- 环境准备
- 基础部署
- 常见问题与解决方案
- 安全配置详解
- 最佳实践
- Docker 20.10+
- Docker Compose 2.0+
- 2GB+ 可用内存
- 开放端口 18789(可自定义)
mkdir -p ~/openclaw-data cd ~创建 ~/openclaw-data/openclaw.json:
cat > ~/openclaw-data/openclaw.json << 'EOF' { "gateway": { "mode": "local", "bind": "lan", "port": 18789, "controlUi": { "enabled": true, "allowInsecureAuth": true, "dangerouslyDisableDeviceAuth": true, "dangerouslyAllowHostHeaderOriginFallback": true }, "auth": { "mode": "token", "token": "your-secure-token-here" } } } EOF参数说明:
| 参数 | 说明 | 建议值 |
|---|---|---|
| bind | 监听地址 | lan(监听 0.0.0.0) |
| allowInsecureAuth | 允许 HTTP 访问 | true(内网环境) |
| dangerouslyDisableDeviceAuth | 禁用设备配对 | true(Docker 环境必需) |
| token | 访问令牌 | 自定义强密码 |
创建 ~/docker-compose.yml:
services: openclaw: image: /openclaw-zh:latest container_name: openclaw ports: - "18789:18789" volumes: - ~/openclaw-data:/root/.openclaw command: ["openclaw", "gateway", "--bind", "lan"] restart: unless-stopped# 启动容器 docker compose up -d # 查看日志 docker compose logs -f # 预期输出: # [gateway] listening on ws://0.0.0.0:18789浏览器访问:
http://服务器IP:18789/?token=your-secure-token-here现象:curl http://127.0.0.1:18789 返回连接重置
原因:网关只监听 127.0.0.1,未监听 0.0.0.0
解决:确保配置中有 "bind": "lan"
现象:浏览器显示需要设备配对
原因:Docker 环境下每次访问都产生新设备 ID
解决:配置 "dangerouslyDisableDeviceAuth": true
现象:提示需要 HTTPS 或 localhost
原因:allowInsecureAuth 未生效或配置被覆盖
解决:
- 确认配置文件路径正确(
/root/.openclaw/openclaw.json) - 使用宿主机目录挂载而非 Docker 卷
- 重启容器确保配置加载
现象:日志显示 Missing config. Run openclaw setup
原因:配置文件未创建或路径错误
解决:使用宿主机绝对路径挂载
| 场景 | 配置 | 安全性 |
|---|---|---|
| 公网环境 | HTTPS + Token + 设备配对 | ⭐⭐⭐⭐⭐ |
| 内网环境 | HTTP + Token + dangerouslyDisableDeviceAuth | ⭐⭐⭐ |
| 快速测试 | HTTP + dangerouslyDisableDeviceAuth | ⭐⭐ |
# 随机生成 32 字节 hex openssl rand -hex 32 # 或 base64 openssl rand -base64 32# 生成自签名证书 openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout ~/openclaw-data/openclaw.key \ -out ~/openclaw-data/openclaw.crt openclaw docker 教程 \ -subj "/CN=your-domain.com" # Nginx 配置 server { listen 443 ssl; ssl_certificate /path/to/openclaw.crt; ssl_certificate_key /path/to/openclaw.key; location / { proxy_pass http://127.0.0.1:18789; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }services: openclaw: image: /openclaw-zh:latest container_name: openclaw ports: - "18789:18789" volumes: - ~/openclaw-data:/root/.openclaw environment: - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_TOKEN} command: ["openclaw", "gateway", "--bind", "lan"] restart: unless-stopped创建 .env 文件:
OPENCLAW_TOKEN=your-secure-token-here# 使用 Watchtower 自动更新 docker run -d \ --name watchtower \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower \ --interval 3600 \ openclaw# 定期备份 tar czf openclaw-backup-$(date +%Y%m%d).tar.gz ~/openclaw-data/docker exec -e OPENCLAW_GATEWAY_TOKEN=your-token openclaw node dist/index.js devices list# 停止并删除 docker compose down docker volume rm openclaw-data # 谨慎操作! # 重新部署 rm -rf ~/openclaw-data/* # 重新执行步骤1-3# docker-compose.yml services: openclaw: image: /openclaw-zh:latest container_name: openclaw ports: - "18789:18789" volumes: - ./openclaw-data:/root/.openclaw command: ["openclaw", "gateway", "--bind", "lan"] restart: unless-stopped// openclaw-data/openclaw.json { "gateway": { "mode": "local", "bind": "lan", "port": 18789, "controlUi": { "enabled": true, "allowInsecureAuth": true, "dangerouslyDisableDeviceAuth": true }, "auth": { "mode": "token", "token": "change-this-to-your-secure-token" } } }OpenClaw 在 Docker 环境下的核心要点:
- 必须使用
bind: lan- 否则外部无法访问 - 必须使用
dangerouslyDisableDeviceAuth- Docker 环境下设备配对无法正常工作 - 使用宿主机目录挂载 - 避免配置丢失
- Token 必须包含在 URL 中 -
http://ip:port/?token=xxx
按照本教程配置,即可实现稳定的 OpenClaw Docker 部署。
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请联系我们举报,一经查实,本站将立刻删除。
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/250199.html原文链接:https://javaforall.net
