How We Deploy OpenClaw for Google Workspace: A 12-Step Production Walkthrough

OpenClaw deployment for Google Workspace is one of the most requested configurations we handle — and one of the most brittle to get right. The software is free. The 250,000 GitHub stars are real. But between downloading the release binary and having an agent that reliably triages your Gmail, manages your Calendar, and delivers a morning briefing every day at 8 AM, there are exactly 12 steps where things break.

This is the production walkthrough we follow for every Google Workspace deployment. Every command is real. Every config block has been tested on live servers. Every warning comes from something that actually went wrong.

You can follow this guide yourself — and if you get to step 7 and decide your time is better spent elsewhere, we handle the whole thing starting at $499.

Here’s the overview. Each step links to the detailed section below.

1. Provision the VPS — Contabo VPS S, Ubuntu 22.04, 4 vCPU / 8 GB RAM
2. Initial server hardening — SSH keys, disable password auth, UFW baseline
3. Install OpenClaw via systemd — Binary install, systemd unit file, service configuration
4. Configure Google OAuth via Gog — 6 services, consent screen, headless keyring
5. Set up Gmail monitoring — Pub/Sub topic, subscription, webhook endpoint
6. Configure nginx reverse proxy — SSL termination, path routing, port mapping
7. Write SOUL.md — Agent personality, security rules, behavioral constraints
8. Configure AGENTS.md workflows — Email triage, calendar sync, morning briefing
9. Set up cron jobs — 3 scheduled tasks with HEARTBEAT.md integration
10. Apply the 9-point security framework — UFW, Fail2ban, systemd hardening, prompt injection defense
11. Run the test suite — 50+ security validation messages, edge case testing
12. Handoff — Documentation package, credential rotation guide, Managed Care onboarding

The short answer: Contabo VPS S. 4 vCPU, 8 GB RAM, 200 GB NVMe, $7.49/month (EUR 6.99). It’s the best price-to-performance ratio for a single-agent OpenClaw deployment running Google Workspace automation.

The VPS provisioning commands

If you’re comparing VPS providers, the decision is mostly about RAM. OpenClaw with Google Workspace automation — running email triage, calendar monitoring, and scheduled briefings simultaneously — uses 3-5 GB of RAM in steady state. A 4 GB server works until it doesn’t, and “doesn’t” usually means your agent silently stops responding to Telegram messages because the process was killed by the OOM reaper.

This is where most DIY deployments stall. Not during systemd setup. Not during nginx configuration. During Google OAuth.

OpenClaw uses a tool called Gog to authenticate with Google Workspace services. Gog handles OAuth 2.0 flows for Gmail, Calendar, Drive, Contacts, Sheets, and Docs — 6 separate services, each requiring individual authentication.

The process requires:

1. Creating a Google Cloud Console project
2. Enabling 6 APIs (Gmail, Calendar, Drive, Contacts, Sheets, Docs)
3. Setting up an OAuth consent screen
4. Generating OAuth client credentials (client ID + client secret)
5. Running gog auth for each of the 6 services
6. Handling the keyring storage on a headless server

The consent screen trap

Google Cloud Console gives you two options for the OAuth consent screen: “Internal” and “External.” Internal is only available for Google Workspace organization accounts. If your client uses a personal Gmail account, they must use External — which starts in “Testing” mode.

The fix: Push the app to production status in Google Cloud Console. For personal-use OAuth apps (not distributed publicly), this doesn’t require Google review. But the button is buried 3 screens deep, and the documentation makes it sound like you need a privacy policy and terms of service to proceed. You don’t — not for a private, single-user app.

The keyring corruption problem

Gog stores OAuth tokens in an encrypted keyring. On a desktop machine with a GUI, this uses the system keychain (macOS Keychain, GNOME Keyring, etc.). On a headless VPS with no display server, Gog falls back to a file-based keyring.

The fix: Set the GOG_KEYRING_BACKEND=file environment variable explicitly, authenticate all 6 services in a single session on the server, and store the keyring password in a dedicated .gog-keyring-pass file with chmod 600.

We’ve written a deep-dive on every error you’ll hit: OpenClaw Gog OAuth Setup: Every Error and How We Fixed Them.

Once OAuth is working, you need to decide how your agent watches for new email. There are 2 approaches, and the choice affects latency, reliability, cost, and how much nginx configuration you’ll need.

The 3 points of failure in Pub/Sub

1. The Pub/Sub subscription expires. Google requires you to renew the Gmail watch every 7 days. Miss it, and notifications stop silently. You need a cron job just to keep the subscription alive.
2. The nginx path mismatch. The push subscription sends POST requests to your webhook URL. If the nginx location block path doesn’t match exactly — trailing slash, missing proxy headers, wrong port — the request 404s and Pub/Sub starts backing off exponentially.
3. The gateway watcher port conflict. OpenClaw’s gateway runs on port 3000 by default, but the Pub/Sub watcher expects port 8788. If both try to bind to the same port, you get connection refused errors with no useful logs.

We cover the full Pub/Sub setup and the 3 nginx mistakes that break it in the dedicated spoke post: Gmail Pub/Sub vs. Heartbeat Polling for OpenClaw: Which One Actually Works?

Nginx configuration is where we see the most support requests from DIY deployers. Not security. Not OAuth. Nginx. Specifically: path mismatches between what the upstream service expects and what nginx routes to it.

The 3 mistakes that break nginx

The HTTPS Origin Gotcha

After setting up SSL, your web dashboard at https://agent.yourdomain.com will load the login page — but API requests will fail with an “origin not allowed” error in the browser console. The OpenClaw gateway has a CORS allowlist in openclaw.json.

For the full HTTPS + gateway token configuration, see Securing Your OpenClaw Agent.

This is where the deployment goes from “OpenClaw is running” to “OpenClaw is useful.” Three files define everything about how your agent behaves.

SOUL.md — The agent’s identity and constraints

SOUL.md is the most important file in the entire deployment. It defines who the agent is, what it’s allowed to do, and — critically — what it must never do.

Only file-level SOUL.md changes create enforceable boundaries. Chat instructions are suggestions. SOUL.md rules are constraints. This distinction means the security framework must be deployed via SSH to the SOUL.md file on disk — there is no shortcut through conversation.

AGENTS.md — Workflow definitions

AGENTS.md defines the specific workflows the agent runs. For a Google Workspace deployment, the 3 core workflows are:

USER.md and MEMORY.md — The files nobody configures

3 cron jobs. That’s the automation backbone of every Google Workspace deployment. A morning briefing at 8 AM, meeting reminders every 15 minutes, and an end-of-day digest at 6 PM. Together they replace hours of daily email and calendar management.

The actual cron configuration

For the full cron configuration including deduplication logic, multi-language support, and HEARTBEAT.md integration: OpenClaw Cron Jobs, Email Triage, and Calendar Automation — Production Config That Works.

Cron jobs are the difference between “I have an AI agent” and “my AI agent works for me every day without me thinking about it.” Without scheduled triggers, the agent sits idle unless you manually message it. The morning briefing alone — a single cron job — replaces 15-20 minutes of opening apps, checking email, and scanning your calendar every morning.

OpenClaw has 9 disclosed CVEs, including a CVSS 8.8 one-click remote code execution vulnerability. The ClawHavoc attack planted 2,400 malicious plugins on ClawHub. CNCERT issued a formal security warning. These are documented facts, not scare tactics.

Every deployment gets the full 9-point security framework. This isn’t a premium add-on. It’s included at every tier because an unsecured OpenClaw agent with access to your Gmail, Calendar, and Drive is a liability, not an asset.

Server-level hardening (points 1-4)

1. SSH key-only authentication — Password auth disabled. Root login disabled.
2. UFW firewall — Default deny incoming. Allow 22 (SSH), 80 (HTTP for ACME), 443 (HTTPS).
3. Fail2ban — 5 failed SSH attempts = 1 hour ban. 10 failed gateway auth attempts = 24 hour ban.
4. Tailscale VPN — The only way to SSH into the server remotely. SSH port closed to the public internet entirely.

Application-level hardening (points 5-7)

5. Gateway token authentication — Every API request requires a bearer token. No anonymous access.
6. Gog OAuth scoped permissions — All Google Workspace credentials flow through Gog’s OAuth with least-privilege scopes. The agent never holds raw API tokens.
7. Tool permission allowlists — Gmail: READ + DRAFT only. Calendar: READ + CREATE only. Drive: READ only. No DELETE anywhere.

Agent-level hardening (points 8-9)

8. SOUL.md security section — Explicit constraints on what the agent must never do, placed at the system prompt level where context compaction cannot reach them.
9. Prompt injection defense — SOUL.md includes explicit instructions to reject social engineering attempts, ignore embedded instructions in emails, and never output system prompt contents.

For the full security framework including the complete SOUL.md security template: Securing Your OpenClaw Agent: SOUL.md Hardening, Prompt Injection, and Server Lockdown.

After deployment, we run 50+ test messages through the agent. Not “does the morning briefing work” tests — adversarial tests designed to break the security constraints.

Prompt injection tests (real results)

Edge case tests

• Multi-language handling: Send in French, verify French response. Switch to English, verify it switches back.
• Rate limiting: Send 20 rapid-fire Telegram messages. Verify queuing without crashes or duplicates.
• Calendar conflict detection: Create 2 overlapping meetings. Verify the morning briefing flags the conflict.
• Email deduplication: Run the triage cron job twice in quick succession. Verify no email is processed twice.
• Token expiration simulation: Manually expire the OAuth token. Verify the agent notifies via Telegram instead of silently failing.
• Quiet hours enforcement: Send a message at 23:00. Verify the agent acknowledges but holds digests until morning.

The security test we never skip

Testing isn’t about checking if the agent works. It’s about checking if the agent fails safely. An agent that processes email correctly 99% of the time but follows one prompt injection attempt is worse than no agent at all.

After testing, we prepare the handoff package. This is what our client receives:

The documentation package

1. Server Access Guide — Tailscale VPN setup, SSH connection details, emergency access procedure
2. Agent Operations Manual — How to restart the agent, check logs, verify cron jobs are running
3. SOUL.md Reference — Annotated copy explaining every section and why it exists
4. Credential Map — Which credentials live where (Gog keyring, gateway token, OAuth tokens). No actual credentials — just locations and rotation procedures.
5. Troubleshooting Playbook — The 10 most common issues with step-by-step fixes
6. Monitoring Checklist — Weekly verification steps: is the morning briefing arriving? Are cron logs clean? Is disk usage below 80%?

Credential rotation schedule

Managed Care transition

For clients who want hands-off operation after deployment, we offer Managed Care at $299/month. That includes uptime monitoring every 5 minutes, update management tested in staging before production, security patching for critical CVEs within 24 hours, and a monthly health report.

Here’s the honest breakdown. Every number is real.

The honest take: If you’re a developer who enjoys this kind of work, DIY is genuinely rewarding. You’ll learn OAuth, nginx, and production security in a way no tutorial can teach. But if your time is better spent on your business — if you’re a founder, a freelancer, or a team lead who needs the AI assistant working this week, not next month — the economics point clearly to having someone handle it for you.

Every step in this walkthrough — from VPS provisioning to the final security test — exists as a scripted, repeatable deployment process. No manual SSH sessions. No copy-pasting commands from blog posts. No guessing at nginx configurations.

What the scripts handle

• Server provisioning and initial hardening (automated)
• OpenClaw installation with hardened systemd unit file (automated)
• Gog OAuth authentication for all 6 Google services (guided, with error detection)
• Nginx configuration generation with SSL (automated)
• SOUL.md and AGENTS.md templating from client intake form responses (automated)
• Cron job installation and log rotation setup (automated)
• Full 9-point security hardening (automated)
• Post-deployment test suite (automated, with pass/fail reporting)

What still requires a human

• The Google Cloud Console project setup (Google’s UI changes too often to automate reliably)
• SOUL.md personality tuning (the security section is templated; the personality section is custom)
• Workflow testing with the client’s actual email and calendar data
• The “does this feel right?” conversation that turns a working agent into a useful one

This is the difference between a 12-18 hour deployment and an under 60 minute deployment. Not shortcuts. Not skipped steps. Automation.

Not affiliated with or endorsed by the OpenClaw open-source project.