最近本人在测试服务器搭建龙虾被折磨坏了,特发此教程无脑复制粘贴即可成功搭建龙虾

前提条件:有docker 20以上 越新越好 有docker compose 有镜像alpine/openclaw:latest 

mkdir -p /opt/openclaw/{config,data,logs}

groupadd -g 2000 openclaw

useradd -u 2000 -g openclaw -M -s /sbin/nologin openclaw  给龙虾创建用户 为了保证安全

cd /opt/openclaw

vim docker-compose.yml

version: '3.8'

volumes:
  openclaw_data:

services:
  openclaw-gateway:
    image: alpine/openclaw:latest
    container_name: openclaw-gateway-prod
    restart: unless-stopped
    environment:
      - NODE_ENV=production
      - OPENCLAW_TOKEN=${OPENCLAW_TOKEN}
    volumes:
      - openclaw_data:/data
      - ./config:/config:ro
      - ./logs:/logs:rw
    ports:
      - "127.0.0.1:18789:18789"
    mem_limit: 2g
    cpus: 2
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:18789/health || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 60s
    logging:
      driver: "json-file"
      options:
        max-size: "100m"
        max-file: "5"
        compress: "true"

chown -R www.www /opt/openclaw/*    授权

直接启动好吧

docker compose up -d

docker logs openclaw-gateway-prod 自己看日志 基本没问题 有小问题自己复制问ai怎么办

龙虾只能127.0.0.1访问,还需要https访问才行 不然会报错 我们直接用nginx进行反向代理,没证书直接用我的命令好吧

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout cert.key -out cert.crt

yum -y install nginx 

vim /etc/nginx/conf.d/openclaw.conf

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 443 ssl http2;
    server_name openclaw.your-domain.com;  # 改成你自己的域名

    # 你的证书路径(已按你提供的写好)
    ssl_certificate /etc/nginx/ssl/cert.crt;
    ssl_certificate_key /etc/nginx/ssl/cert.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    add_header Strict-Transport-Security "max-age=31536000" always;

    # ✅ 修复 WebSocket 1006 断开(核心)
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    # ✅ 长超时(防止AI流式断开)
    proxy_connect_timeout 600s;
    proxy_send_timeout 600s;
    proxy_read_timeout 600s;

    location / {
        proxy_pass http://127.0.0.1:18789;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Origin 头修正(解决安全校验失败)
        proxy_set_header Origin "http://127.0.0.1:18789";

        # 其他必要头
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # 关闭缓冲(WebSocket 不能缓冲)
        proxy_buffering off;

        # 超时设置(防止长连接被代理超时断开)
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}

# HTTP 自动跳转 HTTPS
server {
    listen 80;
    server_name openclaw.your-domain.com;
    return 301 https://$host$request_uri;
}

必须用我的配置 要不会有1006问题等各种问题,很麻烦,证书就放在配置里的目录就行,没有就自己创建目录放进去。

直接访问 https://ip

token位置:

docker exec -it openclaw-gateway-prod /bin/bash 进入容器

找/home/node/.openclaw/openclaw.json 在里面有

还有一个设备配对问题,用浏览器就有这问题

docker exec -it openclaw-gateway-prod /bin/bash 进入容器

输入 openclaw devices list

openclaw devices approve e1dd0fdc-973e-4b26-b05d-cd59c49a7328 手动同意一下就行 

大功告成,有别的问题评论区问我。

Logo

Agent 垂直技术社区,欢迎活跃、内容共建。

更多推荐