openclaw.net/docker-compose.yml at main · clawdotnet/openclaw.net · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
version: "3.8"

services:
  openclaw:
    image: ${OPENCLAW_IMAGE:-openclaw.net:local}
    build:
      context: .
      dockerfile: Dockerfile
    container_name: openclaw-gateway
    restart: unless-stopped
    ports:
      - "18789:18789"
    environment:
      # Required: set your LLM API key
      - MODEL_PROVIDER_KEY=${MODEL_PROVIDER_KEY:?Set MODEL_PROVIDER_KEY}
      # Required for non-loopback bind
      - OPENCLAW_AUTH_TOKEN=${OPENCLAW_AUTH_TOKEN:?Set OPENCLAW_AUTH_TOKEN}
      # Optional overrides
      - MODEL_PROVIDER_MODEL=${OPENCLAW_MODEL:-gpt-4o}
      - MODEL_PROVIDER_ENDPOINT=${MODEL_PROVIDER_ENDPOINT:-}
      # ASP.NET Core config via env (double underscore = section separator)
      - OpenClaw__BindAddress=0.0.0.0
      - OpenClaw__Port=18789
      - OpenClaw__Tooling__AllowShell=false
      - OpenClaw__Tooling__AllowedReadRoots__0=/app/workspace
      - OpenClaw__Tooling__AllowedWriteRoots__0=/app/workspace
      # Safe default for public binds: disable JS plugin bridge unless explicitly enabled.
      - OpenClaw__Plugins__Enabled=false
      # If running behind a reverse proxy (Caddy/nginx), you can enable forwarded headers:
      # - OpenClaw__Security__TrustForwardedHeaders=true
      # - OpenClaw__Security__KnownProxies__0=<proxy-ip>
    volumes:
      # Persist memory/session data
      - openclaw-memory:/app/memory
      # Optional: mount a workspace for file tools
      - ${OPENCLAW_WORKSPACE:-./workspace}:/app/workspace
    healthcheck:
      test: ["CMD", "/app/OpenClaw.Gateway", "--health-check"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s

  # Optional: reverse proxy with automatic TLS
  caddy:
    image: caddy:2-alpine
    container_name: openclaw-caddy
    restart: unless-stopped
    ports:
      - "443:443"
      - "80:80"
    environment:
      - DOMAIN=${OPENCLAW_DOMAIN:-localhost}
    volumes:
      - ./deploy/Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy-data:/data
      - caddy-config:/config
    depends_on:
      openclaw:
        condition: service_healthy
    profiles:
      - with-tls

volumes:
  openclaw-memory:
  caddy-data:
  caddy-config: