Linux 服务器部署 OpenClaw,并在 Windows 电脑访问

该文章已生成可运行项目,

AI 时代程序员必备技能

Codex、Claude Code、Cursor、Hermes Agent、OpenClaw等工程化实战专栏 ,讲透 AI 如何接管脏活累活

在这里插入图片描述

这篇文章记录一套可直接落地的流程:
在 Linux 服务器用 Docker Compose 部署 OpenClaw,再通过 Windows 电脑稳定访问控制台并配置 LLM Key。


一、环境说明

  • Linux 服务器(已安装 Docker + Docker Compose v2)
  • Windows 电脑(用于远程访问)
  • OpenClaw 官方镜像:ghcr.io/openclaw/openclaw:latest
  • 对外端口:20010, 这里不使使用18789, 更安全一点

二、准备目录与 Compose 文件

先在服务器创建目录(示例:/root/openclaw/openclawlinux):

mkdir -p /root/openclaw/openclawlinux
cd /root/openclaw/openclawlinux

新建 dockercompose.yml

services:
  openclaw-gateway:
    image: ghcr.io/openclaw/openclaw:latest
    container_name: openclaw-gateway
    restart: unless-stopped
    ports:
      - "20010:18789"
    environment:
      TZ: Asia/Shanghai
      NODE_ENV: production
    volumes:
      - ./config:/home/node/.openclaw
      - ./workspace:/home/node/.openclaw/workspace
      - ./tmp:/tmp/openclaw
    healthcheck:
      test: ["CMD-SHELL", "curl -fsS http://127.0.0.1:18789/healthz || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s

  openclaw-cli:
    image: ghcr.io/openclaw/openclaw:latest
    container_name: openclaw-cli
    profiles: ["tools"]
    network_mode: "service:openclaw-gateway"
    entrypoint: ["node", "dist/index.js"]
    command: ["--help"]
    volumes:
      - ./config:/home/node/.openclaw
      - ./workspace:/home/node/.openclaw/workspace
      - ./tmp:/tmp/openclaw
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - NET_RAW
      - NET_ADMIN

三、初始化挂载目录权限

mkdir -p ./config ./workspace ./tmp
sudo chown -R 1000:1000 ./config ./workspace ./tmp

为什么是 1000:1000
因为容器内 node 用户通常是 uid=1000 gid=1000,目录权限一致可避免写入报错。


四、启动 OpenClaw

docker compose -f dockercompose.yml up -d

查看状态:

docker compose -f dockercompose.yml ps

五、生成 Dashboard Token

docker compose -f dockercompose.yml --profile tools run --rm openclaw-cli dashboard --no-open

你会看到类似:

Dashboard URL: http://127.0.0.1:18789/#token=xxxxxx

记下 token


六、放行控制台来源(解决 origin not allowed)

如果你直接公网 IP 访问,常见报错:

  • origin not allowed

执行:

docker compose -f dockercompose.yml --profile tools run --rm openclaw-cli config set --batch-json '[{"path":"gateway.mode","value":"local"},{"path":"gateway.bind","value":"lan"},{"path":"gateway.controlUi.allowedOrigins","value":["http://-.-.-.-:20010","https://-.-.-.-:20010","http://127.0.0.1:20010","http://localhost:20010"]}]'

然后重启网关:

docker compose -f dockercompose.yml restart openclaw-gateway

154.201.77.176 换成你的服务器 IP 或域名。


七、Windows 访问( SSH 隧道方式)

即使放行了 origin,公网 HTTP 还可能遇到:

  • control ui requires device identity (use HTTPS or localhost secure context)

最稳做法:在 Windows 本机开 SSH 隧道。

在 Windows 终端执行:

ssh -L 20010:127.0.0.1:20010 root@-.-.-.-

保持该窗口不断开,然后浏览器访问:

  • http://127.0.0.1:20010/chat?session=main

页面中填写:

  • WebSocket URL:ws://127.0.0.1:20010
  • Gateway Token:上一步拿到的 token
  • Password:可留空(默认 token 认证即可)

八、配置 LLM API Key

连接成功后如果提示没有 API key,执行:

docker compose -f dockercompose.yml --profile tools run --rm openclaw-cli agents add main

按交互选择你的模型提供商(如 OpenAI / DeepSeek),输入 API Key 即可。

可先查看 agent 列表:

docker compose -f dockercompose.yml --profile tools run --rm openclaw-cli agents list

下面是我的操作记录

## 1 得到访问token
 docker compose -f docker-compose.yml --profile tools run --rm openclaw-cli dashboard --no-open
[+] Creating 1/0
 ✔ Container openclaw-gateway  Running                                                                                                       0.0s

🦞 OpenClaw 2026.4.15 (unknown) — Your personal assistant, minus the passive-aggressive calendar reminders.

Dashboard URL: http://127.0.0.1:18789/#token=280323048b381fb7ba242378bdce57a4d6675358d6331607
## 2 允许 LAN/对外访问(不是只限容器内部)-.-.-.-需要替换为你的公网ip
docker compose -f docker-compose.yml --profile tools run --rm openclaw-cli config set --batch-json '[{"path":"gateway.mode","value":"local"},{"path":"gateway.bind","value":"lan"},{"path":"gateway.controlUi.allowedOrigins","value":["http://-.-.-.-:20010","https://-.-.-.-:20010","http://127.0.0.1:20010","http://localhost:20010"]}]'
[+] Creating 1/0
 ✔ Container openclaw-gateway  Running                                                                                                       0.0s

🦞 OpenClaw 2026.4.15 (unknown) — Claws out, commit in—let's ship something mildly responsible.

Config overwrite: /home/node/.openclaw/openclaw.json (sha256 0d0fdf7d4c24c9961a22565351f42ef7bb1f89599e8f2b54682c6a5194cfbdaa -> dbefbf0831c8840e88b109c24b684da946a8a4205cd82985a45be8c363de4fea, backup=/home/node/.openclaw/openclaw.json.bak)
Updated 3 config paths. Restart the gateway to apply.
[root@ECS-9829724383 openclawlinux]# docker compose -f docker-compose.yml restart openclaw-gateway
## 3 在window电脑上创建隧道 -.-.-.-需要替换为你的公网ip
ssh -L 20010:127.0.0.1:20010 root@-.-.-.-
## 5 使用 agents add main 命令, 设置模型key
docker compose -f docker-compose.yml --profile tools run --rm openclaw-cli agents add main
[+] Creating 1/0
 ✔ Container openclaw-gateway  Running                                                                                                       0.0s

🦞 OpenClaw 2026.4.15 (unknown) — Your terminal just grew claws—type something and let the bot pinch the busywork.

┌  Add OpenClaw agent
│
◇  Workspace directory
│  /home/node/.openclaw/workspace
│
◇  Configure model/auth for this agent now?
│  Yes
│
◇  Model/auth provider
│  DeepSeek
│
◇  Enter DeepSeek API key
│  sk-65b28c89462246eab967c91b5218****
│
◇  Channel status ──────────────────────────────────────╮
│                                                       │
│  LINE: needs token + secret                           │
│  Accounts: 0                                          │
│  Discord: needs token                                 │
│  iMessage: needs setup                                │
│  imsg: missing (imsg)                                 │
│  Signal: needs setup                                  │
│  signal-cli: missing (signal-cli)                     │
│  Slack: needs tokens                                  │
│  Telegram: needs token                                │
│  WhatsApp: not linked                                 │
│  QQ Bot: needs AppID + AppSecret                      │
│  Google Chat: needs service account                   │
│  MS Teams: needs app credentials                      │
│  Mattermost: needs token + url                        │
│  Nextcloud Talk: needs setup                          │
│  Feishu: needs app credentials                        │
│  Matrix: needs homeserver + access token or password  │
│  BlueBubbles: needs setup                             │
│  IRC: needs host + nick                               │
│  Zalo: needs token                                    │
│  Zalo Personal: needs QR login                        │
│  Synology Chat: needs token + incoming webhook        │
│  Accounts: 0                                          │
│  Tlon: needs setup                                    │
│  Nostr: needs private key                             │
│  Relays: 2                                            │
│  Twitch: not configured                               │
│  Twitch: installed                                    │
│                                                       │
├───────────────────────────────────────────────────────╯
│
◇  Configure chat channels now?
│  No
Config overwrite: /home/node/.openclaw/openclaw.json (sha256 dbefbf0831c8840e88b109c24b684da946a8a4205cd82985a45be8c363de4fea -> d26c23bbbb914450767bdf67b80f87ce78446406ec5a454f5d38e44b974b83cb, backup=/home/node/.openclaw/openclaw.json.bak)
Updated ~/.openclaw/openclaw.json
Workspace OK: ~/.openclaw/workspace
Sessions OK: ~/.openclaw/agents/main/sessions
│
└  Agent "main" ready.

九、常见问题排查

  • origin not allowed
    没配置 gateway.controlUi.allowedOrigins 或地址不匹配(协议/端口/IP)。
  • control ui requires device identity
    用了公网 HTTP。建议 SSH 隧道访问 127.0.0.1 或上 HTTPS 域名。
  • permission denied
    检查 ./config ./workspace ./tmp 是否 chown 1000:1000
  • 命令报找不到 compose 文件
    注意文件名统一(本文使用 dockercompose.yml)。

十、安全建议

  • 如果泄露,立即轮换 token 和 API key。
  • 长期公网使用建议上 HTTPS(Nginx/Caddy + Let’s Encrypt)。

总结

这套方案的核心是三点:

  • 用官方镜像快速起服务;
  • 数据目录全部落在宿主机可持久化;
  • Windows 通过 SSH 隧道访问,稳定避开浏览器安全上下文问题。
本文章已经生成可运行项目

AI 时代程序员必备技能

Codex、Claude Code、Cursor、Hermes Agent、OpenClaw等工程化实战专栏 ,讲透 AI 如何接管脏活累活

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

蓝色的杯子

你的鼓励将是我最大的动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值