanoclawadmin non-root account profile to issue socket instructions directly, add the account to your engine runtime groups:
sudo usermod -aG docker nanoclawadmin
newgrp docker
3. Isolate the Network Interface:
Provision an isolated software bridge layout to safely lock down internal data handshakes between the agent application and your primary server:
docker network create nanoclaw-net
Example Output:
4f971b3846e10b65288b8e8fbc8a23d9bf3cceb6d511ea5408ab2e340a6b7d2f
Step 5: Clone the Source Tree and Configure Environment Credentials
Download the official NanoClaw application distribution package to your working home directory structure:
git clone https://github.com/nanoclaw/nanoclaw.git
Example Output:
Cloning into 'nanoclaw'...
Receiving objects: 100% (342/342), 124.50 KiB | 2.15 MiB/s, done.
Resolving deltas: 100% (162/162), done.
cd nanoclaw
Construct your environment file layout using the baseline deployment template:
cp .env.example .env
nano .env
Define your primary integration access strings and root configuration attributes within the file layout, ensuring your individual provider keys are mapped correctly:
# Operational Endpoint Access
OPENAI_API_KEY=sk-proj-4Wv9Xb7yZ2M1N5K4J3H2G1F0D9S8A7P6O5I4U3Y2T1R0E
ANTHROPIC_API_KEY=sk-ant-api03-L9k8J7h6G5f4D3s2A1q0WeRtYuIoPlKjHgFfDsSaA-1a2b3c4
# Administrative UI Security Elements
NANOCLAW_SECRET=7f8a9b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e
PORT_BINDING=8080
SYSTEM_USER=nanoclaw_admin
SYSTEM_PASS=Mypassword_2026_Secure!
6. Profile Isolation & Control Interface Hardening
NanoClaw environments largely depend on isolated configurations known as Profiles. The profile runs its own execution identity, memory thresholds, and scoped permissions.
Separate Intent Blocks Cleanly
Do not combine unrelated jobs into one profile environment. For instance, when configuring workspaces for infrastructural tracking and public-facing automations, respectively, ensure each runs separately within its own workspace folder. Such an approach reduces the risks involved because should one profile context be compromised, its scope does not enable access to other structural parameters in the system.
Lock Down the Local Web Dashboard
Before initiating the web dashboard for editing configuration parameters, ensure the port settings are properly tied down to the local machine IP address (loopback interface):
nanoclaw dashboard --port 8080
Example Output:
Starting NanoClaw Gateway Dashboard on http://127.0.0.1:8080 (Press Ctrl+C to quit)
If you intend to navigate this builder screen across remote machines, do not bind it to the public WAN (0.0.0.0). Instead, keep it local on 127.0.0.1 and route your traffic through an encrypted SSH tunnel or an identity-validated access tool.
Step 7: Verify the Multi-Container Compose Framework
Review the root file components to make sure your folder is properly set up:
ls -la
Example Output:
total 48
drwxr-xr-x 4 nanoclawadmin nanoclawadmin 4096 Jun 13 10:14 .
drwx------ 5 nanoclawadmin nanoclawadmin 4096 Jun 13 10:12 ..
-rw-r--r-- 1 nanoclawadmin nanoclawadmin 412 Jun 13 10:14 .env
-rw-r--r-- 1 nanoclawadmin nanoclawadmin 1245 Jun 13 10:14 docker-compose.yml
Step 8: Build the Images and Execute the Deployment Cluster
Compile your application image stacks directly inside your clean server user space environment before initial launch.
1. Compile and build the NanoClaw localized framework containers:
docker compose build
Example Output:
[+] Building 14.2s (12/12) FINISHED
=> [core-gateway stage-0 1/5] FROM docker.io/library/node:20-alpine 2.3s
=> [core-gateway stage-0 5/5] RUN npm run build 5.8s
=> => naming to docker.io/library/nanoclaw:local 0.0s
2. Bring the application suite online in detached mode:
docker compose up -d
Example Output:
[-] Running 3/3
✔ Network nanoclaw-net Created
✔ Container nanoclaw-sandbox-runner Started
✔ Container nanoclaw-core-gateway Started
Step 9: Confirm Service Access and Run Diagnostics
Test the cluster health internally to confirm everything is running smoothly:
curl http://localhost:8080/api/health
Example Output:
{"status":"healthy","version":"1.0.0","sandbox":"connected"}
Step 10: Interface Access & Proxy Gateways
Open a local browser on your computer workstation and connect to your destination VPS server through your assigned configuration port:
http://your_server_ip:8080
Authenticate inside the secure splash view panels by providing the SYSTEM_USER and SYSTEM_PASS entries established back inside your .env file layer to begin configuring your individual execution workers, managing automation pipelines, and building private sandboxed spaces!
Proxy Gateways & Communication Safety
Since automated agents usually interface using external webhooks or message buses to get their execution instructions, encryption of these interfaces is very important.
- Hardcode Explicit Access Tokens: Within your active gateway environment properties, enforce literal structural rules to validate senders. Configure execution protocols so NanoClaw drops, blocks, and alerts you to any traffic arriving from unauthorized nodes.
- Encrypt Outbound Integrations: Guard internal communication endpoints behind a structured gateway proxy layer, such as Nginx or Caddy, to guarantee absolute Transport Layer Security (TLS) formatting for your webhooks.
Summary
Setting up the NanoClaw server must be done with the utmost security considerations because of the potential dangers that can arise from autonomous orchestration layers. It is possible to ensure high levels of security through implementing secure SSH key authentication, setting up a proper firewall using UFW and Fail2Ban, running everything inside an isolated Docker network infrastructure, restricting root application permissions, and ensuring web interfaces are strictly tied to hardened authentication models.