A ready-to-deploy Docker image for OpenClaw, the powerful open-source AI assistant that brings Claude and GPT to your favorite messaging apps. Built for ODIN Fleet and any Docker-compatible platform.
Features:
- Zero-config startup — auto-configures on first run
- HTTPS support with auto-generated or custom certificates
- Supports Anthropic and OpenAI APIs
- Connect WhatsApp, Telegram, Discord, Slack, and more
- Persistent storage for seamless container restarts
# 1. Configure
cp .env.example .env
# Edit .env: set your API key and gateway auth (password or token)
# 2. Build & start
docker compose up -d --build
# 3. Access Control UI
# With password: https://localhost:18789 (enter password when prompted)
# With token: https://localhost:18789/?token=YOUR_TOKENOpenClaw stores all configuration and state in /home/node/.openclaw inside the container. This directory must be mounted as a volume to prevent data loss when the container is recreated.
volumes:
- ./data:/home/node/.openclawThis folder contains:
openclaw.json— main configuration (gateway settings, API keys, TLS config)- Channel credentials (WhatsApp sessions, bot tokens, etc.)
- Auto-generated TLS certificates (if enabled)
| Variable | Purpose | Default |
|---|---|---|
OPENCLAW_GATEWAY_HOST |
Gateway public IP/FQDN | localhost |
OPENCLAW_GATEWAY_PORT |
Gateway port | 18789 |
OPENCLAW_GATEWAY_PASSWORD |
Gateway password (user-friendly) | - |
OPENCLAW_GATEWAY_TOKEN |
Gateway token (machine-friendly) | Auto-generated |
ANTHROPIC_API_KEY |
Anthropic API key | - |
OPENAI_API_KEY |
OpenAI API key | - |
OPENCLAW_AUTH_CHOICE |
Auth provider if no API key | skip |
OPENCLAW_TLS_ENABLED |
Enable HTTPS | false |
OPENCLAW_SKIP_ONBOARD |
Skip auto-setup (for OAuth) | false |
OPENCLAW_MODEL |
AI model to use | Auto-detected |
OPENCLAW_SSH_ENABLED |
Enable SSH server | false |
OPENCLAW_SSH_PORT |
SSH server port | 22 |
OPENCLAW_SSH_AUTHORIZED_KEYS |
SSH public keys (one per line) | - |
Auth modes: Set
OPENCLAW_GATEWAY_PASSWORDfor password auth, orOPENCLAW_GATEWAY_TOKENfor token auth. If neither is set, a token is auto-generated and printed in the logs.
Set OPENCLAW_TLS_ENABLED=true to enable HTTPS with an auto-generated self-signed certificate.
Custom certificates (mounted):
volumes:
- ./certs/cert.pem:/certs/cert.pem:ro
- ./certs/key.pem:/certs/key.pem:roDocker Secrets:
secrets:
- tls_cert
- tls_keyDisable TLS:
environment:
- OPENCLAW_TLS_ENABLED=falseEnable SSH for remote access and debugging. Uses public key authentication only (no passwords).
environment:
- OPENCLAW_SSH_ENABLED=true
- OPENCLAW_SSH_AUTHORIZED_KEYS=ssh-ed25519 AAAA... user@host
ports:
- "2222:22"Multiple keys (via environment):
environment:
- OPENCLAW_SSH_ENABLED=true
- |
OPENCLAW_SSH_AUTHORIZED_KEYS=
ssh-ed25519 AAAA... user1@host
ssh-rsa AAAA... user2@hostVia mounted file:
volumes:
- ./authorized_keys:/ssh/authorized_keys:roVia Docker secret:
secrets:
- ssh_authorized_keysThen connect: ssh -p 2222 node@<host>
# 1. Interactive setup
docker compose run --rm openclaw openclaw onboard
# 2. Set OPENCLAW_SKIP_ONBOARD=true in .env
# 3. Start
docker compose up -d# WhatsApp (shows QR code)
docker compose exec -it openclaw openclaw channels login --channel whatsapp
# Telegram
docker compose exec openclaw openclaw channels add --channel telegram --token <BOT_TOKEN>
# Discord
docker compose exec openclaw openclaw channels add --channel discord --token <BOT_TOKEN>
# Slack
docker compose exec openclaw openclaw channels add --channel slack --bot-token <xoxb-...> --app-token <xapp-...>docker compose exec openclaw openclaw health
docker compose exec openclaw openclaw channels list
docker compose exec openclaw openclaw <command>docker compose pull
docker compose up -dOr rebuild from source:
docker compose build --no-cache
docker compose up -ddocker compose logs -f # View logs
rm -rf ./data && docker compose up -d # Reset and re-run setupPermission denied on ./data directory:
If you see EACCES: permission denied errors for /home/node/.openclaw/openclaw.json, fix the data directory permissions:
sudo chown -R 1000:1000 ./dataThe node user inside the container has UID 1000. This is common on Linux hosts where Docker creates the directory as root.