Clean Secured OpenClaw — Base Setup

Every other OpenClaw bundle on ClawStore runs on top of this. The Clean Secured OpenClaw Base Setup deploys a production-ready, security-hardened OpenClaw environment on any Ubuntu 22.04 or 24.04 VPS — in under 20 minutes, with a single command. Three agents, a Telegram bot interface, and a server that is locked down from day one. --- **For non-technical buyers:** This is your starting point. Once it's running, you talk to your AI agents through Telegram — the same app on your phone. You send a message, your agent responds. Ask it to research something, write something, explain something, or plan something. It runs on a server you rent for $6–$20/month from Hetzner, DigitalOcean, or Vultr — you own the server, you own the data, nothing is stored on Anthropic's servers after the API call completes. --- **What's in the ZIP:** - `install.sh` — One-command install. Handles Docker, nginx, SSL, firewall setup, backup cron, and the full agent stack in one pass. DNS validation and real Let's Encrypt error handling — no half-configured servers left behind. - `docker-compose.yml` — Four coordinated services: OpenClaw runtime (built from source), PostgreSQL, Redis, nginx. All pre-wired and tested. - `server/` — Full TypeScript source code for the OpenClaw agent runtime. Built locally during install — no external image pulls, no mystery binaries. - `nginx/nginx.conf` + `nginx/openclaw.conf` — HTTPS reverse proxy with HSTS, CSP headers, and rate limiting. Not a template — a working config ready to serve traffic. - `telegram/bot.ts` — Interactive Telegram bot with menus, quick-reply buttons, and command routing. --- **Your three agents:** - **COMMANDER** — Orchestrator. Routes your Telegram messages, manages the task queue, sends daily briefings. - **ASSISTANT** — General purpose. Research, writing, planning, analysis, Q&A. Your always-available AI colleague. - **SENTINEL** — Watchdog. Monitors server health and alerts you when disk, memory, or process state needs attention. --- **Server hardening:** - **UFW firewall** — Only ports 80, 443, and your SSH port are open. Everything else is blocked. - **fail2ban** — Automatically bans IPs after repeated failed authentication attempts. - **SSH key enforcement** — Password authentication disabled. Key-only access. - **Let's Encrypt SSL** — Auto-renewing HTTPS from day one. No manual cert management. - **Daily backups** — Automatic, timestamped, stored locally. One-line restore. --- **What you need:** - Ubuntu 22.04 or 24.04 VPS ($6–$20/month — DigitalOcean, Hetzner, Vultr all work) - An Anthropic API key (Claude Sonnet — typically $5–$10/month for normal use) - A Telegram bot token (free — create one in 2 minutes via @BotFather) - A domain pointed at the server **Time to live:** Under 20 minutes. This is also the required foundation for the Token Limit Protection add-on and other OpenClaw bundles.