Architecture Overview

How ClawHosters Works

ClawHosters is a managed hosting platform for OpenClaw, an open-source AI assistant framework. This page explains the technical architecture behind the service for users who want to understand what happens under the hood.

The Big Picture

When you create a ClawHosters instance, the following happens:

1. A virtual private server (VPS) is provisioned on Hetzner Cloud in Falkenstein, Germany
2. A pre-configured snapshot is deployed to the VPS (Docker, firewall, fail2ban already installed)
3. Your configuration files are uploaded via SSH
4. A Docker container starts running the OpenClaw gateway
5. Health checks confirm everything is working
6. Your instance is marked as "Running" in the dashboard

The entire process takes under one minute thanks to snapshot-based provisioning.

Infrastructure Components

Container Architecture

Each instance runs a single Docker container based on the ghcr.io/phioranex/openclaw-docker image. The container includes:

• The OpenClaw runtime and gateway
• A data volume for persistent storage
• A Playwright browsers volume for web automation (pre-installed)
• Environment variables for configuration

The container runs with a memory limit matching your tier (Budget: 1 GB, Balanced: 2 GB, Pro: 4 GB). If the container exceeds this limit, Docker restarts it automatically.

Network Architecture

Each VPS has a public IPv4 address. Traffic flows like this:

User's browser → Port 8080 → Nginx → Docker container (port 18789)

Outgoing traffic is filtered: - SMTP ports (25, 465, 587, 2525) are blocked to prevent spam - IRC ports (6667, 6697, 194) are blocked to prevent botnet communication - All other outgoing traffic is allowed

Incoming traffic is limited to SSH (port 22) and the web UI (port 8080). Everything else is dropped.

Data Storage

Each instance has two types of storage:

Container storage (ephemeral): Files inside the container are lost when the container is rebuilt. This includes installed packages, temporary files, and runtime state.

Data volume (persistent): The Docker data volume survives container rebuilds. This stores your OpenClaw configuration, conversation history, and other persistent data.

Snapshots: When an instance is paused (due to low balance), Hetzner creates a VPS snapshot. This snapshot preserves the entire disk state, including the data volume. Snapshots are kept for 7 days.

LLM Integration

ClawHosters supports multiple LLM tiers:

For managed tiers (Eco, Standard, Premium), ClawHosters handles API key management and billing. For BYOK, the instance connects directly to your provider using your own API key.

Provisioning Pipeline

The provisioning pipeline ensures consistent, fast deployments:

1. Snapshot creation -- A base snapshot is maintained with all system dependencies pre-installed
2. VPS creation -- New servers are created from the snapshot, not from scratch
3. Configuration upload -- docker-compose.yml, openclaw.json, and environment variables are uploaded via SCP
4. Container start -- docker-compose up starts the container (no image pull needed -- it is pre-baked in the snapshot)
5. Health check -- The system polls port 8080 until the gateway responds (60-second timeout)
6. Ready -- Instance marked as running in the dashboard

Related Docs

• Security Overview -- Security architecture details
• Network Security -- Firewall rules and network protections
• Resource Limits -- CPU, memory, and storage per tier
• Docker Configuration Reference -- Container configuration details