Mac Mini Local Deployment Guide
OpenClaw Gateway · M2 / M4 · Always-On Setup
A Mac Mini is one of the best platforms for running a persistent OpenClaw Gateway. Silent, energy-efficient (<25W idle), and capable enough to handle dozens of concurrent AI agent sessions — all on your own hardware, with no monthly cloud bill.
Jump to Section
Why Mac Mini for OpenClaw?
Always-On, Low Power
Mac Mini M2 draws 6–25W at idle — cheaper to run 24/7 than leaving a laptop open. A cloud VPS at equivalent performance costs $40–80/mo.
Apple Silicon Performance
The M2/M4 chip handles large Node.js workloads, concurrent WebSocket sessions, and even local LLM inference without breaking a sweat.
Data Stays Local
Your agent sessions, tool calls, and session files never leave your network. Critical for teams handling sensitive code or customer data.
Zero Monthly Cost
After the one-time hardware purchase, running costs are just electricity — roughly $3–5/month for a Mac Mini running 24/7.
Hardware Requirements
- Mac Mini M2 (base) — 8GB unified memory
- 256GB SSD (leaves 200GB+ for session files and logs)
- Ethernet or Wi-Fi 6 — 100Mbps+ recommended
Good for 1–5 concurrent AI agent sessions. Handles 90% of personal and indie dev use cases.
- Mac Mini M2 Pro or M4 — 16GB+ unified memory
- 512GB SSD — room for local LLM models too
- Gigabit Ethernet — stable for remote access
Supports 10–30 concurrent sessions plus running a local Ollama instance alongside OpenClaw.
- Mac Mini M4 Max — 32–64GB unified memory
- 1TB+ SSD, external NAS for session archive
- Ethernet + UPS for zero-downtime restarts
Enterprise-grade local setup. Handles 50+ sessions and running 70B local models simultaneously.
Test before you buy hardware
Want to validate your OpenClaw setup before committing to hardware? Spin up a cloud VPS first. You can run the identical config on a $20/mo DigitalOcean Droplet or Vultr instance, then migrate to your Mac Mini once everything works.
Step 1 — Install Node.js and OpenClaw
The simplest way to manage Node.js on macOS is via Homebrew. If you don't have Homebrew installed yet, run this first:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Then install Node.js and OpenClaw:
# Install Node.js LTS brew install node # Verify Node is working node --version # Should print v20 or v22 npm --version # Install OpenClaw globally npm install -g openclaw # Verify installation openclaw --version
Verify the install
openclaw doctor # All checks should show ✓ green
Step 2 — Configure the Gateway
Before starting the Gateway, configure it for persistent local use. These settings live in your OpenClaw config file at ~/.openclaw/config.json.
# Set gateway mode to local (required for persistent use) openclaw config set gateway.mode local # Set a strong authentication token (change this value) openclaw config set gateway.auth.token "$(openssl rand -hex 32)" # Bind to all interfaces so LAN devices can connect openclaw config set gateway.listen 0.0.0.0:18789 # View your full config to confirm openclaw config list
Save your token
Run openclaw config get gateway.auth.token to view your token. You'll need it when connecting the OpenClaw Control UI or pairing remote devices.
Step 3 — Auto-Start with launchd
macOS uses launchd to manage background services. This is the right way to keep the Gateway running after login and automatically restart it if it crashes.
# First, find the exact path of the openclaw binary which openclaw # Example output: /usr/local/bin/openclaw # or: /opt/homebrew/bin/openclaw (Apple Silicon)
Create the plist file. Replace /opt/homebrew/bin/openclaw with the path from the command above if different:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.openclaw.gateway</string>
<key>ProgramArguments</key>
<array>
<string>/opt/homebrew/bin/openclaw</string>
<string>gateway</string>
<string>start</string>
<string>--foreground</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>StandardOutPath</key>
<string>/tmp/openclaw-gateway.log</string>
<key>StandardErrorPath</key>
<string>/tmp/openclaw-gateway-error.log</string>
<key>EnvironmentVariables</key>
<dict>
<key>HOME</key>
<string>/Users/YOUR_USERNAME</string>
<key>PATH</key>
<string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin</string>
</dict>
</dict>
</plist>Replace YOUR_USERNAME with the output of whoami. If you're on Intel Mac, use /usr/local/bin/openclaw instead of the Homebrew path.
Load and start the service:
# Load the service (this also starts it immediately) launchctl load ~/Library/LaunchAgents/com.openclaw.gateway.plist # Check that it's running launchctl list | grep openclaw # You should see: PID 0 com.openclaw.gateway (non-zero PID = running) # View live logs tail -f /tmp/openclaw-gateway.log
Useful launchctl commands:
launchctl stop com.openclaw.gatewayStop the Gateway (will auto-restart due to KeepAlive)
launchctl unload ~/Library/LaunchAgents/com.openclaw.gateway.plistFully stop and disable auto-start
launchctl reload ~/Library/LaunchAgents/com.openclaw.gateway.plistReload after editing the plist
Step 4 — LAN and Remote Access
Connect from other devices on the same network
Once the Gateway is running, other devices on your LAN can connect. Find your Mac Mini's IP address:
# Find your local IP address ipconfig getifaddr en0 # Ethernet ipconfig getifaddr en1 # Wi-Fi # Or use hostname hostname -I
On your other devices (laptops, servers), configure OpenClaw to connect to your Mac Mini Gateway:
# On the CLIENT device (not the Mac Mini) openclaw config set gateway.remote.url "ws://192.168.1.100:18789" openclaw config set gateway.remote.token "your-auth-token-here" # Test the connection openclaw gateway status
Access from outside your network (optional)
For remote access over the internet, the safest approach is an SSH tunnel — no port forwarding required:
# On your remote machine, tunnel port 18789 through SSH ssh -N -L 18789:localhost:18789 your-user@your-home-ip # Then connect OpenClaw to the tunneled local port openclaw config set gateway.remote.url "ws://localhost:18789" # Keep the tunnel alive with autossh autossh -M 0 -N -L 18789:localhost:18789 your-user@your-home-ip
Avoid exposing port 18789 directly to the internet — always use SSH tunnel, VPN (Tailscale/Wireguard), or a reverse proxy with TLS. The Gateway WebSocket protocol does not encrypt in transit by default.
Tailscale (easiest remote access)
# Install Tailscale on your Mac Mini brew install tailscale # Start Tailscale sudo tailscale up # Get your Tailscale IP (e.g. 100.x.x.x) tailscale ip -4 # On your remote device, connect to the Tailscale IP openclaw config set gateway.remote.url "ws://100.x.x.x:18789"
Step 5 — Security Hardening
Use a strong auth token
The token should be at least 32 random characters. Generate one with: openssl rand -hex 32
Enable macOS Firewall
System Settings → Network → Firewall → Turn On. Block incoming connections except from approved apps.
Never expose port 18789 to the public internet
Use SSH tunnel, Tailscale, or a TLS-terminating reverse proxy (Caddy/nginx) instead.
Keep OpenClaw updated
Run "npm install -g openclaw@latest" monthly. Critical security fixes and lock-file improvements ship regularly.
Enable FileVault
System Settings → Privacy & Security → FileVault. Encrypts session data on disk in case of physical theft.
Cost: Mac Mini vs Cloud VPS
Here's a realistic breakdown comparing a Mac Mini against cloud alternatives for running a persistent OpenClaw Gateway:
| Setup | Upfront | Monthly | Year 1 | Year 3 |
|---|---|---|---|---|
| Mac Mini M2 (8GB) ✓ Best value | $599 | ~$4 | ~$647 | ~$743 |
| Mac Mini M2 Pro (16GB) | $999 | ~$4 | ~$1,047 | ~$1,143 |
| DigitalOcean 2vCPU / 4GB | $0 | $24 | $288 | $864 |
| DigitalOcean 4vCPU / 8GB | $0 | $48 | $576 | $1,728 |
| Vultr High Perf 4vCPU / 8GB | $0 | $40 | $480 | $1,440 |
The Mac Mini breaks even vs a DigitalOcean Droplet in roughly 13–25 months, then runs essentially free. For home users and small teams, it's the clear winner at year 2+.
Not ready to commit yet?
Start with a cloud VPS to validate your setup, then migrate to Mac Mini when you're confident. DigitalOcean gives new users $200 in free credit — enough to run a full month of testing at no cost.
Troubleshooting
Gateway won't start after reboot
Check the launchd log for errors:
cat /tmp/openclaw-gateway-error.log tail -f /tmp/openclaw-gateway.log # Also check launchctl status launchctl list com.openclaw.gateway
The most common cause is the plist using a wrong path for the openclaw binary. Verify with:
# This must match the ProgramArguments path in your plist which openclaw
Lock file error after restart
If you see gateway already running (pid NNN); lock timeout, the Gateway didn't shut down cleanly. See the full Gateway Lock Timeout guide or run:
openclaw gateway stop rm -f ~/.openclaw/sessions/*.lock openclaw gateway start
Device can't connect from LAN
Verify the Gateway is listening on all interfaces (not just 127.0.0.1):
openclaw config get gateway.listen # Should show: 0.0.0.0:18789 # Also check macOS firewall isn't blocking port 18789 sudo lsof -i :18789
If a new device gets stuck at "pairing required", see the Pairing Required guide.
Run a full health check
After setup, run the Doctor to verify all checks pass — Node.js version, Gateway status, token config, network connectivity:
Know the moment your Gateway goes down
We're building Gateway Monitor — a real-time health dashboard purpose-built for always-on OpenClaw deployments like Mac Mini. Uptime tracking, session inspector, and smart alerts when things break.
Join the Early Access List50% off for early members · No spam
Related Guides
More OpenClaw Tools
Did this guide solve your problem?