openclaw 运维及使用

一 安装1.1 ubuntu24.04 系统安装openclaw1.1.1 操作系统ubuntu 24.04ubuntulocalos:~/下载$ sudo cat /etc/os-release PRETTY_NAMEUbuntu 24.04.4 LTS NAMEUbuntu VERSION_ID24.04 VERSION24.04.4 LTS (Noble Numbat) VERSION_CODENAMEnoble IDubuntu ID_LIKEdebian HOME_URLhttps://www.ubuntu.com/ SUPPORT_URLhttps://help.ubuntu.com/ BUG_REPORT_URLhttps://bugs.launchpad.net/ubuntu/ PRIVACY_POLICY_URLhttps://www.ubuntu.com/legal/terms-and-policies/privacy-policy UBUNTU_CODENAMEnoble LOGOubuntu-logo ubuntulocalos:~/下载$1.1.2 镜像下载在该地址下载 https://hub.docker.com/r/alpine/openclaw/tags1.1.3 docker-compose 脚本ubuntulocalos:~/openclaw$ cat docker-compose.yml services: openclaw: image: alpine/openclaw:2026.3.13-1 container_name: openclaw restart: unless-stopped # 网络host 模式最稳定推荐 network_mode: host # 端口映射非host模式时用 # ports: # - 18789:18789 # - 18792:18792 volumes: # 持久化配置与数据 - ./data:/root/.openclaw - ./logs:/var/log/openclaw # 可选挂载宿主机docker用于沙箱/agent # - /var/run/docker.sock:/var/run/docker.sock environment: - TZAsia/Shanghai # 允许未配置启动首次初始化用 - OPENCLAW_ALLOW_UNCONFIGUREDtrue # 启动命令镜像内置入口 command: [node, openclaw.mjs, gateway, --allow-unconfigured] # 健康检查 healthcheck: test: [CMD, wget, -q, -O, /dev/null, http://127.0.0.1:18789/health] interval: 30s timeout: 5s retries: 3 start_period: 20s ubuntulocalos:~/openclaw$1.1.4 配置token1.1.4.1 获取token首先启动应用然后进入容器内部执行命令获取tokenubuntulocalos:~/openclaw$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6bbed3825e0b alpine/openclaw:2026.3.13-1 docker-entrypoint.s… 4 minutes ago Up 4 minutes (healthy) openclaw ubuntulocalos:~/openclaw$ docker exec -it openclaw bash nodelocalos:/app$ openclaw gateway run OpenClaw 2026.3.13 (unknown) — Im the reason your shell history looks like a hacker-movie montage. 14:01:11 Gateway start blocked: set gateway.modelocal (current: unset) or pass --allow-unconfigured. 14:01:11 Config write audit: /home/node/.openclaw/logs/config-audit.jsonl nodelocalos:/app$ openclaw dashboard --no-open OpenClaw 2026.3.13 (unknown) — I dont sleep, I just enter low-power mode and dream of clean diffs. Dashboard URL: http://127.0.0.1:18789/#token645842f97c0084d23a7d6f7064cbcad479ea404d7374309d Copy to clipboard unavailable. Browser launch disabled (--no-open). Use the URL above. nodelocalos:/app$1.1.4.2 配置token有两个方式3.1.2.2.1 方式一页面登陆 输入3.1.2.2.2 方式二 永久配置配置到环境变量里1.2 欧拉24.03 系统安装openclaw安装逻辑与上相同但上面安装还有几个问题未解决问题一只能127.0.0.1:18789 访问而不能使用业务ip:18789 访问问题二目录映射不对1.2.1 docker-compose 脚本1.2.2 创建映射目录并修改权限openclaw 容器一般运行用户是nodeuid 是1000我们要修改宿主机映射目录权限# 创建目录如果不存在 mkdir -p /data/yunweipro/openclawapp/openclawdata # 修改宿主机目录的所有者和权限 # 注容器内node用户的UID通常是1000可通过docker exec验证 chown -R 1000:1000 /data/yunweipro/openclawapp/openclawdata chmod -R 755 /data/yunweipro/openclawapp/openclawdata1.2.3 解决只能127.0.0.1:18789 访问刚开时想着是放开监听通过配置文件或者命令等折腾了很多次都失败现先用socat端口转发解决该问题1.2.3.1 socat 端口转发# 1. 安装 socat dnf install -y socat # CentOS/RHEL # apt install -y socat # Ubuntu/Debian # 2. 创建自启动转发服务 cat /etc/systemd/system/openclaw-forward.service EOF [Unit] DescriptionOpenClaw Port Forward Afternetwork.target docker.service [Service] Typesimple # 将 0.0.0.0:28789 转发到 127.0.0.1:18789 ExecStart/usr/bin/socat TCP4-LISTEN:28789,bind0.0.0.0,reuseaddr,fork TCP4:127.0.0.1:18789 Restartalways RestartSec5 Userroot [Install] WantedBymulti-user.target EOF # 3. 启动并启用转发服务 systemctl daemon-reload systemctl start openclaw-forward systemctl enable openclaw-forward # 4. 放行防火墙端口关键 firewall-cmd --add-port18789/tcp --permanent firewall-cmd --reload验证访问ip:28789 即可1.2.4 配置nginx 反向代理server { listen 8080; server_name xxxx.com; # 替换为你的 Nginx 域名/IP # 核心代理远程 Server A 的 28789 端口 location / { proxy_pass http://172.30.212.189:28789; # 替换为 Server A 的 IP # 基础 HTTP 头原有 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 新增WebSocket 必需配置 proxy_set_header Origin $scheme://$host; # 关键传递真实的 Origin 给 OpenClaw proxy_http_version 1.1; # WebSocket 要求 HTTP/1.1 proxy_set_header Upgrade $http_upgrade; # 升级协议为 WebSocket proxy_set_header Connection upgrade; # 保持连接升级 # 超时配置适配 WebSocket 长连接 proxy_connect_timeout 60s; proxy_send_timeout 3600s; # WebSocket 长连接超时设为1小时 proxy_read_timeout 3600s; proxy_buffering off; # 关闭缓冲区避免 WebSocket 消息延迟 # 跨域配置增强 add_header Access-Control-Allow-Origin $http_origin; # 动态匹配 Origin add_header Access-Control-Allow-Credentials true; # 允许携带凭证 add_header Access-Control-Allow-Methods GET, POST, PUT, DELETE, OPTIONS, WEBSOCKET; add_header Access-Control-Allow-Headers User-Agent, Content-Type, Authorization, X-Requested-With, Upgrade, Connection; # 处理 OPTIONS 预检请求 if ($request_method OPTIONS) { return 204; } } # 日志配置 access_log /var/log/nginx/proxy_openclaw_access.log main; error_log /var/log/nginx/proxy_openclaw_error.log warn; }