🐳 Docker Setup

Run OpenClaw in a container for easy deployment

Why Docker?

Docker containers provide isolation, easy deployment, and reproducible environments. Perfect for running on servers, NAS devices, or alongside other services without conflicts.

Benefits

🔒 Isolation

OpenClaw runs in its own environment, separate from your system

📦 Portability

Same container works anywhere Docker runs

🔄 Easy Updates

Pull new image, restart container, done

🗂️ Clean System

No global Node.js install or npm packages

Install Docker

# Linux (Ubuntu/Debian)
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
# Log out and back in for group to take effect

# macOS
brew install --cask docker
# Or download Docker Desktop from docker.com

# Verify installation
docker --version

Create a Directory for Config

# Create a directory for OpenClaw data
mkdir -p ~/openclaw
cd ~/openclaw

Create docker-compose.yml

Create a docker-compose.yml file:

version: '3.8'

services:
  openclaw:
    image: openclaw/openclaw:latest
    container_name: openclaw
    restart: unless-stopped
    volumes:
      - ./config:/root/.openclaw
      - ./workspace:/workspace
    environment:
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
      # Add other API keys as needed
    ports:
      - "127.0.0.1:3000:3000"  # Bind to localhost only!

Create Environment File

Create a .env file with your API keys:

# .env file - keep this secret!
ANTHROPIC_API_KEY=sk-ant-your-key-here

⚠️ Keep .env Secret

Add .env to your .gitignore and never commit it. It contains your API keys.

Start the Container

# Start in the background
docker compose up -d

# Check it's running
docker compose ps

# View logs
docker compose logs -f

Run Initial Setup

Execute the onboarding wizard inside the container:

# Enter the container
docker compose exec openclaw sh

# Run onboarding
openclaw onboard

# Exit when done
exit

Restart to Apply Config

docker compose restart

# Check logs to verify
docker compose logs -f openclaw

🎉 Running!

Your OpenClaw is now running in a Docker container. The config persists in ./config and survives container restarts.

Common Operations

View Logs

# Follow logs
docker compose logs -f

# Last 100 lines
docker compose logs --tail 100

Update to Latest Version

# Pull latest image
docker compose pull

# Restart with new image
docker compose up -d

Stop the Container

# Stop but keep container
docker compose stop

# Stop and remove container
docker compose down

Execute Commands Inside

# Run a openclaw command
docker compose exec openclaw openclaw status

# Get a shell
docker compose exec openclaw sh

Alternative: Docker Run

If you prefer not to use docker-compose:

docker run -d \
  --name openclaw \
  --restart unless-stopped \
  -v ~/openclaw/config:/root/.openclaw \
  -v ~/openclaw/workspace:/workspace \
  -e ANTHROPIC_API_KEY="your-key" \
  -p 127.0.0.1:3000:3000 \
  openclaw/openclaw:latest

Running on NAS Devices

Synology / QNAP

Most NAS devices support Docker through their package managers:

Synology: Install "Container Manager" from Package Center
QNAP: Install "Container Station" from App Center
Create a project and paste the docker-compose.yml contents
Set environment variables in the UI

Troubleshooting

Container keeps restarting?

# Check logs for errors
docker compose logs --tail 50

# Check if config is valid
docker compose exec openclaw openclaw doctor

Permission denied errors?

# Fix permissions on mounted volumes
sudo chown -R 1000:1000 ~/openclaw/config
sudo chown -R 1000:1000 ~/openclaw/workspace

Can't connect to gateway?

By default, the port is bound to localhost only. To access from other devices, use Tailscale or change the port binding (not recommended for security).

Related Guides

VPS Deployment — Cloud server setup
Security Checklist — Essential hardening
Tailscale Setup — Secure remote access