ClawHub

OpenClaw Docker Linux

Run OpenClaw inside Docker on Linux with Tailscale remote access. Complete setup guide covering installation, configuration, and critical gotchas. Trigger ph...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 45 · 0 current installs · 0 all-time installs
byDeonte Cooper@djc00p
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenClaw in Docker + Tailscale) match the artifacts: docker-compose template, .env template, management script, and troubleshooting docs. Required binaries (docker, docker-compose) are appropriate. Optional provider tokens listed are relevant to OpenClaw's integrations.
Instruction Scope
SKILL.md and included scripts operate on expected files (.env, ~/.openclaw/openclaw.json), call docker/docker-compose, and instruct installing/using Tailscale on the host. They read and display tokens from .env (masked in some places, printed unmasked in tailscale output) — this is necessary for configuration but increases local exposure risk. No instructions send secrets to unknown remote endpoints.
Install Mechanism
Instruction-only skill (no remote install URLs). The runtime pulls an official-looking image from ghcr.io; that's a normal pattern for Docker-first deployments. No arbitrary archive downloads or extract steps in the skill bundle itself.
Credentials
The .env and compose templates request ANTHROPIC_API_KEY / OPENAI_API_KEY and an OPENCLAW_GATEWAY_TOKEN (appropriate). Many other provider tokens are listed as optional (Telegram, Gemini, GitHub, etc.) which is reasonable but worth auditing before populating. Minor inconsistency: SKILL.md metadata lists ANTHROPIC_API_KEY and OPENCLAW_GATEWAY_TOKEN while registry-level requirements show none—this is an authoring mismatch, not a functional problem.
Persistence & Privilege
Skill is not marked always:true and does not request persistent elevated privileges beyond normal Docker/Tailscale usage. The management script suggests running sudo for system operations (usermod, apt installs), which is expected for system-level setup.
Assessment
This guide appears coherent and intended for running OpenClaw in a Docker container with Tailscale access. Before installing: 1) Inspect the docker-compose.yml and avoid uncommenting optional host mounts (they can expose host credentials like ~/.config/gh or /home/linuxbrew). 2) Keep the gateway token and AI API keys out of repositories and generate a strong OPENCLAW_GATEWAY_TOKEN (the scripts read and sometimes print these values — be careful where you run them). 3) Prefer using Tailscale MagicDNS (recommended) rather than exposing port 18789 to the public internet; if you must change ports, update allowedOrigins. 4) Pin or verify the Docker image (avoid blindly using :latest in production); consider verifying the image source on ghcr.io. 5) Note the small metadata mismatch: SKILL.md advertises required env keys while registry metadata lists none — treat this as an authoring inconsistency and follow the included .env template. 6) Only provide optional tokens (GitHub, Telegram, etc.) if you need those integrations, and avoid mounting host tool directories unless necessary. If you want extra assurance, review the running container image contents and audits before supplying production credentials.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97az1dsaceb7x0gzxjnaxe45d83x9mw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐋 Clawdis
OSLinux
Binsdocker, docker-compose
Environment variables
ANTHROPIC_API_KEYrequired
OPENCLAW_GATEWAY_TOKENrequired

SKILL.md

OpenClaw Docker Setup

Run OpenClaw inside Docker on Linux (Ubuntu 24.04+) with Tailscale for remote access.

Quick Start

  1. Install Docker via APT (not Snap):

    sudo apt install docker.io docker-compose && \
sudo usermod -aG docker $USER

    Then log out and back in — sudo usermod doesn't take effect with newgrp.

  2. Run onboard to configure gateway and get your token:

    docker-compose run --rm openclaw-cli onboard

  3. Create docker-compose.yml using the token from onboard. See references/docker-config.md for the full template and .env setup.

  4. Start the container:

    docker-compose up -d

    Access at http://localhost:18789?token=YOUR_TOKEN

Key Concepts

  • bind: lan vs loopbacklan = accessible from the host via port mapping; loopback = locked inside container.
  • Tailscale on host, not container — Run Tailscale on the Ubuntu host for remote access.
  • One method only — Docker OR global install, never both (port + config conflicts).
  • Config path mapping — Host ~/.openclaw/ → Container /home/node/.openclaw/ (same files, different paths).
  • Docker group loginsudo usermod -aG docker requires full logout/login, not newgrp.

Common Usage

Generate a secure token:

openssl rand -hex 32

View container logs:

docker-compose logs -f openclaw

Run CLI commands inside container:

docker-compose run --rm openclaw-cli COMMAND_HERE

Fix volume permissions (Linux):

sudo chown -R 1000:1000 ~/.openclaw ~/openclaw

Approve Telegram pairing:

docker-compose run --rm openclaw-cli pairing approve telegram YOUR_CODE

Access via Tailscale (recommended — HTTPS):

sudo tailscale up
./docker-setup.sh tailscale  # Starts tailscale serve on port 18789

Then visit https://YOUR_MACHINE_NAME.YOUR_TAILNET.ts.net?token=YOUR_TOKEN from any device on your tailnet. Use MagicDNS hostname over raw IP — it's HTTPS by default and more stable.

References

  • references/docker-config.md — docker-compose.yml, .env template, permissions, Tailscale, management script
  • references/quickstart.md — Simple 5-minute setup guide
  • references/docker-setup.sh — Management script (start/stop/logs/doctor/tailscale/approve_telegram)
  • references/gotchas.md — Critical mistakes and how to avoid them
  • references/troubleshooting.md — Common errors and fixes

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…