部署openclaw

内容纲要

一、检查环境

1、执行命令:
显示当前 Linux 发行版的具体版本(如 CentOS, Ubuntu 等)

cat /etc/*-release

2、关键系统信息:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.5 LTS"
PRETTY_NAME="Ubuntu 22.04.5 LTS"

二、安装docker

安装docker教程

三、拉取镜像

1、查看最新版本的openclaw的镜像
https://github.com/openclaw/openclaw/pkgs/container/openclaw
选取最新的、下载量最大的latest版本

file

2、拉取最新的openclaw镜像

docker pull ghcr.io/openclaw/openclaw:2026.5.19-slim

3、拉取最新的nginx镜像

docker pull nginx:latest

四、配置nginx的SSL证书(cd到一个主目录放证书)

1、新建nginx.conf

1.1、新建nginx.conf

在当前目录下新建nginx.conf(和 docker-compose.yml 同目录)

nano nginx.conf
1.2、单个容器做nginx

nano nginx.conf

server {
    listen 80;
    server_name _;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name _;

    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://openclaw:18789;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # 必须的 WebSocket 配置
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;
    }
}
1.3、多个容器做nginx
# --- 1. 强制 HTTP 跳转 HTTPS ---
server {
    listen 80;
    server_name _;
    return 301 https://$host$request_uri;
}

# --- 2. HTTPS 主服务 ---
server {
    listen 443 ssl;
    server_name _;

    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # ======================
    # 全局公共配置(所有 location 继承,无需重复写)
    # ======================
    autoindex on;
    autoindex_exact_size off;
    autoindex_localtime on;
    charset utf-8;

    # ======================
    # download 目录规则 01~09 (优先级最高 ^~)
    # ======================
    location ^~ /download/user01/ {
        alias /usr/share/nginx/html/openclaw-user01/;
    }
    location ^~ /download/user02/ {
        alias /usr/share/nginx/html/openclaw-user02/;
    }
    location ^~ /download/user03/ {
        alias /usr/share/nginx/html/openclaw-user03/;
    }
    location ^~ /download/user04/ {
        alias /usr/share/nginx/html/openclaw-user04/;
    }
    location ^~ /download/user05/ {
        alias /usr/share/nginx/html/openclaw-user05/;
    }
    location ^~ /download/user06/ {
        alias /usr/share/nginx/html/openclaw-user06/;
    }
    location ^~ /download/user07/ {
        alias /usr/share/nginx/html/openclaw-user07/;
    }
    location ^~ /download/user08/ {
        alias /usr/share/nginx/html/openclaw-user08/;
    }
    location ^~ /download/user09/ {
        alias /usr/share/nginx/html/openclaw-user09/;
    }

    # --- 关键逻辑:动态反向代理(保持不变)---
    location ~ ^/user([0-9]+)(/.*)?$ {
        proxy_pass http://openclaw-user0$1:18789$2;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_connect_timeout 30s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }

    # --- 默认根路径(已修复语法)---
    location = / {
        return 200 "OpenClaw Nginx Gateway is Running. Please access /user01~09 for API. Download files at /download/user01~09";
        add_header Content-Type text/plain;
    }

    # --- 404 处理 ---
    location / {
        return 404 "Path not found. Use /user01-09 for API or /download/user01-09 for files";
    }
}

2、一键生成 SSL 证书(运行下面这 2 条命令)

mkdir ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ssl/server.key -out ssl/server.crt -subj "/CN=服务器的ipv4地址"

五、启动openclaw容器

1、创建一个模版的openclaw.json配置文件

1.1、如果没有目录,先创建。mkdir -p nano docker-user

nano /root/docker-user/.openclaw/openclaw.json

2.2、openclaw.json配置内容,复制粘贴(修改token字段、模型配置信息、服务器ip地址)

{
  "meta": {
    "lastTouchedVersion": "2026.3.24-beta.1",
    "lastTouchedAt": "2026-04-01T06:22:07.390Z"
  },
  "wizard": {
    "lastRunAt": "2026-03-26T12:47:02.493Z",
    "lastRunVersion": "2026.3.24-beta.1",
    "lastRunCommand": "onboard",
    "lastRunMode": "local"
  },
  "auth": {
    "profiles": {
      "openai:default": {
        "provider": "openai",
        "mode": "api_key"
      }
    }
  },
  "models": {
    "mode": "merge",
    "providers": {
      "PAI": {
        "baseUrl": "http://域名/v1",
        "apiKey": "秘钥",
        "api": "openai-completions",
        "models": [
          {
            "id": "MiniMax-M2.5",
            "name": "MiniMax-M2.5",
              "input": [
                "text",
                "image",
                "video"
            ]

          },
          {
            "id": "Qwen3.6-35B-A3B",
            "name": "Qwen3.6-35B-A3B",
              "input": [
                "text",
                "image",
                "video"
            ]

          }

        ]
      }
    }
  },
  "agents": {
    "defaults": {
      "model": {
        "primary": "PAI/MiniMax-M2.5",
        "fallback": ["PAI/Qwen3.6-35B-A3B"]
      },
      "models": {
        "PAI/MiniMax-M2.5": {},
        "PAI/Qwen3.6-35B-A3B": {}
      },
      "workspace": "/root/.openclaw/workspace/"
    }
  },
  "tools": {
    "profile": "full"
  },
  "commands": {
    "native": "auto",
    "nativeSkills": "auto",
    "restart": true,
    "ownerDisplay": "raw"
  },
  "session": {
    "dmScope": "per-channel-peer"
  },
  "gateway": {
    "port": 18789,
    "mode": "local",
    "bind": "lan",
    "controlUi": {
      "allowedOrigins": [
        "http://服务器ip地址",
        "https://服务器ip地址",
        "ws://服务器ip地址",
        "wss://服务器ip地址"
      ],
      "dangerouslyAllowHostHeaderOriginFallback": true,
      "allowInsecureAuth": true,
      "dangerouslyDisableDeviceAuth": true
    },
    "auth": {
      "mode": "token",
      "token": "123456789"
    },
    "tailscale": {
      "mode": "off",
      "resetOnExit": false
    },
    "nodes": {
      "denyCommands": [
        "camera.snap",
        "camera.clip",
        "screen.record",
        "contacts.add",
        "calendar.add",
        "reminders.add",
        "sms.send"
      ]
    }
  }
}

2、创建多用户文件存放目录

进入docker-compose.yaml所在目录
2.1、创建create_multi_acc.sh文件,创建用户路径,存放用户的workspace等文件,方便挂载同步修改

#!/bin/bash

# 建9个独立目录
# 使用 {1..9} 语法需要 Bash 环境
for i in {1..9}; do
    # 使用 ${i} 格式更规范,防止歧义
    mkdir -p /root/openclaw-dir/openclaw-user0${i}
done

for i in {1..9}; do
    # 使用 ${i} 格式更规范,防止歧义
    mkdir -p /root/openclaw-dir/openclaw-user0${i}/.openclaw
done

echo "脚本执行完毕!"

2.2、创建01-sync-openclaw-json-file.sh

#!/bin/bash
# 每个目录放一个自己的 openclaw.json
# 注意:请确保源文件 /root/docker-user/.openclaw/openclaw.json 确实存在
for i in {1..9}; do
    cp /root/docker-user/.openclaw/openclaw.json /root/openclaw-dir/openclaw-user0${i}/.openclaw
done

echo "脚本执行完毕!"

2.3、创建user-token-table.txt,替换同步到各个用户.openclaw目录下openclaw.json文件中的token字段里的内容。

openclaw-user01:
7xK9mP2vL1zX0cV5n
openclaw-user02:
A4sD9fG2N36wE0rT2
...

2.4、创建02-update_tokens.sh,换掉同步文件中的token

#!/bin/bash

# --- 配置区域 ---
TOKEN_FILE="/opt/docker-openclaw/user-token-table.txt"
BASE_DIR="/root/openclaw-dir"

echo "========================================="
echo "开始批量更新 OpenClaw Token..."
echo "Token源文件: $TOKEN_FILE"
echo "目标目录: $BASE_DIR"
echo "========================================="

# 循环处理 user01 到 user09
for i in {1..9}; do
    # 【关键修正】这里手动补上了 '0',确保生成 openclaw-user01, openclaw-user02...
    USER_FOLDER_NAME="openclaw-user0${i}"
    USER_DIR="${BASE_DIR}/${USER_FOLDER_NAME}"
    CONFIG_FILE="${USER_DIR}/.openclaw/openclaw.json"

    echo ""
    echo "正在处理: ${USER_FOLDER_NAME} ..."

    # 1. 检查配置文件是否存在
    if [ ! -f "$CONFIG_FILE" ]; then
        echo "[警告] 找不到配置文件: $CONFIG_FILE,跳过此用户。"
        continue
    fi

    # 2. 从 token 文件中提取对应用户的 Token
    # 逻辑:找到包含 "openclaw-user0X" 的行,读取它的下一行 (-A 1),然后取最后一行 (tail -n 1) 即为 Token
    NEW_TOKEN=$(grep -A 1 "${USER_FOLDER_NAME}" "$TOKEN_FILE" | tail -n 1)

    # 3. 检查是否成功提取到了 Token
    if [ -z "$NEW_TOKEN" ]; then
        echo "[错误] 未能在 $TOKEN_FILE 中找到 ${USER_FOLDER_NAME} 对应的 Token,请检查文件格式。"
        continue
    fi

    # 4. 使用 sed 替换 JSON 中的 token 字段
    # 正则解释:匹配 "token": "任意字符" 并替换为新值
    # 注意:sed 的引号嵌套比较复杂,这里使用了双引号包裹整个表达式以支持变量替换
    sed -i "s/\"token\": \"[^\"]*\"/\"token\": \"${NEW_TOKEN}\"/" "$CONFIG_FILE"

    if [ $? -eq 0 ]; then
        echo "[成功] ${USER_FOLDER_NAME} 的 Token 已更新为: ${NEW_TOKEN:0:8}..."
    else
        echo "[失败] sed 替换命令执行出错,请检查 JSON 格式是否标准。"
    fi
done

echo ""
echo "========================================="
echo "所有任务执行完毕!"
echo "========================================="

配置单个容器的docker-compose.yaml文件(可跳过)

image: ghcr.io/openclaw/openclaw:2026.5.19-slim
记住前面的 ghcr.io/openclaw/ 属于镜像名字的一部分,不能删!

services:
  openclaw:
    image: ghcr.io/openclaw/openclaw:2026.5.19-slim
    restart: always
    user: root
    expose:
      - "18789"
    volumes:
      - /root/docker-user/.openclaw:/root/.openclaw  # 👈 唯一需要的挂载
    command: ["node", "openclaw.mjs", "gateway"]      # 👈 无任何参数
    networks:
      - openclaw-net

  nginx:
    image: nginx:latest
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
      - ./ssl:/etc/nginx/ssl
    depends_on:
      - openclaw
    networks:
      - openclaw-net

networks:
  openclaw-net:
    driver: bridge

3、配置多个容器的docker-compose.yaml文件

version: '3.8'

# 定义基础配置模板 (Anchor)
x-openclaw-common: &openclaw-common
  image: ghcr.io/openclaw/openclaw:2026.5.19-slim
  restart: always
  user: root
  expose:
    - "18789" # 容器内部统一监听 18789
  command: ["node", "openclaw.mjs", "gateway"]
  networks:
    - openclaw-net

services:
  # --- OpenClaw 实例群 (User 01 - 09) ---

  openclaw-user01:
    <<: *openclaw-common
    container_name: openclaw-user01
    ports:
      - "18789:18789" # 宿主机端口 -> 容器端口
    volumes:
      - /root/openclaw-dir/openclaw-user01/.openclaw:/root/.openclaw

  openclaw-user02:
    <<: *openclaw-common
    container_name: openclaw-user02
    ports:
      - "18790:18789" # 宿主机 18790 -> 容器 18789
    volumes:
      - /root/openclaw-dir/openclaw-user02/.openclaw:/root/.openclaw

  openclaw-user03:
    <<: *openclaw-common
    container_name: openclaw-user03
    ports:
      - "18791:18789"
    volumes:
      - /root/openclaw-dir/openclaw-user03/.openclaw:/root/.openclaw

  openclaw-user04:
    <<: *openclaw-common
    container_name: openclaw-user04
    ports:
      - "18792:18789"
    volumes:
      - /root/openclaw-dir/openclaw-user04/.openclaw:/root/.openclaw

  openclaw-user05:
    <<: *openclaw-common
    container_name: openclaw-user05
    ports:
      - "18793:18789"
    volumes:
      - /root/openclaw-dir/openclaw-user05/.openclaw:/root/.openclaw

  openclaw-user06:
    <<: *openclaw-common
    container_name: openclaw-user06
    ports:
      - "18794:18789"
    volumes:
      - /root/openclaw-dir/openclaw-user06/.openclaw:/root/.openclaw

  openclaw-user07:
    <<: *openclaw-common
    container_name: openclaw-user07
    ports:
      - "18795:18789"
    volumes:
      - /root/openclaw-dir/openclaw-user07/.openclaw:/root/.openclaw

  openclaw-user08:
    <<: *openclaw-common
    container_name: openclaw-user08
    ports:
      - "18796:18789"
    volumes:
      - /root/openclaw-dir/openclaw-user08/.openclaw:/root/.openclaw

  openclaw-user09:
    <<: *openclaw-common
    container_name: openclaw-user09
    ports:
      - "18797:18789"
    volumes:
      - /root/openclaw-dir/openclaw-user09/.openclaw:/root/.openclaw

  # --- Nginx 反向代理 (可选,用于统一管理入口) ---
  nginx:
    image: nginx:latest
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
      - ./ssl:/etc/nginx/ssl
      - /root/openclaw-dir/openclaw-user01/.openclaw/workspace:/usr/share/nginx/html/openclaw-user01:ro
      - /root/openclaw-dir/openclaw-user02/.openclaw/workspace:/usr/share/nginx/html/openclaw-user02:ro
      - /root/openclaw-dir/openclaw-user03/.openclaw/workspace:/usr/share/nginx/html/openclaw-user03:ro
      - /root/openclaw-dir/openclaw-user04/.openclaw/workspace:/usr/share/nginx/html/openclaw-user04:ro
      - /root/openclaw-dir/openclaw-user05/.openclaw/workspace:/usr/share/nginx/html/openclaw-user05:ro
      - /root/openclaw-dir/openclaw-user06/.openclaw/workspace:/usr/share/nginx/html/openclaw-user06:ro
      - /root/openclaw-dir/openclaw-user07/.openclaw/workspace:/usr/share/nginx/html/openclaw-user07:ro
      - /root/openclaw-dir/openclaw-user08/.openclaw/workspace:/usr/share/nginx/html/openclaw-user08:ro
      - /root/openclaw-dir/openclaw-user09/.openclaw/workspace:/usr/share/nginx/html/openclaw-user09:ro
    depends_on:
      - openclaw-user01
      - openclaw-user02
      - openclaw-user03
      - openclaw-user04
      - openclaw-user05
      - openclaw-user06
      - openclaw-user07
      - openclaw-user08
      - openclaw-user09
    networks:
      - openclaw-net

networks:
  openclaw-net:
    driver: bridge

4、启动多容器openclaw

docker compose up -d

六、检查是否启动成功

1、检查

检查容器内的是否有/root/.openclaw/openclaw.json文件

进入容器执行状态命令

进入名为openclaw-06的容器内部,打开一个cmd窗口,执行命令。

docker compose exec -it openclaw bash

或者用容器id启动

docker exec -it 0fd4cce5ecab bash

或如果容器没有 bash,可尝试
输入exit退出,不可用table键补全命令,删除键不可用,需要ctrl+c,重新输入命令

docker compose exec -it  openclaw-user06 sh

退出容器命令行界面

ls -al /root/.openclaw

退出容器命令行界面

exit

查看容器状态

docker compose ps -a

查看指定容器名的日志

docker compose logs openclaw-user06

查看所有容器名的日志

docker compose logs

2、修改文件后,重启的命令

销毁所有实例(重新部署)

docker compose down

停止

docker compose stop 容器id

删除容器

docker rm 容器名

七、问题与解决

1、浏览器版本过旧

ip+端口号,打开登录界面后,输入token秘钥,点击登录,在IE浏览器打得开进得去,在谷歌浏览器不行

… -> 帮助 -> 关于Google Chrome :升级谷歌浏览器到最新

2、下载页面加载不出来

https://10.200.1.200/download/user01/

2.1 进入nginx.conf所在路径

cd /opt/docker-openclaw

2.2 修改nginx路由定向配置文件

nano nginx.conf

2.3 修改完配置后,先校验语法
输出 test is successful 再下一步。

docker exec 容器名 nginx -t

2.4 热重载生效

docker exec 容器名 nginx -s reload

2.5 测试

curl -k https://ipv4地址/download/user01/

发表评论

您的邮箱地址不会被公开。 必填项已用 * 标注

滚动至顶部