A reproducible, isolated Docker environment for OpenClaw (formerly known as Moltbot and Clawdbot), designed to keep your host system clean and secure.
- Single Container Architecture: Runs both the Gateway and CLI tools in one isolated container.
- Automated Setup: One script (
./setup.sh) handles cloning, building, dependencies, and configuration. - Isolated Workspace:
node_modulesare kept in a Docker volume, keeping your local repo clean. - Non-Root Security: Runs as a non-root
nodeuser (UID 1000) inside the container. - Persistent Storage: Configuration and workspace data persist in local
config/andworkspace/directories.
- Docker and Docker Compose installed on your system.
git- Note: This project has only been tested on Ubuntu 24.04.
-
Clone this repository:
git clone https://github.com/joshua5201/openclaw-docker-compose.git cd openclaw-docker-compose -
Run the automated setup:
./setup.sh
This script will:
- Clone/update the OpenClaw source code into
./openclaw. - Build the Docker image.
- Install dependencies and compile the project.
- Launch the interactive Onboarding Wizard.
- Configure the gateway to listen on LAN (for Docker access).
- Start the gateway and provide your Dashboard URL.
- Clone/update the OpenClaw source code into
-
Approve your Browser (Pairing): OpenClaw requires you to approve new devices for security. If you see "Pairing Required" on the dashboard:
- List pending requests:
docker compose exec openclaw node openclaw.mjs devices list - Approve the request ID:
docker compose exec openclaw node openclaw.mjs devices approve <ID>
- List pending requests:
- Start Gateway:
docker compose up -d - Stop Gateway:
docker compose down - View Logs:
docker compose logs -f openclaw - Open Shell:
docker compose exec openclaw bash
- Browser Performance: If you experience performance issues when running the browser inside the main container, you can use the built-in
browserlessservice. In your agent configuration, set the browser connection URL tows://browserless:3000. This offloads browser execution and provides 10 concurrent sessions with 2GB of shared memory. - Browser Setup: When asking the agent to use a headless browser, tell it that it is executing inside a Docker sandbox. This informs the agent that it does not need to use additional sandbox mode when setting up the browser.
Your OpenClaw configuration is stored in the config/ directory (ignored by git).
The agent's memory and workspace are stored in workspace/.
You can specify the host ports in your .env file. If not set, they may be assigned to random ports by Docker.
Add the following to your .env:
OPENCLAW_PORT=18789
OPENCLAW_BRIDGE_PORT=18790
BROWSERLESS_PORT=3000- "Pairing Required" (Error 1008): See step 3 in Quick Start.
- Gateway not accessible: Ensure the container is running (
docker compose ps) and listening on port18789. - Re-run Wizard: If you need to reconfigure, run
./run_wizard.sh.
Feel free to submit PRs!
This software is provided "as is" without warranty of any kind. OpenClaw is a powerful AI agent capable of executing commands and modifying files. Use this software at your own risk. The authors of this Docker wrapper are not responsible for any data loss or security incidents resulting from its use. Ensure you understand the capabilities of the agent before granting it extensive permissions.