AI-powered server management through Discord and Telegram. Ask questions about your infrastructure in natural language — the AI agent connects via SSH, runs commands, and gives you analyzed results.
YOU
|
"Why is the website slow on server1?"
|
v
┌─────────────────────┐
│ Discord / Telegram │
│ messaging channel │
└──────────┬──────────┘
|
message received
|
v
┌────────────────────────────────────┐
│ VPS — OpenClaw Agent │
│ │
│ Ubuntu server running OpenClaw │
│ as a systemd service. Receives │
│ messages, orchestrates tool calls, │
│ manages SSH to all servers. │
└───────┬────────────────┬───────────┘
| |
api call tool call
| |
v |
┌────────────────────┐ |
│ Cloud LLM │ |
│ (via Ollama) │ |
│ │ |
│ Analyzes request, │ |
│ decides to check: │ |
│ CPU, RAM, nginx │ |
│ logs, connections │ |
└────────────────────┘ |
|
ssh execute
|
┌───────────────────┼───────────────────┐
| | |
v v v
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Server 1 │ │ Server 2 │ │ Server 3 │
│ Ubuntu │ │ AlmaLinux │ │ Ubuntu │
│ checks CPU, │ │ (idle) │ │ (idle) │
│ nginx, RAM │ │ │ │ │
└──────┬───────┘ └──────────────┘ └──────────────┘
|
output
|
v
┌──────────────────────────────────────────┐
│ AI analyzes output → replies in Discord │
│ │
│ "Nginx worker connections maxed out. │
│ RAM at 94%. Restarted php-fpm." │
└──────────────────────────────────────────┘
- Natural language — Ask questions in Discord/Telegram, get real answers
- Health monitoring — Automated checks every 30 min (disk, RAM, CPU, web server)
- Alerts — Posts to Discord when thresholds are exceeded
- Daily reports — Scheduled health summary via cron
- Security-first — SSH key only, limited sudo, no root access, firewall + fail2ban
- Multi-distro — Works on Ubuntu, Debian, AlmaLinux, CentOS, Rocky
openclaw/
├── server-setup/ # Run on target servers
│ ├── harden-ssh.sh # SSH hardening + admin user creation
│ ├── add-monitor-user.sh # Restricted monitoring user
│ ├── setup-brain-server.sh # Full brain server setup (OpenClaw + Ollama)
│ └── setup-monitoring.sh # Heartbeat + cron monitoring
├── openclaw-config/ # Copy to ~/.openclaw/workspace/
│ ├── AGENTS.md # Agent instructions template
│ ├── SERVERS.md.example # Server inventory template
│ └── HEARTBEAT.md # Health check checklist
├── docs/
│ ├── architecture.html # Interactive architecture diagram
│ └── known-issues.md # Known issues & workarounds
├── LICENSE
└── README.md
Provision a fresh Ubuntu 24.04 VPS, then run:
curl -fsSL https://raw.githubusercontent.com/sebinxavi/openclaw/master/server-setup/setup-brain-server.sh -o /tmp/setup-brain-server.sh
sudo bash /tmp/setup-brain-server.shThis installs OpenClaw, Ollama, Node.js, sets up SSH hardening, UFW firewall, Fail2ban, swap, and auto security updates.
SSH into the client server as root:
curl -fsSL https://raw.githubusercontent.com/sebinxavi/openclaw/master/server-setup/harden-ssh.sh -o /tmp/harden-ssh.sh
sudo bash /tmp/harden-ssh.shCreates an admin user, changes SSH port, disables password auth and root login.
curl -fsSL https://raw.githubusercontent.com/sebinxavi/openclaw/master/server-setup/add-monitor-user.sh -o /tmp/add-monitor-user.sh
sudo bash /tmp/add-monitor-user.shCreates a restricted monitoring user with SSH key access and limited sudo.
On the brain server:
curl -fsSL https://raw.githubusercontent.com/sebinxavi/openclaw/master/server-setup/setup-monitoring.sh -o /tmp/setup-monitoring.sh
bash /tmp/setup-monitoring.sh┌─────────────────────────────────────────────────────┐
│ SECURITY LAYERS │
├─────────────────────────────────────────────────────┤
│ │
│ SSH key only No passwords anywhere │
│ Custom SSH port Non-standard ports │
│ Root login disabled PermitRootLogin no │
│ UFW firewall Only SSH port open │
│ Fail2ban Brute force protection │
│ Limited sudo Destructive commands blocked │
│ AI safety rules Confirms before danger ops │
│ Command logging Full audit trail │
│ │
├─────────────────────────────────────────────────────┤
│ BLOCKED COMMANDS (monitoring user): │
│ │
│ rm, reboot, shutdown, poweroff, dd, mkfs, │
│ fdisk, parted, useradd, userdel, passwd, chpasswd │
│ │
│ ALLOWED: │
│ systemctl, journalctl, apt/yum, nginx -t, │
│ apache2ctl, du, find, lsof, df, free, top, etc. │
└─────────────────────────────────────────────────────┘
| Component | Requirement |
|---|---|
| Brain server | Ubuntu 24.04, 4GB+ RAM, public IP |
| Client servers | Any Linux (Ubuntu, Debian, AlmaLinux, CentOS, Rocky) |
| Discord | Bot application with Message Content Intent enabled |
| Ollama | Free account (for cloud model access) |
See docs/known-issues.md for workarounds for common problems including Ubuntu 24.04 ssh.socket, cloud-init overrides, and cPanel/AlmaLinux compatibility.
MIT