openclaw新版部署教程

OpenClaw 是一个开源的个人AI 助手平台，支持通过多种消息渠道与AI 交互，支持通过WhatsApp、飞书、Telegram 、qq、微信等常用聊天软件交互，能实现邮件发送、日程管理。

linux服务器中部署

安装

如需要安装最新版本openclaw请选择ubuntu22.04 LTS 64位系统，或者选择openclaw镜像。

执行命令安装：

curl -fsSL https://openclaw.ai/install.sh | bash

配置网关

安装完后再配置AI：

openclaw onboard

配置完成后还不能访问，需要再修改配置文件

先执行以下命令，再修改配置文件
NEW_TOKEN=$(openssl rand -base64 32)
openclaw config set gateway.auth.token "$NEW_TOKEN" #设置token 
openclaw config set gateway.controlUi.allowInsecureAuth true #设置允许http访问
openclaw config set gateway.controlUi.dangerouslyDisableDeviceAuth true #设置安全降低
openclaw config set gateway.bind "lan" #设置外网访问
openclaw config set gateway.mode "local"
开启最大权限
openclaw config set tools.profile full
openclaw config set tools.deny '[]' --json
openclaw config unset tools.allow
openclaw config set agents.defaults.sandbox.mode off
#再核对配置文件,http://localhost:18789 localhost需要改成ip
vi /root/.openclaw/openclaw.json
#修改完成后，执行重启网关
openclaw gateway restart
#再访问http://ip:18789/
#查询token
cat /root/. openclaw/openclaw.json | grep token #打印token

配置插件

如果还需要安装微信聊天

openclaw plugins install @openclaw-china/dingtalk
openclaw china setup
openclaw plugins install @openclaw-china/dingtalk
openclaw china setup
openclaw plugins install @openclaw-china/feishu-china
openclaw china setup
openclaw plugins install @openclaw-china/qqbot
openclaw china setup
openclaw plugins install @openclaw-china/wecom-app
openclaw china setup
openclaw plugins install @openclaw-china/wecom
openclaw china setup

配置https(新版本必须配置)

1、修改DOMAIN
2、 执行脚本

#!/usr/bin/env bash
set -euo pipefail
# =========================
# 可修改变量
# =========================
DOMAIN="your-domain.com"
OPENCLAW_PORT="18789"
CERT_DIR="/etc/nginx/cert"
NGINX_CONF="/etc/nginx/conf.d/openclaw.conf"
# 证书主题信息
C="CN"
ST="GuangDong"
L="ShenZhen"
O="OpenClaw"
OU="IT"
CN="${DOMAIN}"
# =========================
# 检查 root
# =========================
if [ "$(id -u)" -ne 0 ]; then
  echo "请使用 root 运行此脚本"
  exit 1
fi
echo "[1/7] 安装 nginx 和 openssl ..."
if command -v apt >/dev/null 2>&1; then
  apt update
  apt install -y nginx openssl
elif command -v yum >/dev/null 2>&1; then
  yum install -y epel-release || true
  yum install -y nginx openssl
elif command -v dnf >/dev/null 2>&1; then
  dnf install -y nginx openssl
else
  echo "不支持的系统包管理器，请手动安装 nginx 和 openssl"
  exit 1
fi
echo "[2/7] 创建证书目录 ..."
mkdir -p "${CERT_DIR}"
chmod 700 "${CERT_DIR}"
echo "[3/7] 生成私钥 private.key ..."
openssl ecparam -genkey -name prime256v1 -out "${CERT_DIR}/private.key"
echo "[4/7] 生成 CSR cert.csr ..."
openssl req \
  -new \
  -key "${CERT_DIR}/private.key" \
  -out "${CERT_DIR}/cert.csr" \
  -subj "/C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}"
echo "[5/7] 生成自签名证书 cert.pem ..."
openssl x509 \
  -req \
  -days 3650 \
  -in "${CERT_DIR}/cert.csr" \
  -signkey "${CERT_DIR}/private.key" \
  -out "${CERT_DIR}/cert.pem"
chmod 600 "${CERT_DIR}/private.key"
chmod 644 "${CERT_DIR}/cert.pem"
chmod 644 "${CERT_DIR}/cert.csr"
echo "[6/7] 写入 nginx 配置 ..."
mkdir -p /etc/nginx/conf.d
cat > "${NGINX_CONF}" <<EOF
map \$http_upgrade \$connection_upgrade {
    default upgrade;
    ''      close;
}
server {
    listen 80;
    server_name ${DOMAIN};
    return 301 https://\$host\$request_uri;
}
server {
    listen 443 ssl http2;
    server_name ${DOMAIN};
    ssl_certificate     ${CERT_DIR}/cert.pem;
    ssl_certificate_key ${CERT_DIR}/private.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    access_log /var/log/nginx/openclaw-access.log;
    error_log  /var/log/nginx/openclaw-error.log;
    location / {
        proxy_pass http://127.0.0.1:${OPENCLAW_PORT};
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection \$connection_upgrade;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$remote_addr;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_set_header X-Forwarded-Host \$host;
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 86400s;
        proxy_buffering off;
    }
}
EOF
# 有些系统默认站点会冲突，尝试移除
if [ -f /etc/nginx/sites-enabled/default ]; then
  rm -f /etc/nginx/sites-enabled/default
fi
if [ -f /etc/nginx/conf.d/default.conf ]; then
  rm -f /etc/nginx/conf.d/default.conf
fi
echo "[7/7] 检查并启动 nginx ..."
nginx -t
systemctl enable nginx
systemctl restart nginx
echo
echo "安装完成"
echo "域名: ${DOMAIN}"
echo "证书目录: ${CERT_DIR}"
echo "Nginx 配置: ${NGINX_CONF}"
echo
echo "证书文件:"
echo "  私钥: ${CERT_DIR}/private.key"
echo "  CSR : ${CERT_DIR}/cert.csr"
echo "  证书: ${CERT_DIR}/cert.pem"
echo
echo "访问地址: https://${DOMAIN}"
echo
echo "注意:"
echo "1. 这是自签名证书，浏览器会提示不受信任"
echo "2. 请确认域名 ${DOMAIN} 已解析到当前服务器"
echo "3. 请确认 OpenClaw 已监听 127.0.0.1:${OPENCLAW_PORT}"

2、 配置allowedOrigins

{
  "gateway": {
    "port": 18789,
    "mode": "local",
    "bind": "loopback",
    "trustedProxies": ["127.0.0.1", "::1"],
    "auth": {
      "mode": "token",
      "token": "your-very-strong-random-token-here"
    },
    "controlUi": {
      "allowedOrigins": ["https://your-domain.com"]
    }
  }
}