部署视频:【全平台适用】OpenClaw 进阶教程:Docker 隔离运行 + 浏览器联网 + 飞书流式输出
火山引擎codingplan套餐:方舟 Coding Plan
本指南将帮助你通过 Docker 快速搭建 OpenClaw 环境,包含主程序、CLI 管理工具以及 Headless 浏览器。
为什么使用Docker部署?
OpenClaw 在运行过程中涉及大量的环境依赖和网络请求,推荐使用 Docker 的核心原因如下:
- 运行环境隔离: OpenClaw 依赖特定的运行库。在容器中运行可以防止其修改你的宿主机系统配置,避免由于版本冲突导致的"依赖地狱"。
- 权限最小化: 通过 Docker,我们可以限制 OpenClaw 只能访问特定的目录和资源。即便程序出现异常或触发了未知的安全漏洞,损害也会被限制在容器内部。
- 敏感信息保护: 所有的 API Key 和环境变量都通过 Docker 配置文件(如
.env)管理,不会在系统的全局进程列表中暴露,极大降低了密钥泄露的风险。 - 一键清理: 如果你不再需要该环境,只需删除容器和镜像,宿主机将保持干净如初,不留任何残余文件。
一、 环境准备
在开始之前,请根据你的操作系统安装对应的 Docker 运行环境:
- Windows : 推荐安装 Docker Desktop。
- macOS : 推荐使用轻量级的 OrbStack 或 Docker Desktop。
- Linux(或其他类Linux系统): 请参考官方文档安装 Docker 及 Docker Compose。
二、 部署 Docker Compose
创建一个工作目录(如 openclaw),
在该目录创建 .env文件,并写入以下内容:
yml
VOLC_API_KEY=xxxxxxxx
LARK_APP_ID=xxxxxxx
LARK_APP_SECRET=xxxxxx在该目录下创建 docker-compose.yml 文件,并写入以下内容:
YAML
services:
# --- OpenClaw 主程序 (Gateway) ---
openclaw-gateway:
image: crpi-a1liy20beodq2bdl.cn-beijing.personal.cr.aliyuncs.com/bujic/openclaw:v2026.3.12
container_name: openclaw-main
restart: unless-stopped
init: true
environment:
TZ: Asia/Shanghai
NODE_ENV: production
HOME: /home/node
TERM: xterm-256color
OPENCLAW_GATEWAY_TOKEN: "YOUR_CUSTOM_TOKEN" # 请更换为你的安全Token
OPENCLAW_ALLOW_INSECURE_PRIVATE_WS: "true"
PATH: "/home/node/.openclaw/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
VOLC_API_KEY: ${VOLC_API_KEY} #敏感信息采用环境变量注入
LARK_APP_ID: ${LARK_APP_ID}
LARK_APP_SECRET: ${LARK_APP_SECRET}
volumes:
- ./openclaw_data:/home/node/.openclaw
- ./workspace:/home/node/.openclaw/workspace
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "18789:18789"
- "18790:18790"
- "9222:9222" #无头浏览器端口
command: ["node", "dist/index.js", "gateway", "--bind", "lan", "--port", "18789"]
# --- OpenClaw 管理工具 (CLI) ---
openclaw-cli:
image: crpi-a1liy20beodq2bdl.cn-beijing.personal.cr.aliyuncs.com/bujic/openclaw:v2026.3.12
container_name: openclaw-cli
network_mode: "service:openclaw-gateway"
security_opt:
- no-new-privileges:true
environment:
HOME: /home/node
TERM: xterm-256color
OPENCLAW_GATEWAY_TOKEN: "YOUR_CUSTOM_TOKEN" # 须与 Gateway 保持一致
BROWSER: echo
volumes:
- ./openclaw_data:/home/node/.openclaw
- ./workspace:/home/node/.openclaw/workspace
stdin_open: true
tty: true
init: true
entrypoint: ["node", "dist/index.js"]
depends_on:
- openclaw-gateway
# --- 无头浏览器 (Headless Shell) ---
headless-shell:
image: crpi-a1liy20beodq2bdl.cn-beijing.personal.cr.aliyuncs.com/bujic/headless-shell:latest
container_name: headless-shell
network_mode: "service:openclaw-gateway"
restart: unless-stopped
shm_size: "2g"三、 配置文件设置
在 openclaw_data 目录下创建 openclaw.json。该文件用于配置模型提供商、浏览器连接和频道信息。
路径提示: ./openclaw_data/openclaw.json
json
{
"meta": {
"lastTouchedVersion": "2026.3.12"
},
"browser": {
"enabled": true,
"attachOnly": true,
"defaultProfile": "browserless",
"noSandbox": false,
"headless": false,
"ssrfPolicy": {
"dangerouslyAllowPrivateNetwork": true
},
"profiles": {
"browserless": {
"cdpUrl": "http://127.0.0.1:9222",
"color": "#00AA00"
}
}
},
"models": {
"mode": "merge",
"providers": {
"volcengine": {
"baseUrl": "https://ark.cn-beijing.volces.com/api/v3",
"apiKey": "${VOLC_API_KEY}",
"auth": "api-key",
"api": "openai-completions",
"models": [
{
"id": "doubao-seed-2-0-mini-260215",
"name": "doubao"
}
]
}
}
},
"channels": {
"feishu": {
"enabled": false,
"appId": "${LARK_APP_ID}",
"appSecret": "${LARK_APP_SECRET}",
"connectionMode": "websocket",
"dmPolicy": "allowlist",
"allowFrom": [
"YOUR_USER_ID"
],
"streaming": true,
"footer": {
"elapsed": true,
"status": true
}
}
},
"agents": {
"defaults": {
"workspace": "/home/node/.openclaw/workspace",
"model": {
"primary": "volcengine/doubao"
},
"sandbox": {
"mode": "off"
}
}
},
"commands": {
"native": "auto",
"nativeSkills": "auto",
"restart": true,
"ownerDisplay": "raw"
},
"gateway": {
"mode": "local",
"controlUi": {
"dangerouslyAllowHostHeaderOriginFallback": true,
"allowInsecureAuth": true,
"dangerouslyDisableDeviceAuth": true
}
},
"plugins": {
"entries": {
"feishu": {
"enabled": false
},
"openclaw-lark": {
"enabled": true
}
},
"installs": {
"openclaw-lark": {
"source": "npm",
"spec": "@larksuite/openclaw-lark",
"installPath": "/home/node/.openclaw/extensions/openclaw-lark",
"version": "2026.3.12",
"resolvedName": "@larksuite/openclaw-lark",
"resolvedVersion": "2026.3.12",
"resolvedSpec": "@larksuite/openclaw-lark@2026.3.12",
"integrity": "sha512-MNcDrerQrO42I09w+M8q6dwnWHMKxOnXSCLG4qNwcekjGeDmA53lIuWJtGMpjTzvDjYkoWnN+8Zg78+FRCSV9w==",
"shasum": "113a4f9e9802fbb6b8c65677f1ede2c36e823a72",
"resolvedAt": "2026-03-13T08:59:23.563Z",
"installedAt": "2026-03-13T08:59:32.378Z"
}
}
}
}四、 启动与运行
- 启动容器: 在终端进入目录执行:
Bash
#启动
docker compose up -d
#关闭
docker compose down- 进入 CLI 管理界面: 如果需要使用交互式命令行,可以执行:
Bash
docker exec -it openclaw-cli sh- 检查日志:
Bash
docker logs -f openclaw-main- Web登录方式
perl
http://127.0.0.1:18789/#token=你的安全Token- 安装飞书官方插件(需在容器内执行)
bash
# 进入容器内部
docker exec -it openclaw-main /bin/bash
# 安装
npx -y @larksuite/openclaw-lark-tools install
# 更新
npx -y @larksuite/openclaw-lark-tools update💡 提示
- API Key : 请务必在
openclaw.json中替换为你自己的火山引擎、Anyrouter 或飞书的相关密钥。 - Token :
OPENCLAW_GATEWAY_TOKEN建议设置为复杂的字符串以保证网关安全。 - 目录权限问题: 可以通过修复文件夹所有权来修复,宿主机执行命令:
bash
sudo chown -R 1000:1000 <宿主机实际路径>执行完之后,重启你的 Docker 容器