一、检查环境
1、执行命令:
显示当前 Linux 发行版的具体版本(如 CentOS, Ubuntu 等)
cat /etc/*-release
2、关键系统信息:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.5 LTS"
PRETTY_NAME="Ubuntu 22.04.5 LTS"
二、安装docker
三、拉取镜像
1、查看最新版本的openclaw的镜像
https://github.com/openclaw/openclaw/pkgs/container/openclaw
选取最新的、下载量最大的latest版本

2、拉取最新的openclaw镜像
docker pull ghcr.io/openclaw/openclaw:2026.5.19-slim
3、拉取最新的nginx镜像
docker pull nginx:latest
四、配置nginx的SSL证书(cd到一个主目录放证书)
1、新建nginx.conf
1.1、新建nginx.conf
在当前目录下新建nginx.conf(和 docker-compose.yml 同目录)
nano nginx.conf
1.2、单个容器做nginx
nano nginx.conf
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://openclaw:18789;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 必须的 WebSocket 配置
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
}
1.3、多个容器做nginx
# --- 1. 强制 HTTP 跳转 HTTPS ---
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
# --- 2. HTTPS 主服务 ---
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# ======================
# 全局公共配置(所有 location 继承,无需重复写)
# ======================
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
charset utf-8;
# ======================
# download 目录规则 01~09 (优先级最高 ^~)
# ======================
location ^~ /download/user01/ {
alias /usr/share/nginx/html/openclaw-user01/;
}
location ^~ /download/user02/ {
alias /usr/share/nginx/html/openclaw-user02/;
}
location ^~ /download/user03/ {
alias /usr/share/nginx/html/openclaw-user03/;
}
location ^~ /download/user04/ {
alias /usr/share/nginx/html/openclaw-user04/;
}
location ^~ /download/user05/ {
alias /usr/share/nginx/html/openclaw-user05/;
}
location ^~ /download/user06/ {
alias /usr/share/nginx/html/openclaw-user06/;
}
location ^~ /download/user07/ {
alias /usr/share/nginx/html/openclaw-user07/;
}
location ^~ /download/user08/ {
alias /usr/share/nginx/html/openclaw-user08/;
}
location ^~ /download/user09/ {
alias /usr/share/nginx/html/openclaw-user09/;
}
# --- 关键逻辑:动态反向代理(保持不变)---
location ~ ^/user([0-9]+)(/.*)?$ {
proxy_pass http://openclaw-user0$1:18789$2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# --- 默认根路径(已修复语法)---
location = / {
return 200 "OpenClaw Nginx Gateway is Running. Please access /user01~09 for API. Download files at /download/user01~09";
add_header Content-Type text/plain;
}
# --- 404 处理 ---
location / {
return 404 "Path not found. Use /user01-09 for API or /download/user01-09 for files";
}
}
2、一键生成 SSL 证书(运行下面这 2 条命令)
mkdir ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ssl/server.key -out ssl/server.crt -subj "/CN=服务器的ipv4地址"
五、启动openclaw容器
1、创建一个模版的openclaw.json配置文件
1.1、如果没有目录,先创建。mkdir -p nano docker-user
nano /root/docker-user/.openclaw/openclaw.json
2.2、openclaw.json配置内容,复制粘贴(修改token字段、模型配置信息、服务器ip地址)
{
"meta": {
"lastTouchedVersion": "2026.3.24-beta.1",
"lastTouchedAt": "2026-04-01T06:22:07.390Z"
},
"wizard": {
"lastRunAt": "2026-03-26T12:47:02.493Z",
"lastRunVersion": "2026.3.24-beta.1",
"lastRunCommand": "onboard",
"lastRunMode": "local"
},
"auth": {
"profiles": {
"openai:default": {
"provider": "openai",
"mode": "api_key"
}
}
},
"models": {
"mode": "merge",
"providers": {
"PAI": {
"baseUrl": "http://域名/v1",
"apiKey": "秘钥",
"api": "openai-completions",
"models": [
{
"id": "MiniMax-M2.5",
"name": "MiniMax-M2.5",
"input": [
"text",
"image",
"video"
]
},
{
"id": "Qwen3.6-35B-A3B",
"name": "Qwen3.6-35B-A3B",
"input": [
"text",
"image",
"video"
]
}
]
}
}
},
"agents": {
"defaults": {
"model": {
"primary": "PAI/MiniMax-M2.5",
"fallback": ["PAI/Qwen3.6-35B-A3B"]
},
"models": {
"PAI/MiniMax-M2.5": {},
"PAI/Qwen3.6-35B-A3B": {}
},
"workspace": "/root/.openclaw/workspace/"
}
},
"tools": {
"profile": "full"
},
"commands": {
"native": "auto",
"nativeSkills": "auto",
"restart": true,
"ownerDisplay": "raw"
},
"session": {
"dmScope": "per-channel-peer"
},
"gateway": {
"port": 18789,
"mode": "local",
"bind": "lan",
"controlUi": {
"allowedOrigins": [
"http://服务器ip地址",
"https://服务器ip地址",
"ws://服务器ip地址",
"wss://服务器ip地址"
],
"dangerouslyAllowHostHeaderOriginFallback": true,
"allowInsecureAuth": true,
"dangerouslyDisableDeviceAuth": true
},
"auth": {
"mode": "token",
"token": "123456789"
},
"tailscale": {
"mode": "off",
"resetOnExit": false
},
"nodes": {
"denyCommands": [
"camera.snap",
"camera.clip",
"screen.record",
"contacts.add",
"calendar.add",
"reminders.add",
"sms.send"
]
}
}
}
2、创建多用户文件存放目录
进入docker-compose.yaml所在目录
2.1、创建create_multi_acc.sh文件,创建用户路径,存放用户的workspace等文件,方便挂载同步修改
#!/bin/bash
# 建9个独立目录
# 使用 {1..9} 语法需要 Bash 环境
for i in {1..9}; do
# 使用 ${i} 格式更规范,防止歧义
mkdir -p /root/openclaw-dir/openclaw-user0${i}
done
for i in {1..9}; do
# 使用 ${i} 格式更规范,防止歧义
mkdir -p /root/openclaw-dir/openclaw-user0${i}/.openclaw
done
echo "脚本执行完毕!"
2.2、创建01-sync-openclaw-json-file.sh
#!/bin/bash
# 每个目录放一个自己的 openclaw.json
# 注意:请确保源文件 /root/docker-user/.openclaw/openclaw.json 确实存在
for i in {1..9}; do
cp /root/docker-user/.openclaw/openclaw.json /root/openclaw-dir/openclaw-user0${i}/.openclaw
done
echo "脚本执行完毕!"
2.3、创建user-token-table.txt,替换同步到各个用户.openclaw目录下openclaw.json文件中的token字段里的内容。
openclaw-user01:
7xK9mP2vL1zX0cV5n
openclaw-user02:
A4sD9fG2N36wE0rT2
...
2.4、创建02-update_tokens.sh,换掉同步文件中的token
#!/bin/bash
# --- 配置区域 ---
TOKEN_FILE="/opt/docker-openclaw/user-token-table.txt"
BASE_DIR="/root/openclaw-dir"
echo "========================================="
echo "开始批量更新 OpenClaw Token..."
echo "Token源文件: $TOKEN_FILE"
echo "目标目录: $BASE_DIR"
echo "========================================="
# 循环处理 user01 到 user09
for i in {1..9}; do
# 【关键修正】这里手动补上了 '0',确保生成 openclaw-user01, openclaw-user02...
USER_FOLDER_NAME="openclaw-user0${i}"
USER_DIR="${BASE_DIR}/${USER_FOLDER_NAME}"
CONFIG_FILE="${USER_DIR}/.openclaw/openclaw.json"
echo ""
echo "正在处理: ${USER_FOLDER_NAME} ..."
# 1. 检查配置文件是否存在
if [ ! -f "$CONFIG_FILE" ]; then
echo "[警告] 找不到配置文件: $CONFIG_FILE,跳过此用户。"
continue
fi
# 2. 从 token 文件中提取对应用户的 Token
# 逻辑:找到包含 "openclaw-user0X" 的行,读取它的下一行 (-A 1),然后取最后一行 (tail -n 1) 即为 Token
NEW_TOKEN=$(grep -A 1 "${USER_FOLDER_NAME}" "$TOKEN_FILE" | tail -n 1)
# 3. 检查是否成功提取到了 Token
if [ -z "$NEW_TOKEN" ]; then
echo "[错误] 未能在 $TOKEN_FILE 中找到 ${USER_FOLDER_NAME} 对应的 Token,请检查文件格式。"
continue
fi
# 4. 使用 sed 替换 JSON 中的 token 字段
# 正则解释:匹配 "token": "任意字符" 并替换为新值
# 注意:sed 的引号嵌套比较复杂,这里使用了双引号包裹整个表达式以支持变量替换
sed -i "s/\"token\": \"[^\"]*\"/\"token\": \"${NEW_TOKEN}\"/" "$CONFIG_FILE"
if [ $? -eq 0 ]; then
echo "[成功] ${USER_FOLDER_NAME} 的 Token 已更新为: ${NEW_TOKEN:0:8}..."
else
echo "[失败] sed 替换命令执行出错,请检查 JSON 格式是否标准。"
fi
done
echo ""
echo "========================================="
echo "所有任务执行完毕!"
echo "========================================="
配置单个容器的docker-compose.yaml文件(可跳过)
image: ghcr.io/openclaw/openclaw:2026.5.19-slim
记住前面的 ghcr.io/openclaw/ 属于镜像名字的一部分,不能删!
services:
openclaw:
image: ghcr.io/openclaw/openclaw:2026.5.19-slim
restart: always
user: root
expose:
- "18789"
volumes:
- /root/docker-user/.openclaw:/root/.openclaw # 👈 唯一需要的挂载
command: ["node", "openclaw.mjs", "gateway"] # 👈 无任何参数
networks:
- openclaw-net
nginx:
image: nginx:latest
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./ssl:/etc/nginx/ssl
depends_on:
- openclaw
networks:
- openclaw-net
networks:
openclaw-net:
driver: bridge
3、配置多个容器的docker-compose.yaml文件
version: '3.8'
# 定义基础配置模板 (Anchor)
x-openclaw-common: &openclaw-common
image: ghcr.io/openclaw/openclaw:2026.5.19-slim
restart: always
user: root
expose:
- "18789" # 容器内部统一监听 18789
command: ["node", "openclaw.mjs", "gateway"]
networks:
- openclaw-net
services:
# --- OpenClaw 实例群 (User 01 - 09) ---
openclaw-user01:
<<: *openclaw-common
container_name: openclaw-user01
ports:
- "18789:18789" # 宿主机端口 -> 容器端口
volumes:
- /root/openclaw-dir/openclaw-user01/.openclaw:/root/.openclaw
openclaw-user02:
<<: *openclaw-common
container_name: openclaw-user02
ports:
- "18790:18789" # 宿主机 18790 -> 容器 18789
volumes:
- /root/openclaw-dir/openclaw-user02/.openclaw:/root/.openclaw
openclaw-user03:
<<: *openclaw-common
container_name: openclaw-user03
ports:
- "18791:18789"
volumes:
- /root/openclaw-dir/openclaw-user03/.openclaw:/root/.openclaw
openclaw-user04:
<<: *openclaw-common
container_name: openclaw-user04
ports:
- "18792:18789"
volumes:
- /root/openclaw-dir/openclaw-user04/.openclaw:/root/.openclaw
openclaw-user05:
<<: *openclaw-common
container_name: openclaw-user05
ports:
- "18793:18789"
volumes:
- /root/openclaw-dir/openclaw-user05/.openclaw:/root/.openclaw
openclaw-user06:
<<: *openclaw-common
container_name: openclaw-user06
ports:
- "18794:18789"
volumes:
- /root/openclaw-dir/openclaw-user06/.openclaw:/root/.openclaw
openclaw-user07:
<<: *openclaw-common
container_name: openclaw-user07
ports:
- "18795:18789"
volumes:
- /root/openclaw-dir/openclaw-user07/.openclaw:/root/.openclaw
openclaw-user08:
<<: *openclaw-common
container_name: openclaw-user08
ports:
- "18796:18789"
volumes:
- /root/openclaw-dir/openclaw-user08/.openclaw:/root/.openclaw
openclaw-user09:
<<: *openclaw-common
container_name: openclaw-user09
ports:
- "18797:18789"
volumes:
- /root/openclaw-dir/openclaw-user09/.openclaw:/root/.openclaw
# --- Nginx 反向代理 (可选,用于统一管理入口) ---
nginx:
image: nginx:latest
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- ./ssl:/etc/nginx/ssl
- /root/openclaw-dir/openclaw-user01/.openclaw/workspace:/usr/share/nginx/html/openclaw-user01:ro
- /root/openclaw-dir/openclaw-user02/.openclaw/workspace:/usr/share/nginx/html/openclaw-user02:ro
- /root/openclaw-dir/openclaw-user03/.openclaw/workspace:/usr/share/nginx/html/openclaw-user03:ro
- /root/openclaw-dir/openclaw-user04/.openclaw/workspace:/usr/share/nginx/html/openclaw-user04:ro
- /root/openclaw-dir/openclaw-user05/.openclaw/workspace:/usr/share/nginx/html/openclaw-user05:ro
- /root/openclaw-dir/openclaw-user06/.openclaw/workspace:/usr/share/nginx/html/openclaw-user06:ro
- /root/openclaw-dir/openclaw-user07/.openclaw/workspace:/usr/share/nginx/html/openclaw-user07:ro
- /root/openclaw-dir/openclaw-user08/.openclaw/workspace:/usr/share/nginx/html/openclaw-user08:ro
- /root/openclaw-dir/openclaw-user09/.openclaw/workspace:/usr/share/nginx/html/openclaw-user09:ro
depends_on:
- openclaw-user01
- openclaw-user02
- openclaw-user03
- openclaw-user04
- openclaw-user05
- openclaw-user06
- openclaw-user07
- openclaw-user08
- openclaw-user09
networks:
- openclaw-net
networks:
openclaw-net:
driver: bridge
4、启动多容器openclaw
docker compose up -d
六、检查是否启动成功
1、检查
检查容器内的是否有/root/.openclaw/openclaw.json文件
进入容器执行状态命令
进入名为openclaw-06的容器内部,打开一个cmd窗口,执行命令。
docker compose exec -it openclaw bash
或者用容器id启动
docker exec -it 0fd4cce5ecab bash
或如果容器没有 bash,可尝试
输入exit退出,不可用table键补全命令,删除键不可用,需要ctrl+c,重新输入命令
docker compose exec -it openclaw-user06 sh
退出容器命令行界面
ls -al /root/.openclaw
退出容器命令行界面
exit
查看容器状态
docker compose ps -a
查看指定容器名的日志
docker compose logs openclaw-user06
查看所有容器名的日志
docker compose logs
2、修改文件后,重启的命令
销毁所有实例(重新部署)
docker compose down
停止
docker compose stop 容器id
删除容器
docker rm 容器名
七、问题与解决
1、浏览器版本过旧
ip+端口号,打开登录界面后,输入token秘钥,点击登录,在IE浏览器打得开进得去,在谷歌浏览器不行
… -> 帮助 -> 关于Google Chrome :升级谷歌浏览器到最新
2、下载页面加载不出来
https://10.200.1.200/download/user01/
2.1 进入nginx.conf所在路径
cd /opt/docker-openclaw
2.2 修改nginx路由定向配置文件
nano nginx.conf
2.3 修改完配置后,先校验语法
输出 test is successful 再下一步。
docker exec 容器名 nginx -t
2.4 热重载生效
docker exec 容器名 nginx -s reload
2.5 测试
curl -k https://ipv4地址/download/user01/