How to Run OpenClaw on Google Cloud

Intermediate45-60 minutesUpdated 2025-03-01

Google Cloud Platform offers reliable infrastructure for hosting OpenClaw with flexible pricing and global availability. This guide covers launching a Compute Engine VM, configuring networking, installing dependencies, and setting up HTTPS with Google-managed certificates.

Why This Is Hard to Do Yourself

These are the common pitfalls that trip people up.

Cloud

GCP Project and Service Account Setup

GCP requires a project hierarchy and IAM configuration before launching resources. New users face complexity around billing accounts, service accounts, and API enablement. Misconfigured permissions can block VM creation or external access.

Cpu

Instance Sizing and Machine Types

GCP offers dozens of machine types (e2, n1, n2, custom). Choosing the wrong type can overspend or underperform. OpenClaw needs balanced CPU/memory; e2-medium (2 vCPU, 4GB RAM) is a good starting point for small teams.

Network

VPC Firewall Rules and Networking

By default, GCP VMs block all incoming traffic except SSH (port 22). You must create firewall rules to allow HTTP (80) and HTTPS (443). Misconfigured rules cause connection timeouts or expose unnecessary ports.

DollarSign

Cost Management and Billing Alerts

GCP charges for compute, storage, and egress. Leaving VMs running 24/7 or using premium storage without awareness can lead to unexpected bills. Set up billing alerts and use committed use discounts for long-term deployments.

Step-by-Step Guide

Step 1

Create a GCP Project and Enable APIs

In the Google Cloud Console, create a new project or select an existing one. Enable the Compute Engine API and Cloud Resource Manager API. Set up a billing account if you haven't already (new users get $300 free credit).

# Using gcloud CLI (install from cloud.google.com/sdk)
gcloud projects create openclaw-project --name="OpenClaw"
gcloud config set project openclaw-project
gcloud services enable compute.googleapis.com

Step 2

Launch a Compute Engine VM

Navigate to Compute Engine > VM instances and click "Create Instance". Choose e2-medium (2 vCPU, 4GB RAM), select Ubuntu 22.04 LTS boot disk (20GB standard persistent disk), and enable "Allow HTTP traffic" and "Allow HTTPS traffic" under Firewall.

gcloud compute instances create openclaw-vm \
  --zone=us-central1-a \
  --machine-type=e2-medium \
  --image-family=ubuntu-2204-lts \
  --image-project=ubuntu-os-cloud \
  --boot-disk-size=20GB \
  --tags=http-server,https-server

Warning: Choose a zone close to your users to minimize latency. us-central1, us-east1, and europe-west1 are common choices.

Step 3

Configure Firewall Rules

GCP automatically creates http-server and https-server firewall rules if you checked the boxes during VM creation. Verify these rules exist in VPC network > Firewall. If not, create rules allowing TCP ports 80 and 443 from 0.0.0.0/0 with target tags http-server and https-server.

gcloud compute firewall-rules create allow-http \
  --allow tcp:80 \
  --target-tags http-server

gcloud compute firewall-rules create allow-https \
  --allow tcp:443 \
  --target-tags https-server

Step 4

SSH into the VM and Install Dependencies

Connect to your VM via SSH (click "SSH" in the Compute Engine console or use gcloud compute ssh). Update packages and install Docker. Add your user to the docker group to run Docker without sudo.

gcloud compute ssh openclaw-vm --zone=us-central1-a

# On the VM
sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io docker-compose
sudo usermod -aG docker $USER
newgrp docker

Step 5

Install and Start OpenClaw

Pull the official OpenClaw Docker image and start it with docker-compose or docker run. Map port 3000 (or your chosen port) to port 80 on the host. Set environment variables for configuration (API keys, database URL, etc.).

docker pull openclaw/openclaw:latest

docker run -d \
  --name openclaw \
  --restart unless-stopped \
  -p 80:3000 \
  -e OPENCLAW_API_KEY=your-api-key \
  openclaw/openclaw:latest

# Verify it's running
curl http://localhost

Step 6

Set Up HTTPS with Google-Managed Certificates

Reserve a static external IP address and point your domain to it. Set up a Google Cloud Load Balancer with an HTTPS frontend and the VM as a backend. Attach a Google-managed SSL certificate (auto-renewed). Update OpenClaw config to use the HTTPS URL.

# Reserve static IP
gcloud compute addresses create openclaw-ip --global

# Create health check, backend service, URL map, and HTTPS proxy via Console
# OR use a reverse proxy like Caddy on the VM for simpler HTTPS:
sudo apt install -y caddy
sudo tee /etc/caddy/Caddyfile <<EOF
yourdomain.com {
  reverse_proxy localhost:80
}
EOF
sudo systemctl restart caddy

Warning: Google-managed certs require a load balancer (additional cost). For single-VM deployments, Caddy or Certbot with Let's Encrypt is more cost-effective.

Need Cloud Deployment Help?

Our cloud experts handle GCP provisioning, security hardening, auto-scaling, and cost optimization for OpenClaw. From initial setup to production-grade infrastructure, we ensure your deployment is reliable and efficient.

Browse Setup & Installation experts →

Learn more about our expert service →

Get matched with a specialist who can help.

Frequently Asked Questions

Related Guides

🚀Setup & Installation

How to Run OpenClaw on AWS EC2

Intermediate45-60 minutes

🚀Setup & Installation

How to Configure OpenClaw Gateway with HTTPS

Intermediate30-60 minutes