Self-hosting an AI assistant used to mean renting cloud infrastructure and paying per API call. If you want to install OpenClaw on Fedora 43 and run it locally on your own machine, you now have a clean, production-ready path to get there. This guide walks you through every step, from refreshing your system packages to locking down firewalld, with a clear explanation of why each command matters, not just what it does.

OpenClaw is an open-source, self-hosted AI gateway that connects your AI model of choice to messaging platforms like Discord, Telegram, WhatsApp, and Slack. It runs a local web dashboard at http://localhost:18789 and stores everything inside ~/.openclaw on your home directory. Because you control the server, you control where your conversation data goes.

Fedora 43 is a particularly good host for OpenClaw. It ships with DNF 5, RPM 6.0 with enforced cryptographic package signatures, and SELinux set to enforcing mode by default. These defaults make Fedora 43 more secure out of the box than most other distributions, but they also mean a generic Linux tutorial may trip you up in one or two places. This guide handles those Fedora-specific details directly.

By the end of this Linux server tutorial, you will have a fully running OpenClaw instance registered as a systemd user service, configured to survive reboots, and protected behind Fedora’s firewall.

Prerequisites for OpenClaw on Fedora 43 Setup

Before you run a single command, confirm that your environment meets these requirements. Skipping this check is the most common reason an install fails halfway through.

Operating System:

• Fedora 43 (x86_64 or ARM64)

User Access:

• A non-root user account with sudo privileges
• Do not run this entire guide as root

Hardware Minimums:

• 1 GB RAM (minimum); 4 GB recommended for comfortable operation
• 500 MB free disk space for the install plus workspace files

Network and API:

• A working internet connection for package downloads
• An API key from Anthropic, OpenAI, or OpenRouter. The onboarding wizard validates this key before it continues

Terminal Knowledge:

• Comfort with basic terminal commands (cd, ls, nano, systemctl)
• Beginner to intermediate level is fine; this guide explains each command

Step 1: Update Your Fedora 43 System

The first thing any experienced sysadmin does before installing software is update the system. On Fedora 43, this is not just good hygiene; it is necessary.

sudo dnf update -y && sudo dnf upgrade -y

What this does: dnf update refreshes the package metadata cache. dnf upgrade installs newer versions of everything currently on your system. The -y flag skips the confirmation prompt.

Why it matters: Fedora 43 uses DNF 5 as its default package manager. DNF 5 handles dependency resolution differently from DNF 4, and running on stale metadata can produce version conflict errors when you add the NodeSource repository in the next step. Running updates now avoids a frustrating mid-install failure.

This step takes between 2 and 10 minutes depending on how long since your last update. Let it finish completely before moving forward.

Step 2: Install Required System Dependencies

OpenClaw’s install script and its supporting tools depend on a small set of system utilities. Install them now so nothing interrupts the process later.

sudo dnf install -y curl git tar

What each package does:

• curl: Downloads the NodeSource setup script and the OpenClaw install script
• git: Needed if you later update OpenClaw by pulling from its GitHub repository or use any skill extensions
• tar: Extracts compressed archives that some OpenClaw components use during setup

Why this step is separate: A minimal Fedora 43 server install does not guarantee these tools are present. Running a quick verify before you need them prevents a confusing “command not found” error when you are already deep into the installation.

Verify any of these tools with which curl, which git, and which tar. If the command returns a path like /usr/bin/curl, that tool is already available.

Step 3: Install Node.js 22 on Fedora 43

This is the most critical prerequisite step. OpenClaw requires Node.js 22 LTS or higher, and this is where most failed installs on Fedora originate.

Why You Cannot Use Fedora’s Default Node.js Package

Fedora’s built-in repositories often ship a Node.js version that lags behind the current LTS release. OpenClaw relies on ES module features and async runtime patterns that only became stable in Node.js 22. Installing an older version produces cryptic errors during the build that look like network failures, but are actually version incompatibilities.

Add the NodeSource Repository

NodeSource maintains a dedicated RPM repository for Fedora and RHEL-based systems. This repository guarantees you get Node.js 22 with proper SELinux file labels and systemd integration.

curl -fsSL https://rpm.nodesource.com/setup_22.x | sudo bash -

What this does: Downloads and runs the NodeSource setup script, which detects your Fedora version and adds the correct Node.js 22 repository to your DNF configuration.

Why use NodeSource over the default repo: The NodeSource build includes the correct SELinux file contexts for Fedora, which prevents permission denied errors when the systemd daemon tries to execute the Node.js binary later.

Install Node.js

sudo dnf install -y nodejs

Verify the Installation

Always verify before proceeding. Do not assume it worked.

node --version
npm --version

Expected output:

v22.x.x
10.x.x

If node --version returns anything below v22, stop here and revisit the NodeSource setup step. Proceeding with a wrong version produces errors during the OpenClaw install that are difficult to trace back to Node.js.

Step 4: Install OpenClaw on Fedora 43

With Node.js 22 confirmed, you have two solid installation methods. Method 1 suits most users. Method 2 is better if you prefer more control over where global packages live.

Method 1: Official One-Line Install Script (Recommended)

curl -fsSL https://openclaw.ai/install.sh | bash

What this does: The script auto-detects your OS and architecture, checks for the correct Node.js version, downloads the latest OpenClaw binary, and drops you directly into the onboarding wizard.

Security note for cautious sysadmins: Piping a remote script directly to bash without reading it first is a habit worth breaking on a hardened Fedora system. Here is the safer approach:

curl -O https://openclaw.ai/install.sh
less install.sh
bash install.sh

Download first, inspect it, then execute. This takes 30 extra seconds and removes any blind trust from the process.

Method 2: Global npm Install (Developer-Preferred)

sudo npm install -g openclaw@latest

What @latest does: Pins your install to the most recent version available in the npm registry. Omitting this tag can silently pull a cached, older version.

Why global installation matters: A global install places the openclaw binary into a directory that is part of your system $PATH. This is essential for systemd service execution because the service file needs an absolute binary path that resolves correctly at boot.

Handling npm permission errors without sudo: If you prefer not to give npm write access to system directories (which can conflict with Fedora’s SELinux protect_system policies), configure a user-owned npm prefix instead.

npm config set prefix '~/.npm-global'
echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
source ~/.bashrc
npm install -g openclaw@latest

Why this approach: It keeps npm’s global packages completely inside your home directory, away from system paths that SELinux watches closely on Fedora.

Confirm the install worked:

openclaw --version

Step 5: Run the OpenClaw Onboarding Wizard

The onboarding wizard is where your OpenClaw instance takes shape. Run it with the --install-daemon flag from the start.

openclaw onboard --install-daemon

Why --install-daemon is not optional for most users: Without this flag, OpenClaw only runs during your active terminal session. The moment you close that terminal or your SSH connection drops, the process dies. The --install-daemon flag registers OpenClaw as a systemd user service, which means it survives reboots and disconnections automatically.

What Each Onboarding Prompt Asks

The wizard walks you through six decisions. Here is what each one means and why it matters:

1. Accept the usage disclaimer — Required to proceed. Read it once, confirm.
2. Choose onboarding mode — Select Manual for full control. QuickStart skips options you want on a Fedora server.
3. Set your AI provider and API key — Paste your Anthropic, OpenAI, or OpenRouter key. The wizard validates the connection live before it continues. If validation fails, check for extra whitespace around your key.
4. Set the Gateway port — Default is 18789. Leave it as-is unless another process already uses that port. Check with ss -tlnp | grep 18789 before changing it.
5. Set the bind address — Use 127.0.0.1 for local-only access. Use 0.0.0.0 only if you need to reach the dashboard from another device on your LAN.
6. Connect a messaging channel (optional) — You can connect Discord, Telegram, WhatsApp, or Slack now or skip this and do it later from the dashboard.

The wizard writes all of this to ~/.openclaw/openclaw.json. Getting these values right during setup saves you from manually editing JSON config files later.

Step 6: Configure the systemd Daemon on Fedora 43

This step is where Fedora-specific knowledge makes the biggest difference. Fedora 43’s strict systemd defaults and SELinux policies require a few extra commands that generic guides skip entirely.

Verify the Service Was Created

systemctl --user status openclaw

Why the --user flag: OpenClaw’s onboarding installs a user-level systemd service, not a system-wide one. On Fedora 43, user services live in ~/.config/systemd/user/. Without the --user flag, systemctl looks for a system service and returns “not found.”

Expected output:

openclaw.service - OpenClaw Gateway
   Loaded: loaded (/home/youruser/.config/systemd/user/openclaw.service; enabled)
   Active: active (running) since ...

Enable Auto-Start at Boot

Two commands work together here:

systemctl --user enable openclaw
sudo loginctl enable-linger $USER

What systemctl --user enable does: Registers the service to start when you log in.

Why loginctl enable-linger is also required: By default, user systemd services only start when that specific user logs in interactively. loginctl enable-linger instructs Fedora 43 to launch your user’s systemd session at boot time, before any login occurs. For a headless server, this is essential — without it, OpenClaw stays offline until someone logs into that account.

Manual systemd Unit File (Fallback)

If the onboarding wizard fails to register the service due to a known systemd bus connection failure bug in certain OpenClaw versions, create the unit file manually.

mkdir -p ~/.config/systemd/user/
nano ~/.config/systemd/user/openclaw.service

Paste this content:

[Unit]
Description=OpenClaw Gateway
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/openclaw gateway
Restart=always
RestartSec=10
PrivateTmp=true
ProtectSystem=strict
ReadWritePaths=%h/.openclaw
NoNewPrivileges=true

[Install]
WantedBy=default.target

Then reload and enable:

systemctl --user daemon-reload
systemctl --user enable --now openclaw

Why the security directives in the unit file: PrivateTmp gives OpenClaw its own isolated /tmp. ProtectSystem=strict makes the system filesystem read-only for this process. NoNewPrivileges=true prevents the process from escalating permissions even if a vulnerability is exploited. These are standard hardening practices for any long-running service on Fedora.

Step 7: Configure the Fedora 43 Firewall for OpenClaw

Fedora 43 ships with firewalld enabled by default. Port 18789 is blocked until you open it explicitly, but whether you need to open it depends on how you configured the bind address.

For Local-Only Access (Most Users)

If you set the bind address to 127.0.0.1 during onboarding, you do not need to touch the firewall. The loopback interface bypasses firewalld entirely, and your browser on the same machine can reach http://localhost:18789 without any firewall rule.

For LAN or Remote Access

If you set the bind address to 0.0.0.0, open the port through firewalld:

sudo firewall-cmd --add-port=18789/tcp --permanent
sudo firewall-cmd --reload

Then verify the rule is active:

sudo firewall-cmd --list-ports

Expected output:

18789/tcp

Why --permanent is critical: Without this flag, firewalld applies the rule only to the current session. The next system reboot silently removes it, and you get a “connection refused” error that looks like an OpenClaw crash when it is actually a firewall issue.

Why verify after reload: A successful firewall-cmd --reload does not guarantee the rule syntax was correct. Always confirm with --list-ports. Silent failures here account for a large percentage of “OpenClaw not loading” reports on Fedora systems.

Step 8: Verify OpenClaw Is Running Correctly

Test each layer independently. A passing check at one layer with a failure at the next tells you exactly where to look.

systemctl --user status openclaw

This confirms the process is alive at the OS level. Look for Active: active (running).

openclaw --version

This confirms the binary is in your $PATH and executable from your current shell session.

curl http://localhost:18789

This tests that the OpenClaw gateway HTTP server is responding. A response means the process is running and bound to the correct address.

Finally, open a browser and navigate to http://localhost:18789. You should see the OpenClaw control panel load.

What a passing CLI test with a failing browser means: If curl succeeds but the browser times out, check your bind address in ~/.openclaw/openclaw.json. If the address is 0.0.0.0 but you are accessing from a remote machine, verify your firewall rules from Step 7.

Troubleshooting Common OpenClaw Errors on Fedora 43

Even with a careful install, you may hit one of these five issues. Here is how to resolve each one.

Error 1: openclaw: command not found After Installation

Cause: npm’s global binary directory is not in your current shell’s $PATH. This is especially common on Fedora because the default shell profile does not include npm’s prefix path automatically.

Fix:

export PATH="$(npm prefix -g)/bin:$PATH"
source ~/.bashrc

If you used the user-owned prefix method, confirm the path:

echo $PATH | grep npm

Error 2: EACCES: permission denied During npm install -g

Cause: npm is trying to write to /usr/lib/node_modules, a system directory owned by root. On Fedora, SELinux adds extra enforcement on top of standard file permissions.

Fix: Switch to the user-owned prefix method from Step 4, Method 2. This avoids the system directory entirely.

Error 3: Failed to connect to bus: No such file or directory During Onboarding

Cause: A known bug in certain OpenClaw releases where the systemd user D-Bus session is not initialized at the point the onboarding wizard tries to register the daemon.

Fix: Skip the onboarding daemon step and create the systemd unit file manually using the instructions in Step 6.

Error 4: Dashboard at localhost:18789 Returns Connection Refused

Cause: Three possible culprits: OpenClaw is not running, the bind address is wrong, or firewalld is blocking the port.

Fix (check in this order):

systemctl --user status openclaw
cat ~/.openclaw/openclaw.json | grep bindAddress
sudo firewall-cmd --list-ports

Address whichever check fails first.

Error 5: Node.js Version Warning During Install

Cause: Your system has an older Node.js version installed alongside NodeSource’s v22, and the node command still points to the old one.

Fix:

sudo alternatives --config node

Select the v22 option from the list. Alternatively, use nvm (Node Version Manager) to switch versions cleanly.

How to Keep OpenClaw Updated on Fedora 43

Updating OpenClaw takes three commands. Run them whenever a new release comes out.

npm update -g openclaw
openclaw --version
systemctl --user restart openclaw

Why the restart is not optional: After npm update, the new binary sits on disk but the old version is still running in memory as a live process. The systemctl --user restart command stops the old process and starts a fresh one using the updated binary. Skipping the restart means openclaw --version reports the new version while the gateway is still running the old one.

OpenClaw receives frequent security patches and new AI provider integrations. Check the official changelog at docs.openclaw.ai before updating on a production server to catch any breaking changes.

Congratulations! You have successfully installed OpenClaw. Thanks for using this tutorial for installing the OpenClaw Personal AI Assistant on your Fedora 43 Linux system. For additional help or useful information, we recommend you check the official OpenClaw website.