OneClickClaw Tech Stack: Boring Tech, Rock-Solid Reliable

Why Hetzner

We considered AWS, GCP, DigitalOcean, and Vultr. We went with Hetzner for three reasons:

1. Price. Hetzner is dramatically cheaper for equivalent specs. A 4 vCPU / 8 GB RAM server on Hetzner costs what a 2 vCPU / 4 GB server costs on DigitalOcean. We pass those savings to you.
2. EU-based. All Hetzner data centers are in Europe (Germany and Finland). This means GDPR compliance by default, which matters for users handling personal or business data.
3. Reliability. Hetzner has been running data centers since 1997. No hype. No VC-funded scaling drama. Just decades of running servers that stay online.

We currently offer three server locations: Falkenstein (Germany), Nuremberg (Germany), and Helsinki (Finland).

Why Ubuntu 24.04 LTS

Ubuntu Long Term Support releases get security updates for 10 years. That's stability you can count on. No surprise breaking changes. No forced upgrades mid-deployment.

We also support Debian 12 and Debian 11 as deployment targets, but Ubuntu 24.04 is the default because it has the widest ecosystem support and the most battle-tested package repositories.

Why Node.js 22

OpenClaw requires Node.js 22+. It's the LTS release with the performance improvements and API features that OpenClaw's Gateway and skills system rely on.

We install Node.js via the official NodeSource repository, not Snap or apt defaults. This ensures you get the actual latest Node.js 22.x with all security patches applied.

30-Second Provisioning

When you click deploy, here's what happens on the server side:

1. Hetzner API provisions a new VPS with your chosen specs.
2. Our provisioning script runs on first boot — installs Node.js, installs OpenClaw, configures the daemon.
3. Your AI provider API key is injected into the OpenClaw configuration.
4. Telegram channel pairing is initiated.
5. Health check confirms the Gateway is running and responsive.

The whole process takes under 30 seconds of actual compute time. Most of the wait is Hetzner spinning up the VM.

SSL and Security

Every OneClickClaw instance gets automatic SSL via Let's Encrypt. The OpenClaw control dashboard is served over HTTPS with a valid certificate. No self-signed certs. No browser warnings.

We also configure the VPS firewall to only expose the ports OpenClaw needs. SSH access is available if you need it (your key is provided in the dashboard), but it's not required for normal operation.

The Philosophy: Invisible Infrastructure

The best infrastructure is the kind you never think about. No Kubernetes. No Docker orchestration. No microservices. Just a VPS, an OS, a runtime, and the application.

Could we build a fancier architecture? Sure. But every layer of abstraction is another thing that can break, another thing to monitor, and another thing that adds latency between you and your AI agent.

We chose boring tech because boring tech works. Your OpenClaw agent doesn't need container orchestration. It needs to be online, fast, and reliable. That's what this stack delivers.