如何用Docker部署OpenClaw,绑定域名HTTPS实现公网访问?

2026-05-30 09:006阅读0评论服务器VPS
  • 内容介绍
  • 文章标签
  • 相关推荐

当你想玩玩OpenClaw但受限于服务器有正在运行的服务没法直接使用OpenClaw镜像重装时, Docker会是个不错的选择. 其实说实话, 这个过程还是有点复杂的, 对于小白来说可能有点困难.,多损啊!

准备工作

我算是看透了。 先说说, 你需要准备一个服务器, 这里推荐使用轻量云服务器, 主要原因是它比较方便. , 且使用的是飞书/企业微信/QQ等国内IM渠道, 可选择境内地域. 如果要使用GPT等国际厂商的大模型, 又或者使用Discord/WhatsApp等IM渠道, 可选择海外地域.

玩转OpenClaw(Moltbot) | 使用Docker部署OpenClaw并绑定域名HTTPS开启公网访问
地域 特点 适用场景
境内 访问国内厂商服务较快 使用Deepseek/MiniMax等国内厂商大模型和飞书/企业微信/QQ等IM渠道
境外 访问国际厂商服务较快 使用GPT等国际厂商大模型和Discord/WhatsApp等IM渠道

让我们一起... 在轻量控制台获取你的IP地址, 然后根据这个IP进行后续操作.

安装Docker

输入如下命令安装Docker:

curl -fsSL https:// | sudo sh -s -- --mirror Aliyun

配置境内镜像源:

{"registry-mirrors": }

编辑/etc/docker/文件, 输入如下内容并保存. 重启Docker服务使镜像源生效:,说句可能得罪人的话...

systemctl restart docker

部署OpenClaw

拉取OpenClaw代码并构建镜像

cd ~git clone https:///openclaw/openclaw
cd openclaw/
# 使用最新的tag构建
LATEST_TAG=$ && git checkout $LATEST_TAG && docker build -t openclaw:$LATEST_TAG .

查看构建好的镜像:

root@VM-12-10-debian:~/openclaw# docker images
IMAGE                 ID             DISK USAGE   CONTENT SIZE   EXTRA
nginx:alpine          4870c12cd2ca       93.1MB         26.8MB
nginx:latest          c881927c4077        240MB         65.7MB    U
openclaw:v2026.1.30   99c84ced9f6a       3.93GB         1.06GB    U

创建OpenClaw容器持久化文件夹并初始化配置

cd ~mkdir -p openclaw-docker/{config,data}
# 设置文件夹权限, 不设置会报错
chown -R 1000:1000 openclaw-docker/{config,data}
cd openclaw-docker
docker compose run --rm -it openclaw-cli onboard

根据提示完成初始化配置:

┌  OpenClaw onboarding
│
◇  I understand this is powerful and inherently risky. Continue?
│  Yes
◇  Onboarding mode
│  Manual
◇  What do you want to set up?
│  Local gateway 
◇  Workspace directory
│  /home/node/.openclaw/workspace
◇  Model/auth provider
│  Skip for now
◇  Filter models by provider
│  All providers
◇  Default model
│  Keep current 
│
◇  Gateway port
│  18789
◇  Gateway bind
│  LAN 
◇  Gateway auth
│  Password  
◇  Tailscale exposure 
│   Off   
◇Gateway password   
 │
│  
 ◇Configure chat channels now?   
 │No   
 Updated ~/.openclaw/Workspace OK: ~/.openclaw/workspace   
 Sessions OK: ~/.openclaw/agents/main/sessions  
 │
 ◇Configure skills now?    
 │No  
 │
 ◇Enable hooks? 
 │Skip for now  
 │
 └Onboarding complete. Use  tokenized dashboard link above to control OpenClaw.
 ◇Install shell completion script? 
 │Yes   
 Completion installed. Restart your shell or run: source /home/node/.zshrc

Nginx反向代理配置HTTPS实现公网访问

创建Nginx容器持久化文件夹 

 cd ~mkdir -p nginx-docker/data/mkdir -p nginx-docker/data/ssl

申请SSL证书

先说说需要有一个域名, 推荐购买一个6位纯数字xyz域名,首年和续费都是8元/年。准备一个准备绑定的域名, 比方说我准备的是 .

打开你的域名解析服务商,比方说我用的是DNSPod,新建一条解析记录。选择 Let's Encrypt , 在证书配置中输入你的域名,并选择 创建新RSA私钥 ,人间清醒。。

切中要害。 进入验证域名所有权步骤,选择DNS验证,记录下子域名和TXT记录。回到DNSPod, 添加一条TXT记录:

 子域名:_acme-
 TXT记录:Qx3G98bhtZMSkVpihdbD4nbA2yEDm1LAq9GeA8C-_LU

主机记录:填子域名前缀,即 _acme- 则填写 _acme- 。TXT记录:无需修改,直接按给出的填写。填写完成直接点 开始验证 。验证通过后把PEM文件和KEY文件保存下来。主要是看能否打开以及SSL是否设置正确。保存SSL证书:打开 data/ssl/.crt 把证书文件内容粘贴进去保存。打开data/ssl/.key , 把私钥文件内容粘贴进去保存,你没事吧?。

配置Nginx反代OpenClaw并启用HTTPS 


server {
    listen       80;
    server_name ;
    return       301 https://$server_name$request_uri;
}
server {
    listen       :443 ssl;
    server_name ;
ssl_certificate     /etc/nginx/ssl/;
    ssl_certificate_key /etc/nginx/ssl/;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
location / {
        proxy_pass http://127.0.0.1:18789;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    }
}
参数项 |默认值|可选值|说明| |---|---|---|---| listen |80|任意空闲端口|用于接收HTTP请求的监听端口| server_name ||你的域名|用于接收请求的域名| return ||https://$server_name$request_uri|将HTTP请求重定向到HTTPS| listen |443|任意空闲端口|用于接收HTTPS请求的监听端口| ssl_certificate ||你的证书路径|用于HTTPS加密的证书文件路径| ssl_certificate_key||你的私钥路径|用于HTTPS加密的私钥文件路径| proxy_pass||http://127.0..1:18789/|后端服务地址,这里指向OpenClaw gateway服务| proxy_set_header Host|$host||设置传递给后端的Host头信息为当前请求的Host| proxy_set_header X-Real-IP|$remote_addr||将客户端真实IP传递给后端| proxy_set_header X-Forwared-For|$proxy_add_x_forwarded_for||记录客户端原始IP及经过的代理IP列表| proxy_set_header X-Forwared_Proto|$scheme||告知后端请求使用的协议(http/https)| Strict-Transport-Security|max-age=63072000;includeSubDomains;preload||启用HSTS策略,强制浏览器使用HTTPS访问|

& # xd68c;
方案经费特点
自动化部署免费êsy to use,制
手动(this article)༉ complex operation steps༉ more control over deployment process can be modified according to ir needs༉ applicable to users who are familiar with technology or have specific customization requirements ; manual configuration requires a certain technical foundation and time cost ; need to deal with various details and potential problems by mselves , such as environment configuration , dependency installation , SSL certificate application , etc . ; relatively high flexibility , can be adjusted according to actual situation ; once configuration is completed , stability is good . ; not friendly enough for novices , re may be many obstacles in process of getting started . ; can be deeply customized to meet specific business or individual needs . ; if re are changes in technology stack or service adjustment in future , it needs to be manually maintained and updated .
& # x5171;& # x4eab;& # x57df;& # x540d; + & # x4e00;& # x952e; SSL & # x8bc1;& # x4e66;& # x7533;& # x8bf7; + & # x90e8;& # x7f72;& # x5de5;& # x5177; & # xe280;  will come soon ... can pay attention first

结束

方案经费特点
自动化部署회 free of charge & easy to use , limited customization options 
& # x624b;& # x52a8; & charged ำ a certain fee is required  & complex operation steps , more control over deployment process , can be modified according to ir needs  applicable to users who are familiar with technology or have specific customization requirements ; manual configuration requires a certain technical foundation and time cost ; need to deal with various details and potential problems by mselves , such as environment configuration , dependency installation , SSL certificate application , etc . ; relatively high flexibility , can be adjusted according to actual situation ; once configuration is completed , stability is good . ; not friendly enough for novices , re may be many obstacles in process of getting started . ; can be deeply customized to meet specific business or individual needs . ; if re are changes in technology stack or service adjustment in future , it needs to be manually maintained and updated .
& # x5171;& # x4eab;& # x57df;& # x540d; + & # x4e00;& # x952e; SSL & # x8bc1;& # x4e66;& # x7533;& # x8bf7; + & # xe28 c deployment tool & charged ำ will be charged in future 

标签:NginxSSL证书Docker域名解析

相关推荐

19705学习WEB应用安全,如何有效规避风险,保障我的数据安全?19707Spring AOP的XML配置,能否深入理解高手之路?19709选择网站空间时,如何避免踩坑,提升网站性能?19712幼儿园网站建设如何满足家长对幼儿教育的具体需求?19717官网制作一般费用多少?如何节省成本打造专业网站?19723如何确定网站风格,让成都网站制作更符合用户需求?19727QKV机制如何成为大模型捕捉注意力的核心之眼?19731如何打造移动端网站,提升用户体验与转化率?19733如何通过网站建设解决公司网站头疼问题,获得高效转化?19740定制型网站优缺点,如何助我打造个性高效网站?19747如何规划企业网站,打造更具吸引力的用户体验?19752网站上线前,如何做好准备工作提升用户体验?19759如何打造酷炫企业网站,提升品牌形象与吸引力?19762如何建设网站使其快速打开,提升用户体验?19763如何打造一个功能齐全的医疗保健网站,提升用户体验?19765如何通过网站建设精准把握用户需求,提升用户体验?

当你想玩玩OpenClaw但受限于服务器有正在运行的服务没法直接使用OpenClaw镜像重装时, Docker会是个不错的选择. 其实说实话, 这个过程还是有点复杂的, 对于小白来说可能有点困难.,多损啊!

准备工作

我算是看透了。 先说说, 你需要准备一个服务器, 这里推荐使用轻量云服务器, 主要原因是它比较方便. , 且使用的是飞书/企业微信/QQ等国内IM渠道, 可选择境内地域. 如果要使用GPT等国际厂商的大模型, 又或者使用Discord/WhatsApp等IM渠道, 可选择海外地域.

玩转OpenClaw(Moltbot) | 使用Docker部署OpenClaw并绑定域名HTTPS开启公网访问
地域 特点 适用场景
境内 访问国内厂商服务较快 使用Deepseek/MiniMax等国内厂商大模型和飞书/企业微信/QQ等IM渠道
境外 访问国际厂商服务较快 使用GPT等国际厂商大模型和Discord/WhatsApp等IM渠道

让我们一起... 在轻量控制台获取你的IP地址, 然后根据这个IP进行后续操作.

安装Docker

输入如下命令安装Docker:

curl -fsSL https:// | sudo sh -s -- --mirror Aliyun

配置境内镜像源:

{"registry-mirrors": }

编辑/etc/docker/文件, 输入如下内容并保存. 重启Docker服务使镜像源生效:,说句可能得罪人的话...

systemctl restart docker

部署OpenClaw

拉取OpenClaw代码并构建镜像

cd ~git clone https:///openclaw/openclaw
cd openclaw/
# 使用最新的tag构建
LATEST_TAG=$ && git checkout $LATEST_TAG && docker build -t openclaw:$LATEST_TAG .

查看构建好的镜像:

root@VM-12-10-debian:~/openclaw# docker images
IMAGE                 ID             DISK USAGE   CONTENT SIZE   EXTRA
nginx:alpine          4870c12cd2ca       93.1MB         26.8MB
nginx:latest          c881927c4077        240MB         65.7MB    U
openclaw:v2026.1.30   99c84ced9f6a       3.93GB         1.06GB    U

创建OpenClaw容器持久化文件夹并初始化配置

cd ~mkdir -p openclaw-docker/{config,data}
# 设置文件夹权限, 不设置会报错
chown -R 1000:1000 openclaw-docker/{config,data}
cd openclaw-docker
docker compose run --rm -it openclaw-cli onboard

根据提示完成初始化配置:

┌  OpenClaw onboarding
│
◇  I understand this is powerful and inherently risky. Continue?
│  Yes
◇  Onboarding mode
│  Manual
◇  What do you want to set up?
│  Local gateway 
◇  Workspace directory
│  /home/node/.openclaw/workspace
◇  Model/auth provider
│  Skip for now
◇  Filter models by provider
│  All providers
◇  Default model
│  Keep current 
│
◇  Gateway port
│  18789
◇  Gateway bind
│  LAN 
◇  Gateway auth
│  Password  
◇  Tailscale exposure 
│   Off   
◇Gateway password   
 │
│  
 ◇Configure chat channels now?   
 │No   
 Updated ~/.openclaw/Workspace OK: ~/.openclaw/workspace   
 Sessions OK: ~/.openclaw/agents/main/sessions  
 │
 ◇Configure skills now?    
 │No  
 │
 ◇Enable hooks? 
 │Skip for now  
 │
 └Onboarding complete. Use  tokenized dashboard link above to control OpenClaw.
 ◇Install shell completion script? 
 │Yes   
 Completion installed. Restart your shell or run: source /home/node/.zshrc

Nginx反向代理配置HTTPS实现公网访问

创建Nginx容器持久化文件夹 

 cd ~mkdir -p nginx-docker/data/mkdir -p nginx-docker/data/ssl

申请SSL证书

先说说需要有一个域名, 推荐购买一个6位纯数字xyz域名,首年和续费都是8元/年。准备一个准备绑定的域名, 比方说我准备的是 .

打开你的域名解析服务商,比方说我用的是DNSPod,新建一条解析记录。选择 Let's Encrypt , 在证书配置中输入你的域名,并选择 创建新RSA私钥 ,人间清醒。。

切中要害。 进入验证域名所有权步骤,选择DNS验证,记录下子域名和TXT记录。回到DNSPod, 添加一条TXT记录:

 子域名:_acme-
 TXT记录:Qx3G98bhtZMSkVpihdbD4nbA2yEDm1LAq9GeA8C-_LU

主机记录:填子域名前缀,即 _acme- 则填写 _acme- 。TXT记录:无需修改,直接按给出的填写。填写完成直接点 开始验证 。验证通过后把PEM文件和KEY文件保存下来。主要是看能否打开以及SSL是否设置正确。保存SSL证书:打开 data/ssl/.crt 把证书文件内容粘贴进去保存。打开data/ssl/.key , 把私钥文件内容粘贴进去保存,你没事吧?。

配置Nginx反代OpenClaw并启用HTTPS 


server {
    listen       80;
    server_name ;
    return       301 https://$server_name$request_uri;
}
server {
    listen       :443 ssl;
    server_name ;
ssl_certificate     /etc/nginx/ssl/;
    ssl_certificate_key /etc/nginx/ssl/;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
location / {
        proxy_pass http://127.0.0.1:18789;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    }
}
参数项 |默认值|可选值|说明| |---|---|---|---| listen |80|任意空闲端口|用于接收HTTP请求的监听端口| server_name ||你的域名|用于接收请求的域名| return ||https://$server_name$request_uri|将HTTP请求重定向到HTTPS| listen |443|任意空闲端口|用于接收HTTPS请求的监听端口| ssl_certificate ||你的证书路径|用于HTTPS加密的证书文件路径| ssl_certificate_key||你的私钥路径|用于HTTPS加密的私钥文件路径| proxy_pass||http://127.0..1:18789/|后端服务地址,这里指向OpenClaw gateway服务| proxy_set_header Host|$host||设置传递给后端的Host头信息为当前请求的Host| proxy_set_header X-Real-IP|$remote_addr||将客户端真实IP传递给后端| proxy_set_header X-Forwared-For|$proxy_add_x_forwarded_for||记录客户端原始IP及经过的代理IP列表| proxy_set_header X-Forwared_Proto|$scheme||告知后端请求使用的协议(http/https)| Strict-Transport-Security|max-age=63072000;includeSubDomains;preload||启用HSTS策略,强制浏览器使用HTTPS访问|

& # xd68c;
方案经费特点
自动化部署免费êsy to use,制
手动(this article)༉ complex operation steps༉ more control over deployment process can be modified according to ir needs༉ applicable to users who are familiar with technology or have specific customization requirements ; manual configuration requires a certain technical foundation and time cost ; need to deal with various details and potential problems by mselves , such as environment configuration , dependency installation , SSL certificate application , etc . ; relatively high flexibility , can be adjusted according to actual situation ; once configuration is completed , stability is good . ; not friendly enough for novices , re may be many obstacles in process of getting started . ; can be deeply customized to meet specific business or individual needs . ; if re are changes in technology stack or service adjustment in future , it needs to be manually maintained and updated .
& # x5171;& # x4eab;& # x57df;& # x540d; + & # x4e00;& # x952e; SSL & # x8bc1;& # x4e66;& # x7533;& # x8bf7; + & # x90e8;& # x7f72;& # x5de5;& # x5177; & # xe280;  will come soon ... can pay attention first

结束

方案经费特点
自动化部署회 free of charge & easy to use , limited customization options 
& # x624b;& # x52a8; & charged ำ a certain fee is required  & complex operation steps , more control over deployment process , can be modified according to ir needs  applicable to users who are familiar with technology or have specific customization requirements ; manual configuration requires a certain technical foundation and time cost ; need to deal with various details and potential problems by mselves , such as environment configuration , dependency installation , SSL certificate application , etc . ; relatively high flexibility , can be adjusted according to actual situation ; once configuration is completed , stability is good . ; not friendly enough for novices , re may be many obstacles in process of getting started . ; can be deeply customized to meet specific business or individual needs . ; if re are changes in technology stack or service adjustment in future , it needs to be manually maintained and updated .
& # x5171;& # x4eab;& # x57df;& # x540d; + & # x4e00;& # x952e; SSL & # x8bc1;& # x4e66;& # x7533;& # x8bf7; + & # xe28 c deployment tool & charged ำ will be charged in future 