#install openclaw on ec2

starting a new ec2 instance with codex, help me with the installation and walkthrough

EC2 is a solid way to run OpenClaw. Here’s a sane “fresh VPS” walkthrough that also plays nicely with using Codex to debug things.

0) Before you start (AWS basics)

• Use Ubuntu on EC2 (any recent LTS is fine).
• Security group: only open SSH (22) to your IP. Don’t expose the Gateway port publicly by default.
• OpenClaw needs Node >= 22 (docs call this out explicitly): https://docs.openclaw.ai/help/faq#what-runtime-do-i-need

1) Install OpenClaw (recommended path)

On the EC2 box (over SSH):

curl -fsSL https://openclaw.ai/install.sh | bash
openclaw onboard --install-daemon

Source: https://docs.openclaw.ai/help/faq#whats-the-recommended-way-to-install-and-set-up-openclaw

If you specifically want Codex (or Claude Code) to be able to read the repo locally and help you fix stuff, use the hackable git install instead:

curl -fsSL https://openclaw.ai/install.sh | bash -s -- --install-method git
openclaw onboard --install-daemon

Source: https://docs.openclaw.ai/help/faq#im-stuck-whats-the-fastest-way-to-get-unstuck

2) Codex (OpenAI Code) auth inside OpenClaw

During openclaw onboard, pick the Codex OAuth option when it asks about models/auth. OpenClaw supports Codex subscription OAuth and the wizard can run that flow.

Source: https://docs.openclaw.ai/help/faq#how-does-codex-auth-work
(and) https://docs.openclaw.ai/help/faq#do-you-support-openai-subscription-auth-codex-oauth

3) Access the dashboard safely (don’t open ports)

Default secure pattern on a VPS/EC2: keep the Gateway bound to loopback and use an SSH tunnel (or Tailscale).

SSH tunnel example (run on your laptop):

ssh -N -L 18789:127.0.0.1:18789 ubuntu@<your-ec2-ip>

Then open on your laptop:

• http://127.0.0.1:18789/

If the Control UI asks for a token, grab it on the EC2 host:

openclaw config get gateway.auth.token

Source: https://docs.openclaw.ai/help/faq#how-do-i-authenticate-the-dashboard-token-on-localhost-vs-remote
VPS guidance: https://docs.openclaw.ai/vps

4) Quick “is it healthy?” checklist

On EC2, paste these outputs here if anything looks off:

openclaw status
openclaw models status
openclaw gateway status
openclaw doctor
openclaw logs --follow

Source: https://docs.openclaw.ai/help/faq#first-60-seconds-if-somethings-broken

If you reply with:

1. which AMI you picked (Ubuntu 22/24? Amazon Linux?), and
2. whether you want SSH tunnel or Tailscale for access,

…I can tailor the exact next steps (and what to click in the onboarding wizard) so you don’t end up fighting auth/bind settings.

◇ Systemd ────────────────────────────────────────────────────────────────────────────────╮
│ │
│ Linux installs use a systemd user service by default. Without lingering, systemd stops │
│ the user session on logout/idle and kills the Gateway. │
│ Enabling lingering now (may require sudo; writes /var/lib/systemd/linger). │
│ │
├──────────────────────────────────────────────────────────────────────────────────────────╯
│
◇ Systemd ───────────────────────────────╮
│ │
│ Enabled systemd lingering for ubuntu. │
│ │
├─────────────────────────────────────────╯
│
◇ Gateway service runtime ────────────────────────────────────────────╮
│ │
│ QuickStart uses Node for the Gateway service (stable + supported). │
│ │
├──────────────────────────────────────────────────────────────────────╯
Error: systemctl is-enabled unavailable: Command failed: systemctl --user is-enabled openclaw-gateway.service

That error usually means systemd user services aren’t reachable from your current shell, so the wizard can’t run:

systemctl --user is-enabled openclaw-gateway.service

Common causes on EC2:

• you ran onboarding under sudo/root (root typically has no user-session bus)
• your SSH session doesn’t have a user systemd/DBus session (often shows as “Failed to connect to bus …”)
• minimal Ubuntu image missing user-session bits

First: can you paste these 3 outputs?

openclaw --version
whoami
systemctl --user status 2>&1 | head -50

Fastest workaround (recommended for EC2): use a system service

Docs explicitly recommend a system unit for always-on / server hosts: https://docs.openclaw.ai/gateway (Linux “system service” tab)

Try:

openclaw gateway install
sudo systemctl daemon-reload
sudo systemctl enable --now openclaw-gateway.service
sudo systemctl status openclaw-gateway.service --no-pager -l
openclaw gateway status

(If you’re using a named profile, the unit name is openclaw-gateway-<profile>.service — see the same runbook page.)

If you want to keep the user service

Make sure you’re not root, and lingering is on (you already did this, but run it once more + re-login):

whoami   # should be ubuntu, not root
sudo loginctl enable-linger ubuntu
exit     # log out, SSH back in
systemctl --user enable --now openclaw-gateway.service
systemctl --user status openclaw-gateway.service --no-pager -l

Related doc section: https://docs.openclaw.ai/start/setup#linux-systemd-user-service

Sanity check (bypass systemd entirely)

To confirm OpenClaw itself is installed OK:

openclaw gateway --port 18789 --verbose

If that runs, we know it’s purely a systemd/user-session issue.

Reply with the systemctl --user status output (even if it’s an error like “Failed to connect to bus”) and whether you ran openclaw onboard with sudo, and I’ll tell you which path is the cleanest fix on your instance.

openclaw: command not found
ubuntu
● ip-172-31-14-104
State: running
Units: 122 loaded (incl. loaded aliases)
Jobs: 0 queued
Failed: 0 units
Since: Tue 2026-03-03 09:45:54 UTC; 10min ago
systemd: 255.4-1ubuntu8.11
CGroup: /user.slice/user-1000.slice/user@1000.service
└─init.scope
├─1387 /usr/lib/systemd/systemd --user
└─1388 "(sd-pam)"

openclaw: command not found means the installer either didn’t run, was run as root, or the openclaw binary is installed but not on your PATH in this SSH session.

Good news: your output shows systemd --user is running, so the earlier “systemctl --user … unavailable” issue is likely secondary. Let’s fix the install/PATH first.

1) Confirm whether you installed as root by accident

Run:

which openclaw || true
sudo which openclaw || true

• If sudo which openclaw finds it but which openclaw doesn’t → you installed as root. Best fix is reinstall as ubuntu (no sudo).

2) Re-run the official installer (as ubuntu, no sudo) + verbose

curl -fsSL https://openclaw.ai/install.sh | bash -s -- --verbose

Then start a new shell (or re-login via SSH), and check:

command -v openclaw
openclaw --version

Docs reference: recommended install path + verbose flags: https://docs.openclaw.ai/help/faq#whats-the-recommended-way-to-install-and-set-up-openclaw
(and installer stuck/verbose): https://docs.openclaw.ai/help/faq#installer-stuck-how-do-i-get-more-feedback

3) If it’s installed but still not on PATH

Paste these outputs:

echo "$PATH"
ls -la ~/.local/bin ~/.npm-global/bin 2>/dev/null || true

(We’ll see where the installer dropped the binary and which profile file needs sourcing.)

4) Once openclaw works, re-run onboarding + service install

On EC2, I’d do:

openclaw onboard --install-daemon
openclaw gateway status
openclaw status

VPS guidance (secure default: loopback + SSH tunnel): https://docs.openclaw.ai/vps

Reply with the output of steps (1) + (2) + openclaw --version and I’ll tell you exactly which branch you’re on (root install vs PATH vs install failure) and the cleanest fix.

-bash: openclaw: command not found

If you’re still getting -bash: openclaw: command not found, it’s either:

1. OpenClaw never finished installing, or
2. it did install but the install bin dir isn’t on your PATH (super common on fresh Ubuntu/EC2).

Step 1: see if it’s installed anywhere

Run these on the EC2 box and paste the output:

node -v || true
npm -v || true
npm prefix -g || true

command -v openclaw || true
ls -la ~/.local/bin/openclaw ~/.npm-global/bin/openclaw 2>/dev/null || true
ls -la "$(npm prefix -g)/bin" 2>/dev/null | grep -i openclaw || true

echo "$PATH"

Step 2: if OpenClaw is installed but PATH is missing

Docs: https://docs.openclaw.ai/install/node#troubleshooting

• If you see ~/.local/bin/openclaw exists, add this to ~/.bashrc:

export PATH="$HOME/.local/bin:$PATH"

• If it’s an npm global install, add:

export PATH="$(npm prefix -g)/bin:$PATH"

Then reload:

source ~/.bashrc
hash -r
openclaw --version

Step 3: if it’s not installed at all, reinstall (no sudo)

Use the installer, but skip onboarding for now so we only debug installation:

curl -fsSL --proto '=https' --tlsv1.2 https://openclaw.ai/install.sh | bash -s -- --no-onboard --verbose

(Installer flags reference: https://docs.openclaw.ai/install/installer)

Once openclaw --version works, run: