为什么要用docker部署openclaw,环境独立，如果想处理某些文件直接挂在到容器中，升级什么的备份也超级简单。屁话不多少，开干！

一、安装docker和docker-compse

忽略

二、拉取镜像

shell>>docker pull ghcr.io/openclaw/openclaw:latest

三、编写dockerfile

FROM ghcr.io/openclaw/openclaw:latest
USER root


RUN sed -i "s@http://deb.debian.org@https://mirrors.aliyun.com@g" /etc/apt/sources.list.d/debian.sources && \
    apt-get update && \
    apt-get install -y wget curl --no-install-recommends && \

    wget https://mirrors.aliyun.com/golang/go1.22.0.linux-amd64.tar.gz && \
    tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gz && \
    rm -f go1.22.0.linux-amd64.tar.gz && \

    export RUSTUP_DIST_SERVER="https://rsproxy.cn" && \
    export RUSTUP_UPDATE_ROOT="https://rsproxy.cn/rustup" && \
    curl --proto '=https' --tlsv1.2 -sSf https://rsproxy.cn/rustup-init.sh | sh -s -- -y && \

    apt-get clean && \
    rm -rf /var/lib/apt/lists/*


ENV PATH=$PATH:/usr/local/go/bin:/root/.cargo/bin

USER node

三、启动容器

shell>>>docker compose up -d --build
###进入容器
shell>>>docker exec -it bash openclaw
shell>>>openclaw gateway run
shell>>>openclaw dashboard
记着这里的token

四、修改配置文件

"dangerouslyDisableDeviceAuth": true
这个配置可以解决pairing required
shell>>cat /root/.openclaw/openclaw.json
{
  "gateway": {
    "auth": {
      "mode": "token",
      "token": "这里也会有token"
    },
    "controlUi": {
      "allowedOrigins": [
        "http://localhost:18789",
        "http://127.0.0.1:18789",
        "http://公网IP:18789",
        "https://公网IP:18199"
      ],
      "dangerouslyDisableDeviceAuth": true
    }
  },
  "meta": {
    "lastTouchedVersion": "2026.4.9",
    "lastTouchedAt": "2026-04-11T02:23:49.613Z"
  }
}

附上nginx加密配置conf

[root@iZuf6i2lt0x9pu4aj89ly2Z openclaw]# cat /data/app/nginx/conf/openclaw.conf 
server {
    listen 18199 ssl;
    server_name _;
    ssl_certificate /data/app/nginx/ssl/openclaw.crt;
    ssl_certificate_key /data/app/nginx/ssl/openclaw.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 
    location / {
        proxy_set_header Authorization $http_authorization;
        auth_basic "CoPaw Admin";
        auth_basic_user_file /data/app/nginx/conf/.copaw;
        proxy_pass http://127.0.0.1:18789;
        proxy_set_header Host $host:$server_port;
        proxy_set_header Origin $scheme://$http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https; # 必须加！告诉OpenClaw是HTTPS安全上下文
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
}