看了一圈 Docker 安装 OpenClaw 的文章好像都是默认设置
正好搞了连接 Github 账号就记录一下
主机信息
- 系统: Debian GNU/Linux 13 (trixie)
- OpenClaw 代码目录: /data/openclaw/src
- OpenClaw 数据目录: /data/openclaw/data
- 模型提供商: Deepseek
目标
- Docker 安装 OpenClaw
- 更改数据保存位置
- 通过 PAT 连接 Github 账号
安装 OpenClaw
下载 OpenClaw 代码库
1
| git clone https://github.com/openclaw/openclaw.git src
|
切换到最新发行版
在此处查看最新发行版
创建 .env 环境变量
1
2
3
4
5
6
7
8
9
10
11
12
13
|
OPENCLAW_CONFIG_DIR=/data/openclaw/data
OPENCLAW_WORKSPACE_DIR=/data/openclaw/data/workspace
OPENCLAW_GATEWAY_PORT=18789
OPENCLAW_BRIDGE_PORT=18790
OPENCLAW_GATEWAY_BIND=lan
OPENCLAW_GATEWAY_TOKEN=<随机生成的64位hex>
OPENCLAW_IMAGE=openclaw:local
OPENCLAW_EXTRA_MOUNTS=/data/openclaw/data/.config/gh:/home/node/.config/gh
OPENCLAW_HOME_VOLUME=
OPENCLAW_DOCKER_APT_PACKAGES=
|
Hex 随机生成
1
| head -c 32 /dev/urandom | xxd -p
|
1
| od -An -N32 -tx1 /dev/urandom | tr -d ' \n'
|
环境变量说明
| 变量名 |
说明 |
默认值 |
需要修改 |
| OPENCLAW_CONFIG_DIR |
数据目录 |
/home/<你的用户名>/.openclaw |
√ |
| OPENCLAW_WORKSPACE_DIR |
工作空间 |
/home/<你的用户名>/.openclaw/workspace |
√ |
| OPENCLAW_GATEWAY_PORT |
WebUI 端口 |
18789 |
|
| OPENCLAW_BRIDGE_PORT |
|
18790 |
|
| OPENCLAW_GATEWAY_BIND |
|
lan |
|
| OPENCLAW_GATEWAY_TOKEN |
|
<随机生成的64位hex> |
√ |
| OPENCLAW_IMAGE |
Docker 镜像名称 |
openclaw:local |
|
| OPENCLAW_EXTRA_MOUNTS |
Docker 额外挂载的目录 |
|
√ |
| OPENCLAW_HOME_VOLUME |
|
|
|
| OPENCLAW_DOCKER_APT_PACKAGES |
镜像构建时额外安装的apt包 |
|
|
构建 OpenClaw 镜像
1
| docker build -t openclaw:local -f Dockerfile .
|
启动 OpenClaw 并进入设置向导
1
| docker compose run --rm openclaw-cli onboard
|
设置向导
I understand this is personal-by-default and shared/multi-user use requires lock-down. Continue? (我理解这是默认个人使用,共享/多用户使用需要锁定设置。是否继续?)
Onboarding mode (引导模式)
Model/auth provider (模型提供商) - 对于 Deepseek, 使用 Custom Provider
API Base URL
How do you want to provide this API key? (何时填写 API Key)
API Key (leave blank if not required)
Endpoint compatibility (API 端点兼容性) - 对于 Deepseek, 使用 OpenAI 兼容 API
Model ID (模型 ID)
Verification successful. (显示即为验证成功)
Endpoint ID (命名 API 端点)
Model alias (optional) (模型别名)
Select channel (QuickStart) (设置与模型的对话通道) - 此处使用 Telegram Bot
Enter Telegram bot token (输入机器人 Token)
Telegram allowFrom (numeric sender id; @username resolves to id) (设置收信白名单)
Configure skills now? (recommended) (现在配置 OpenClaw 功能)
Install missing skill dependencies (安装缺失的技能依赖项) - 点击空格进行选择/取消选择,回车确认
Show Homebrew install command? (显示 Homebrew 安装命令) - 在 Debian 中使用 apt 而不是 brew 安装
Install failed: github — brew not installed — Homebrew is not installed. (忽略,不需要安装 brew)
Set GOOGLE_PLACES_API_KEY for goplaces? (设置 Google Places API Key) - 此处不需要该功能
跳过几个 API Key 配置
Enable hooks? (启用 Hook, 即 Telegram 的 / 命令)
设置向导完成后,在 Control UI 和 Dashboard ready 部分会显示网页控制台的 URL 与 Token
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| ◇ Dashboard ready ────────────────────────────────────────────────────────────────╮
│ │
│ Dashboard link (with token): │
│ http://127.0.0.1:18789/
│ Copy/paste this URL in a browser on this machine to control OpenClaw. │
│ No GUI detected. Open from your computer: │
│ ssh -N -L 18789:127.0.0.1:18789 user@<host> │
│ Then open: │
│ http://localhost:18789/ │
│ http://localhost:18789/
│ Docs: │
│ https://docs.openclaw.ai/gateway/remote │
│ https://docs.openclaw.ai/web/control-ui │
│ │
├──────────────────────────────────────────────────────────────────────────────────╯
|
修改 openclaw.json
编辑 $OPENCLAW_CONFIG_DIR/openclaw.json, 在先前的设定中为 /data/openclaw/data/openclaw.json
在 gateway 中添加以下内容
1
2
3
4
5
| "controlUi": {
"allowedOrigins": [
"http://127.0.0.1:18789"
]
},
|
启动 OpenClaw Gateway
1
| docker compose up -d openclaw-gateway
|
建立 SSH 端口映射隧道
官方文档
根据 OpenClaw 的默认安全设置,Control UI 只能从本地 127.0.0.1 访问
1
| ssh -N -L 18789:127.0.0.1:18789 <用户名>@<主机 IP 地址>
|
访问 Control UI
访问先前获取的带 token 参数的 URL http://127.0.0.1:18789/#token=<Token>
如果一切正常,网页会显示 pairing required
安装 clawdock-helpers
clawdock-helpers 是一个用于快速管理 Docker 容器中 OpenClaw 实例的工具
安装 clawdock-helpers
1
2
3
4
5
6
|
mkdir -p ~/.clawdock && curl -sL https://raw.githubusercontent.com/openclaw/openclaw/main/scripts/shell-helpers/clawdock-helpers.sh -o ~/.clawdock/clawdock-helpers.sh
echo 'source ~/.clawdock/clawdock-helpers.sh' >> ~/.bashrc && source ~/.bashrc
clawdock-help
|
设置 clawdock-helpers 环境变量
在 ~/.bashrc 添加指向 OpenClaw 源代码目录的环境变量 CLAWDOCK_DIR
1
| export CLAWDOCK_DIR=/data/openclaw/src
|
设备认证
安装 clawdock-helpers 后即可使用该工具进行设备认证
处理 Token 错误
如果出现如下错误:
1
2
3
| 🔍 Checking device pairings...
gateway connect failed: Error: unauthorized: gateway token mismatch (set gateway.remote.token to match gateway.auth.token)
[openclaw] CLI failed: Error: gateway closed (1008): unauthorized: gateway token mismatch (set gateway.remote.token to match gateway.auth.token)
|
运行以下命令修复 Token
批准配对请求
如果一切正常,则会输出类似内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| 🔍 Checking device pairings...
Pending (1)
┌──────────────────────────────────────┬────────────────────────────────────┬──────────┬────────────┬────────┬────────┐
│ Request │ Device │ Role │ IP │ Age │ Flags │
├──────────────────────────────────────┼────────────────────────────────────┼──────────┼────────────┼────────┼────────┤
│ 71949123-52ef-417a-806f-a5c62501d321 │ 21f82c8f9434af86fa525cc9fe7c955541 │ operator │ 172.21.0.1 │ 1m ago │ │
│ │ 72e0d06235f042992f0cffebfb7c3d │ │ │ │ │
└──────────────────────────────────────┴────────────────────────────────────┴──────────┴────────────┴────────┴────────┘
Paired (1)
┌─────────────────────────────┬────────────┬────────────────────────────────────────────────┬────────────┬────────────┐
│ Device │ Roles │ Scopes │ Tokens │ IP │
├─────────────────────────────┼────────────┼────────────────────────────────────────────────┼────────────┼────────────┤
│ f2f1d2d9b6155bf93693f19a631 │ operator │ operator.admin, operator.read, operator. │ operator │ │
│ d5a211adf982a640a360f3b534d │ │ write, operator.approvals, operator.pairing │ │ │
│ bdb3764a39 │ │ │ │ │
└─────────────────────────────┴────────────┴────────────────────────────────────────────────┴────────────┴────────────┘
💡 To approve a pairing request:
clawdock-approve <request-id>
|
使用 clawdock-approve 命令批准设备配对请求
1
| clawdock-approve <Pending 表格显示的 request-id>
|
由于刷新了 Token,需要使用 clawdock-token 命令查看新的 Token
再次访问 http://127.0.0.1:18789/#token=<Token> 应用新 Token
配置 gh
在镜像中安装 gh
编辑 DockerFile,添加以下内容:
1
2
3
4
5
6
7
8
| RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
| gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
> /etc/apt/sources.list.d/github-cli.list && \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gh && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
|
添加后的文件应该类似
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| ...
RUN if [ -n "$OPENCLAW_DOCKER_APT_PACKAGES" ]; then \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $OPENCLAW_DOCKER_APT_PACKAGES && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*; \
fi
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
| gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
> /etc/apt/sources.list.d/github-cli.list && \
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends gh && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
COPY --chown=node:node package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc ./
COPY --chown=node:node ui/package.json ./ui/package.json
...
|
配置 GH_TOKEN
修改 docker-compose.yml,在 service.openclaw-gateway.environment 中添加一条 GH_TOKEN
修改后的 docker-compose.yml 大致如下
1
2
3
4
5
6
7
8
9
10
11
| services:
openclaw-gateway:
image: ${OPENCLAW_IMAGE:-openclaw:local}
environment:
HOME: /home/node
TERM: xterm-256color
OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN}
CLAUDE_AI_SESSION_KEY: ${CLAUDE_AI_SESSION_KEY}
CLAUDE_WEB_SESSION_KEY: ${CLAUDE_WEB_SESSION_KEY}
CLAUDE_WEB_COOKIE: ${CLAUDE_WEB_COOKIE}
GH_TOKEN: ${SKILL_GH_TOKEN}
|
在 .env 中添加 Github Personal Access Token