Docker安装部署OpenClaw
软件环境描述说明:
- OS:openEuler 24.03 LTS SP3
- dockers:29.2.1
- openclaw:2026.2.2
- node:25.5.0-bookworm
- nginx:1.28.1 1
1. 下载OpenClaw
tar -zvf openclaw-2026.2.2.tar.gz
cd openclaw-2026.2.22. 构建openclaw镜像
# mv Dockerfile Dockerfile-ols
# echo '' > Dockerfile# vi Dockerfile
FROM node:25.5.0-bookworm
RUN curl -fsSL https://bun.sh/install | bash
ENV PATH="/root/.bun/bin:${PATH}"
RUN npm install -g pnpm
WORKDIR /app
ARG OPENCLAW_DOCKER_APT_PACKAGES=""
RUN if [ -n "$OPENCLAW_DOCKER_APT_PACKAGES" ]; then \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $OPENCLAW_DOCKER_APT_PACKAGES && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
fi
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
COPY ui/package.json ./ui/package.json
COPY patches ./patches
COPY scripts ./scripts
RUN pnpm install --frozen-lockfile
COPY . .
RUN OPENCLAW_A2UI_SKIP_MISSING=1 pnpm build
ENV OPENCLAW_PREFER_PNPM=1
RUN pnpm ui:build
ENV NODE_ENV=production
RUN chown -R node:node /app
USER node
ENTRYPOINT ["node", "dist/index.js"]
CMD ["gateway", "--allow-unconfigured", "--bind", "lan"]# docker build -t openclaw:2026.2.2 -f Dockerfile .3. 创建OpenClaw持久化目录
mkdir -p /opt/openclaw/{config,workspace,certs,logs} && chown -R 1000:1000 /opt/openclaw/{config,workspace}4. 创建OpenClaw网关容器
# docker network create openclaw-net
# openssl rand -hex 32 > /opt/openclaw/.env
# docker run -it \
--name openclaw-gateway \
--restart unless-stopped \
--network openclaw-net \
-v /etc/localtime:/etc/localtime:ro \
-v /opt/openclaw/config:/home/node/.openclaw \
-v /opt/openclaw/workspace:/home/node/.openclaw/workspace \
-e OPENCLAW_GATEWAY_TOKEN="$(cat /opt/openclaw/.env)" \
-d openclaw:2026.2.25. 生成自签名证书(也直接使用合法SSL证书)
openssl req -x509 -nodes -days 3650 \
-newkey rsa:2048 \
-keyout /opt/openclaw/certs/openclaw.key \
-out /opt/openclaw/certs/openclaw.crt \
-subj "/C=CN/ST=Beijing/L=Beijing/O=person/CN=openclaw.local"6. 创建Nginx容器
# vi /opt/openclaw/config/nginx.conf
worker_processes auto;
events {
worker_connections 10;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /opt/openclaw/logs/access.log main;
error_log /opt/openclaw/logs/error.log;
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/certs/openclaw.crt;
ssl_certificate_key /etc/nginx/certs/openclaw.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://openclaw-gateway:18789;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}docker run -it \
--name openclaw-nginx \
--restart unless-stopped \
--network openclaw-net \
-p 443:443 \
-v /etc/localtime:/etc/localtime:ro \
-v /opt/openclaw/config/nginx.conf:/etc/nginx/nginx.conf \
-v /opt/openclaw/certs:/etc/nginx/certs:ro \
-v /opt/openclaw/logs:/opt/openclaw/logs \
-d nginx:1.28.17. 创建OpenClaw控制器容器并配置OpenClaw
docker run -it \
--name openclaw-cli \
--restart unless-stopped \
--network openclaw-net \
-v /etc/localtime:/etc/localtime:ro \
-v /opt/openclaw/config:/home/node/.openclaw \
-v /opt/openclaw/workspace:/home/node/.openclaw/workspace \
-e OPENCLAW_GATEWAY_TOKEN="$(cat /opt/openclaw/.env)" \
openclaw:2026.2.2 onboard --no-install-daemon8. 进入CLI配置OpenClaw
# docker exec -it openclaw-cli node dist/index.js onboard
# docker exec -it openclaw-cli node dist/index.js configure
# docker exec -it openclaw-cli node dist/index.js devices list9. OpenClaw启用局域网模型
# vi /opt/openclaw/config/openclaw.json
"gateway": {
"mode": "remote",
"auth": {
"mode": "token",
"token": "5da0b7db48c8604426a8d03f8913e0c36178dfe4edc43a17"
},
"port": 18789,
"bind": "lan",
"tailscale": {
"mode": "off",
"resetOnExit": false
}
将mode 改成 remote,bind 改成 lan,然后重启OpenClaw14:33:30 [canvas] host mounted at http://0.0.0.0:18789/__openclaw__/canvas/ (root /home/node/.openclaw/canvas)
14:33:30 [heartbeat] started
14:33:30 [gateway] agent model: minimax/MiniMax-M2.1
14:33:30 [gateway] listening on ws://0.0.0.0:18789 (PID 1)
14:33:30 [gateway] log file: /tmp/openclaw/openclaw-2026-02-03.log
14:33:31 [browser/service] Browser control service ready (profiles=2)
附录:
1. 创建OpenClaw项目docker-compose
cat > docker-compose.yaml <<EOF
version: "3.8"
services:
openclaw-gateway:
image: openclaw:2026.2.2
container_name: openclaw-gateway
restart: unless-stopped
networks:
- openclaw-net
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/openclaw/config:/home/node/.openclaw
- /opt/openclaw/workspace:/home/node/.openclaw/workspace
environment:
- OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
command: tail -f /dev/null # Keeps the container running in the background
depends_on:
- openclaw-cli
- openclaw-nginx
openclaw-nginx:
image: nginx:1.28.1
container_name: openclaw-nginx
restart: unless-stopped
networks:
- openclaw-net
ports:
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/openclaw/config/nginx.conf:/etc/nginx/nginx.conf
- /opt/openclaw/certs:/etc/nginx/certs:ro
- /opt/openclaw/logs:/opt/openclaw/logs
depends_on:
- openclaw-gateway
openclaw-cli:
image: openclaw:2026.2.2
container_name: openclaw-cli
restart: unless-stopped
networks:
- openclaw-net
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/openclaw/config:/home/node/.openclaw
- /opt/openclaw/workspace:/home/node/.openclaw/workspace
environment:
- OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
command: onboard --no-install-daemon
depends_on:
- openclaw-gateway
networks:
openclaw-net:
driver: bridge
EOF2. OpenClaw项目一键安装脚本
#!/bin/bash
set -e
echo "1.检查并创建 openclaw-setup 目录"
if [ ! -d "/opt/openclaw-setup" ]; then
echo "/opt/openclaw-setup directory does not exist, creating it..."
mkdir -p /opt/openclaw-setup
fi
# 切换到 openclaw-setup 目录
cd /opt/openclaw-setup || exit
echo "2.下载 OpenClaw"
git clone https://github.com/openclaw/openclaw.git
echo "3.构建 OpenClaw 镜像"
cd openclaw
mv Dockerfile Dockerfile-old
cat << 'EOF' > Dockerfile
FROM node:25.5.0-bookworm
RUN curl -fsSL https://bun.sh/install | bash
ENV PATH="/root/.bun/bin:${PATH}"
RUN npm install -g pnpm
WORKDIR /app
ARG OPENCLAW_DOCKER_APT_PACKAGES=""
RUN if [ -n "$OPENCLAW_DOCKER_APT_PACKAGES" ]; then \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $OPENCLAW_DOCKER_APT_PACKAGES && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
fi
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
COPY ui/package.json ./ui/package.json
COPY patches ./patches
COPY scripts ./scripts
RUN pnpm install --frozen-lockfile
COPY . .
RUN OPENCLAW_A2UI_SKIP_MISSING=1 pnpm build
ENV OPENCLAW_PREFER_PNPM=1
RUN pnpm ui:build
ENV NODE_ENV=production
RUN chown -R node:node /app
USER node
ENTRYPOINT ["node", "dist/index.js"]
CMD ["gateway", "--allow-unconfigured", "--bind", "lan"]
EOF
# 构建镜像
docker build -t openclaw:2026.2.2 -f Dockerfile .
echo "4.创建持久化目录."
mkdir -p /opt/openclaw/{config,workspace,certs,logs} && chown -R 1000:1000 /opt/openclaw/{config,workspace}
echo "5.创建.env文件"
openssl rand -hex 32 > /opt/openclaw/.env
echo "6.生成自签名证书"
openssl req -x509 -nodes -days 3650 \
-newkey rsa:2048 \
-keyout /opt/openclaw/certs/openclaw.key \
-out /opt/openclaw/certs/openclaw.crt \
-subj "/C=CN/ST=Beijing/L=Beijing/O=person/CN=openclaw.local"
echo "7.生成Nginx配置文件"
cat << 'EOF' > /opt/openclaw/config/nginx.conf
worker_processes auto;
events {
worker_connections 10;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /opt/openclaw/logs/access.log main;
error_log /opt/openclaw/logs/error.log;
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/certs/openclaw.crt;
ssl_certificate_key /etc/nginx/certs/openclaw.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://openclaw-gateway:18789;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
EOF
echo "8.配置 Docker Compose"
cat << 'EOF' > /opt/openclaw/docker-compose.yaml
version: "3.8"
services:
openclaw-gateway:
image: openclaw:2026.2.2
container_name: openclaw-gateway
restart: unless-stopped
networks:
- openclaw-net
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/openclaw/config:/home/node/.openclaw
- /opt/openclaw/workspace:/home/node/.openclaw/workspace
environment:
- OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
command: tail -f /dev/null
depends_on:
- openclaw-cli
- openclaw-nginx
openclaw-nginx:
image: nginx:1.28.1
container_name: openclaw-nginx
restart: unless-stopped
networks:
- openclaw-net
ports:
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/openclaw/config/nginx.conf:/etc/nginx/nginx.conf
- /opt/openclaw/certs:/etc/nginx/certs:ro
- /opt/openclaw/logs:/opt/openclaw/logs
depends_on:
- openclaw-gateway
openclaw-cli:
image: openclaw:2026.2.2
container_name: openclaw-cli
restart: unless-stopped
networks:
- openclaw-net
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/openclaw/config:/home/node/.openclaw
- /opt/openclaw/workspace:/home/node/.openclaw/workspace
environment:
- OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
command: onboard --no-install-daemon
depends_on:
- openclaw-gateway
networks:
openclaw-net:
driver: bridge
EOF
echo "9.动OpenClaw容器"
cd /opt/openclaw && docker-compose up -d
少壮不努力,老大干IT。
一入运维深似海,从此不见彼岸花。
浙公网安备 33010602011771号