🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Create New Openclaw Instance on GCP VM

by @divide-by-0

Deploy and configure an OpenClaw instance on a GCP VM with Tailscale networking, Brave Search integration, and secure credential handling.

Versionv1.0.0
Downloads2,709
Installs6
Stars⭐ 1
TERMINAL
clawhub install create-new-openclaw-in-gcp

πŸ“– About This Skill

OpenClaw Cloud Setup Skill

Deploy OpenClaw to GCP with Tailscale and Brave Search.

Required Environment Variables

export OPENCLAW_PROJECT_ID="your-gcp-project"
export OPENCLAW_USERNAME="your-ssh-username"
export ANTHROPIC_TOKEN="sk-ant-oat01-..."   # Keep secret
export BRAVE_API_KEY="..."                   # Keep secret

Quick Start

chmod +x openclaw-quick-setup.sh
./openclaw-quick-setup.sh

Manual Setup (Copy-Paste)

# Set variables first (see above)
ZONE="us-central1-a"
VM="openclaw"

Create VM

gcloud compute instances create "$VM" \ --project="$OPENCLAW_PROJECT_ID" --zone="$ZONE" \ --machine-type=e2-medium \ --image-family=debian-12 --image-project=debian-cloud \ --boot-disk-size=10GB \ --metadata=ssh-keys="${OPENCLAW_USERNAME}:$(cat ~/.ssh/id_ed25519.pub)"

IP=$(gcloud compute instances describe "$VM" \ --project="$OPENCLAW_PROJECT_ID" --zone="$ZONE" \ --format='get(networkInterfaces[0].accessConfigs[0].natIP)')

Wait for SSH, then run setup

sleep 30 ssh -o StrictHostKeyChecking=no "${OPENCLAW_USERNAME}@${IP}" " set -euo pipefail sudo apt-get update && sudo apt-get install -y git curl ufw jq curl -fsSL https://tailscale.com/install.sh | sh "

Manual: authorize Tailscale

ssh "${OPENCLAW_USERNAME}@${IP}" "sudo tailscale up"

Continue setup

ssh "${OPENCLAW_USERNAME}@${IP}" " set -euo pipefail sudo ufw allow 22/tcp && sudo ufw allow in on tailscale0 && echo y | sudo ufw enable echo 'nameserver 8.8.8.8' | sudo tee -a /etc/resolv.conf curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash source ~/.nvm/nvm.sh && nvm install 22 source ~/.nvm/nvm.sh && npm install -g openclaw@latest "

Configure OpenClaw (credentials via stdin)

ssh "${OPENCLAW_USERNAME}@${IP}" ' source ~/.nvm/nvm.sh openclaw onboard --non-interactive --accept-risk \ --auth-choice token --token-provider anthropic \ --token "$(cat)" --gateway-bind loopback --install-daemon ' <<< "$ANTHROPIC_TOKEN"

Add Brave key + enable Tailscale auth

ssh "${OPENCLAW_USERNAME}@${IP}" " set -euo pipefail mkdir -p ~/.config/systemd/user/openclaw-gateway.service.d cat > ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf << CONF [Service] Environment=\"BRAVE_API_KEY=\$(cat)\" CONF chmod 600 ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf systemctl --user daemon-reload source ~/.nvm/nvm.sh jq '.gateway.auth.allowTailscale = true' ~/.openclaw/openclaw.json > /tmp/oc.json mv /tmp/oc.json ~/.openclaw/openclaw.json chmod 600 ~/.openclaw/openclaw.json openclaw gateway restart sudo tailscale serve --bg 18789 " <<< "$BRAVE_API_KEY"

Get dashboard URL

ssh "${OPENCLAW_USERNAME}@${IP}" "tailscale serve status"

After first browser access, approve device

ssh "${OPENCLAW_USERNAME}@${IP}" 'source ~/.nvm/nvm.sh && openclaw devices list'

Then: openclaw devices approve

Key Learnings

| Issue | Solution | |-------|----------| | e2-micro OOM | Use e2-medium (4GB minimum) | | nodesource failures | Use nvm for Node.js 22 | | DNS broken after Tailscale | Add 8.8.8.8 to /etc/resolv.conf | | Brave key in config rejected | Use systemd env var drop-in | | Dashboard "pairing required" | Run openclaw devices approve |

Security Notes

  • Credentials passed via stdin (<<<), not command-line args
  • Config files set to chmod 600
  • Gateway binds to loopback, exposed only via Tailscale
  • UFW blocks all inbound except SSH and Tailscale
  • πŸ’‘ Examples

    chmod +x openclaw-quick-setup.sh
    ./openclaw-quick-setup.sh