搭建

Docker部署

安装

脚本快速搭建方法

1
2
bash <(curl -sSLk https://shell.nuoyis.net/nuoyis-linux-toolbox.sh) -install
nuoyis-toobox -r aliyun -do

命令行搭建方法

目前略

国内配置

中国境内搭建需要配置加速源,中国港/澳/台以及境外服务器均无需使用加速源

1
2
3
4
5
6
7
8
cat >> /etc/docker/daemon.json < EOF
"registry-mirrors": [
    "https://docker.xuanyuan.me",
    "https://docker.m.daocloud.io",
    "https://docker66ccff.lovablewyh.eu.org"
  ]
}
EOF

镜像提前拉取

1
2
docker pull ghcr.m.daocloud.io/openclaw/openclaw:latest
docker tag ghcr.m.daocloud.io/openclaw/openclaw:latest ghcr.io/openclaw/openclaw:latest

目录创建和权限设置

1
2
3
mkdir -p /server/openclaw/{openclaw-plugin-runtime-deps,workspace,.openclaw/{workspace/.openclaw,identity,agents/main/{sessions,agent}}}
chown -R 1000:1000 /server/openclaw/{.openclaw,workspace,openclaw-plugin-runtime-deps}
chmod -R 755 /server/openclaw/{.openclaw,workspace,openclaw-plugin-runtime-deps}

openclaw配置

docker-compose 编写

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
services:
  openclaw-gateway:
    image: ghcr.io/openclaw/openclaw:latest
    environment:
      NPM_CONFIG_REGISTRY: https://registry.npmmirror.com
      CLAWHUB_REGISTRY: http://mirror-cn.clawhub.com
      CLAUDE_AI_SESSION_KEY: ""
      CLAUDE_WEB_COOKIE: ""
      CLAUDE_WEB_SESSION_KEY: ""
      HOME: /home/node
      OPENCLAW_ALLOW_INSECURE_PRIVATE_WS: ""
      OPENCLAW_DISABLE_BONJOUR: ""
      OPENCLAW_GATEWAY_TOKEN: (和下方一致)
      OPENCLAW_OTEL_PRELOADED: ""
      OPENCLAW_PLUGIN_STAGE_DIR: /var/lib/openclaw/plugin-runtime-deps
      OTEL_EXPORTER_OTLP_ENDPOINT: ""
      OTEL_EXPORTER_OTLP_LOGS_ENDPOINT: ""
      OTEL_EXPORTER_OTLP_METRICS_ENDPOINT: ""
      OTEL_EXPORTER_OTLP_PROTOCOL: http/protobuf
      OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: ""
      OTEL_SEMCONV_STABILITY_OPT_IN: ""
      OTEL_SERVICE_NAME: ""
      TERM: xterm-256color
      TZ: Asia/Shanghai
    dns:
      - 223.5.5.5
      - 223.6.6.6
      - 8.8.8.8
      - 8.8.4.4
      - 1.1.1.1
    volumes:
      - /server/openclaw/.openclaw:/home/node/.openclaw
      - /server/openclaw/.openclaw/workspace:/home/node/.openclaw/workspace
      - /server/openclaw/openclaw-plugin-runtime-deps:/var/lib/openclaw/plugin-runtime-deps
    extra_hosts:
      - "host.docker.internal:host-gateway"
    ports:
      - "18789:18789"
      - "18790:18790"
    init: true
    restart: unless-stopped
    command: ["openclaw", "gateway", "--bind", "lan", "--port", "18789", "--allow-unconfigured"]
    healthcheck:
      test: ["CMD","node","-e","fetch('http://127.0.0.1:18789/healthz').then((r)=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s

  openclaw-cli:
    image: ghcr.io/openclaw/openclaw:latest
    network_mode: "service:openclaw-gateway"
    cap_drop:
      - NET_RAW
      - NET_ADMIN
    security_opt:
      - no-new-privileges:true
    environment:
      # NPM_CONFIG_REGISTRY: https://registry.npmmirror.com
      # CLAWHUB_REGISTRY: http://mirror-cn.clawhub.com
      BROWSER: echo
      CLAUDE_AI_SESSION_KEY: ""
      CLAUDE_WEB_COOKIE: ""
      CLAUDE_WEB_SESSION_KEY: ""
      HOME: /home/node
      OPENCLAW_ALLOW_INSECURE_PRIVATE_WS: "false"
      OPENCLAW_GATEWAY_TOKEN: (和上方一致)
      OPENCLAW_PLUGIN_STAGE_DIR: /var/lib/openclaw/plugin-runtime-deps
      TERM: xterm-256color
      TZ: Asia/Shanghai
    volumes:
      - /server/openclaw/.openclaw:/home/node/.openclaw
      - /server/openclaw/.openclaw/workspace:/home/node/.openclaw/workspace
      - /server/openclaw/openclaw-plugin-runtime-deps:/var/lib/openclaw/plugin-runtime-deps
    stdin_open: true
    tty: true
    init: true
    entrypoint: ["node", "dist/index.js"]
    depends_on:
      - openclaw-gateway

启动

1
docker-compose -f ~/openclaw.yaml run --rm openclaw-cli onboard

onboard初始化

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
[+] Creating 1/1
 ✔ Container root-openclaw-gateway-1  Running                                                                                                                                                               0.0s 

🦞 OpenClaw 2026.5.3 (unknown) — One CLI to rule them all, and one more restart because you changed the port.

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██░▄▄▄░██░▄▄░██░▄▄▄██░▀██░██░▄▄▀██░████░▄▄▀██░███░██
██░███░██░▀▀░██░▄▄▄██░█░█░██░█████░████░▀▀░██░█░█░██
██░▀▀▀░██░█████░▀▀▀██░██▄░██░▀▀▄██░▀▀░█░██░██▄▀▄▀▄██
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                  🦞 OPENCLAW 🦞                    
 
┌  OpenClaw setup

◇  Security disclaimer ──────────────────────────────────────────────────────────────────────╮
│                                                                                            │
│  OpenClaw is a hobby project and still in beta. Expect sharp edges.                        │
│  By default, OpenClaw is a personal agent: one trusted operator boundary.                  │
│  This bot can read files and run actions if tools are enabled.                             │
│  A bad prompt can trick it into doing unsafe things.                                       │
│                                                                                            │
│  OpenClaw is not a hostile multi-tenant boundary by default.                               │
│  If multiple users can message one tool-enabled agent, they share that delegated tool      │
│  authority.                                                                                │
│                                                                                            │
│  If you’re not comfortable with security hardening and access control, don’t run           │
│  OpenClaw.                                                                                 │
│  Ask someone experienced to help before enabling tools or exposing it to the internet.     │
│                                                                                            │
│  Recommended baseline                                                                      │
│  - Pairing/allowlists + mention gating.                                                    │
│  - Multi-user/shared inbox: split trust boundaries (separate gateway/credentials, ideally  │
│    separate OS users/hosts).                                                               │
│  - Sandbox + least-privilege tools.                                                        │
│  - Shared inboxes: isolate DM sessions (session.dmScope: per-channel-peer) and keep tool   │
│    access minimal.                                                                         │
│  - Keep secrets out of the agent’s reachable filesystem.                                   │
│  - Use the strongest available model for any bot with tools or untrusted inboxes.          │
│                                                                                            │
│  Run regularly                                                                             │
│  openclaw security audit --deep                                                            │
│  openclaw security audit --fix                                                             │
│                                                                                            │
│  Learn more                                                                                │
│  - https://docs.openclaw.ai/gateway/security                                               │
│                                                                                            │
├────────────────────────────────────────────────────────────────────────────────────────────╯

◇  I understand this is personal-by-default and shared/multi-user use requires lock-down. Continue?
│  Yes

◇  Setup mode
│  QuickStart

◇  QuickStart ─────────────────────────╮
│                                      │
│  Gateway port: 18789                 │
│  Gateway bind: Loopback (127.0.0.1)  │
│  Gateway auth: Token (default)       │
│  Tailscale exposure: Off             │
│  Direct to chat channels.            │
│                                      │
├──────────────────────────────────────╯

◇  Model/auth provider
│  Xiaomi

◇  Enter Xiaomi API key
│  sk-c********************dxggn18nwgpz7p7

◇  Model configured ──────────────────────────╮
│                                             │
│  Default model set to xiaomi/mimo-v2-flash  │
│                                             │
├─────────────────────────────────────────────╯

◇  Default model
│  Keep current (xiaomi/mimo-v2-flash)

◇  How channels work ───────────────────────────────────────────────────────────────────────╮
│                                                                                           │
│  DM security: default is pairing; unknown DMs get a pairing code.                         │
│  Approve with: openclaw pairing approve <channel> <code>                                  │
│  Public DMs require dmPolicy="open" + allowFrom=["*"].                                    │
│  Multi-user DMs: run: openclaw config set session.dmScope "per-channel-peer" (or          │
│  "per-account-channel-peer" for multi-account channels) to isolate sessions.              │
│  Docs: channels/pairing                  │
│                                                                                           │
│  Feishu: 飞书/Lark enterprise messaging with doc/wiki/drive tools.                        │
│  Google Chat: Google Workspace Chat app with HTTP webhook.                                │
│  Nostr: Decentralized protocol; encrypted DMs via NIP-04.                                 │
│  Microsoft Teams: Teams SDK; enterprise support.                                          │
│  Mattermost: self-hosted Slack-style chat; install the plugin to enable.                  │
│  Nextcloud Talk: Self-hosted chat via Nextcloud Talk webhook bots.                        │
│  Matrix: open protocol; install the plugin to enable.                                     │
│  BlueBubbles: iMessage via the BlueBubbles mac app + REST API.                            │
│  LINE: LINE Messaging API webhook bot.                                                    │
│  Zalo: Vietnam-focused messaging platform with Bot API.                                   │
│  Zalo Personal: Zalo personal account via QR code login.                                  │
│  Synology Chat: Connect your Synology NAS Chat to OpenClaw with full agent capabilities.  │
│  Tlon: decentralized messaging on Urbit; install the plugin to enable.                    │
│  Discord: very well supported right now.                                                  │
│  iMessage: this is still a work in progress.                                              │
│  IRC: classic IRC networks with DM/channel routing and pairing controls.                  │
│  QQ Bot: connect to QQ via official QQ Bot API with group chat and direct message         │
│  support.                                                                                 │
│  Signal: signal-cli linked device; more setup (David Reagans: "Hop on Discord.").         │
│  Slack: supported (Socket Mode).                                                          │
│  Telegram: simplest way to get started — register a bot with @BotFather and get going.    │
│  Twitch: Twitch chat integration                                                          │
│  WhatsApp: works with your own number; recommend a separate phone + eSIM.                 │
│  WeCom: Enterprise messaging and documents, scheduling, task tools.                       │
│  Yuanbao: Tencent Yuanbao AI assistant conversation channel.                              │
│                                                                                           │
├───────────────────────────────────────────────────────────────────────────────────────────╯

◇  Select channel (QuickStart)
│  Skip for now
Updated ~/.openclaw/openclaw.json
Workspace OK: ~/.openclaw/workspace
Sessions OK: ~/.openclaw/agents/main/sessions

◇  Web search ─────────────────────────────────────────────────────────────────╮
│                                                                              │
│  Web search lets your agent look things up online.                           │
│  Choose a provider. Some providers need an API key, and some work key-free.  │
│  Docs: https://docs.openclaw.ai/tools/web                                    │
│                                                                              │
├──────────────────────────────────────────────────────────────────────────────╯

◇  Search provider
│  Skip for now

◇  Skills status ─────────────╮
│                             │
│  Eligible: 7                │
│  Missing requirements: 42   │
│  Unsupported on this OS: 7  │
│  Blocked by allowlist: 0    │
│                             │
├─────────────────────────────╯

◇  Configure skills now? (recommended)
│  No

◇  Hooks ──────────────────────────────────────────────────────────────────╮
│                                                                          │
│  Hooks let you automate actions when agent commands are issued.          │
│  Example: Save session context to memory when you issue /new or /reset.  │
│                                                                          │
│  Learn more: https://docs.openclaw.ai/automation/hooks                   │
│                                                                          │
├──────────────────────────────────────────────────────────────────────────╯

◇  Enable hooks?
│  Skip for now
Config overwrite: /home/node/.openclaw/openclaw.json (sha256 9f8623945ab18a0a0bd61a782cc99410b2befd634964e688e86f52d61013491c -> 59e7007016625ab2d76120099d8d57cee37da445cf4f11699f241f986a2a3059, backup=/home/node/.openclaw/openclaw.json.bak)

◇  Systemd ───────────────────────────────────────────────────────────────────────────────╮
│                                                                                         │
│  Systemd user services are unavailable. Skipping lingering checks and service install.  │
│                                                                                         │
├─────────────────────────────────────────────────────────────────────────────────────────╯


Agents: main (default)
Heartbeat interval: 30m (main)
Session store (main): /home/node/.openclaw/agents/main/sessions/sessions.json (0 entries)

◇  Optional apps ────────────────────────╮
│                                        │
│  Add nodes for extra features:         │
│  - macOS app (system + notifications)  │
│  - iOS app (camera/canvas)             │
│  - Android app (camera/canvas)         │
│                                        │
├────────────────────────────────────────╯

◇  Control UI ────────────────────────────────────────────────────────────────────╮
│                                                                                 │
│  Web UI: http://127.0.0.1:18789/                                                │
│  Web UI (with token): http://127.0.0.1:18789/#token=nuoyis-openclaw-cn20260427  │
│  Gateway WS: ws://127.0.0.1:18789                                               │
│  Gateway: reachable                                                             │
│  Docs: https://docs.openclaw.ai/web/control-ui                                  │
│                                                                                 │
├─────────────────────────────────────────────────────────────────────────────────╯

◇  Start TUI (best option!) ─────────────────────────────────╮
│                                                            │
│  This is the defining action that makes your agent you.    │
│  Please take your time.                                    │
│  The more you tell it, the better the experience will be.  │
│  We will send: "Wake up, my friend!"                       │
│                                                            │
├────────────────────────────────────────────────────────────╯

◇  Token ────────────────────────────────────────────────────────────────────────────────────╮
│                                                                                            │
│  Gateway token: shared auth for the Gateway + Control UI.                                  │
│  Stored in: $OPENCLAW_CONFIG_PATH (default: ~/.openclaw/openclaw.json) under               │
│  gateway.auth.token, or in OPENCLAW_GATEWAY_TOKEN.                                         │
│  View token: openclaw config get gateway.auth.token                                        │
│  Generate token: openclaw doctor --generate-gateway-token                                  │
│  Web UI keeps dashboard URL tokens in memory for the current tab and strips them from the  │
│  URL after load.                                                                           │
│  Open the dashboard anytime: openclaw dashboard --no-open                                  │
│  If prompted: paste the token into Control UI settings (or use the tokenized dashboard     │
│  URL).                                                                                     │
│                                                                                            │
├────────────────────────────────────────────────────────────────────────────────────────────╯

◇  How do you want to hatch your bot?
│  Do this later

◇  Later ───────────────────────────────────────────╮
│                                                   │
│  When you're ready: openclaw dashboard --no-open  │
│                                                   │
├───────────────────────────────────────────────────╯

◇  Workspace backup ────────────────────────────────────────╮
│                                                           │
│  Back up your agent workspace.                            │
│  Docs: https://docs.openclaw.ai/concepts/agent-workspace  │
│                                                           │
├───────────────────────────────────────────────────────────╯

◇  Security ──────────────────────────────────────────────────────╮
│                                                                 │
│  Running agents on your computer is risky — harden your setup:  │
│  https://docs.openclaw.ai/security                              │
│                                                                 │
├─────────────────────────────────────────────────────────────────╯


强制https访问

openclaw强制https访问,nginx初始化完毕后可以先启动下面的gateway然后配置json,让nginx启动后直接能用

安装nginx

1
2
apt install nginx //redhat系列
yum install nginx //debian系列

编辑nginx.conf

文件内容为下列内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
cat > /etc/nginx/nginx.conf << 'EOF'
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        server_name  你的公网ip;
        return 301 https://$host$request_uri;
    }

    server {
        listen       443 ssl;
        server_name  你的公网ip;
        ssl_certificate      /etc/nginx/ssl/openclaw.crt;
        ssl_certificate_key  /etc/nginx/ssl/openclaw.key;
        ssl_protocols        TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers  on;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  10m;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Device-Id $http_x_device_id;
        proxy_set_header X-Device-Signature $http_x_device_signature;

        location / {
            proxy_pass http://127.0.0.1:18789;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 86400s;
            proxy_send_timeout 86400s;
            proxy_connect_timeout 60s;
        }
    }
}
EOF

创建自签名证书

1
2
3
4
mkdir -p /etc/nginx/ssl
openssl req -x509 -newkey rsa:4096 -keyout /etc/nginx/ssl/openclaw.key -out /etc/nginx/ssl/openclaw.crt -days 3650 -nodes -subj "/CN=你的ip" -addext "subjectAltName=IP:你的ip"
chmod 600 /etc/nginx/ssl/*
chown nginx:nginx /etc/nginx/ssl/* 2>/dev/null || chown www-data:www-data /etc/nginx/ssl/* 2>/dev/null || true

文件验证

1
nginx -t

openclaw-gateway启动正常后执行

没启动nginx执行

1
systemctl enable --now nginx

启动后执行

1
systemctl restart nginx

启动并进入openclaw-gateway

建议初始化后删掉重新启动一个

1
2
3
4
docker-compose -f ~/openclaw.yaml up -d openclaw-gateway
# 先看日志正常后再进入操作
docker-compose -f ~/openclaw.yaml logs -f
docker exec -it openclaw-gateway /bin/bash

查看日志没有权限/yaml报错就行(不管修改还是什么只要修改后都得输出日志检查,如果生成.bak是正常现象)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
docker-compose -f ~/openclaw.yaml logs -f
日志:
openclaw-gateway-1  | 2026-04-29T09:54:53.392+08:00 [gateway] loading configuration…
openclaw-gateway-1  | 2026-04-29T09:54:53.861+08:00 [gateway] resolving authentication…
openclaw-gateway-1  | 2026-04-29T09:54:53.863+08:00 [gateway] starting...
openclaw-gateway-1  | 2026-04-29T09:54:56.129+08:00 Config overwrite: /home/node/.openclaw/openclaw.json (sha256 701d427d8dab3d64cd5e024cc7449cfe005f60dfc18753e0a333bb20db4aa266 -> 0c74f9dbbf9d4e5f22a6b25a373587244346836a398a7fc773821d601b7b18a8, backup=/home/node/.openclaw/openclaw.json.bak)
openclaw-gateway-1  | 2026-04-29T09:54:56.138+08:00 [gateway] seeded gateway.controlUi.allowedOrigins ["http://localhost:18789","http://127.0.0.1:18789"] for bind=lan (required since v2026.2.26; see issue #29385). Add other origins to gateway.controlUi.allowedOrigins if needed.
openclaw-gateway-1  | 2026-04-29T09:54:59.546+08:00 [gateway] starting HTTP server...
openclaw-gateway-1  | 2026-04-29T09:54:59.551+08:00 [canvas] host mounted at http://0.0.0.0:18789/__openclaw__/canvas/ (root /home/node/.openclaw/canvas)
openclaw-gateway-1  | 2026-04-29T09:54:59.553+08:00 [gateway] ⚠️  Gateway is binding to a non-loopback address. Ensure authentication is configured before exposing to public networks.
openclaw-gateway-1  | 2026-04-29T09:55:00.196+08:00 [health-monitor] started (interval: 300s, startup-grace: 60s, channel-connect-grace: 120s)
openclaw-gateway-1  | 2026-04-29T09:55:00.545+08:00 [gateway] agent model: xiaomi/mimo-v2-flash
openclaw-gateway-1  | 2026-04-29T09:55:00.547+08:00 [gateway] http server listening (7 plugins: acpx, bonjour, browser, device-pair, memory-core, phone-control, talk-voice; 6.7s)
openclaw-gateway-1  | 2026-04-29T09:55:00.548+08:00 [gateway] log file: /tmp/openclaw/openclaw-2026-04-29.log
openclaw-gateway-1  | 2026-04-29T09:55:00.752+08:00 [gateway] security warning: dangerous config flags enabled: gateway.controlUi.allowInsecureAuth=true. Run `openclaw security audit`.
openclaw-gateway-1  | 2026-04-29T09:55:00.755+08:00 [gateway] starting channels and sidecars...
openclaw-gateway-1  | 2026-04-29T09:55:49.075+08:00 [plugins] embedded acpx runtime backend registered (cwd: /home/node/.openclaw/workspace)
openclaw-gateway-1  | 2026-04-29T09:55:49.399+08:00 [browser/server] Browser control listening on http://127.0.0.1:18791/ (auth=token)
openclaw-gateway-1  | 2026-04-29T09:55:49.416+08:00 [gateway] ready
openclaw-gateway-1  | 2026-04-29T09:55:49.422+08:00 [heartbeat] started

修改openclaw.yaml文件

访问权限放行(和下方origin命令行相同效果)

我这里文件位置是 /server/openclaw/.openclaw/openclaw.yaml,自己找到映射的.openclaw文件夹位置进行json修改,修改位置为controlUi

1
2
3
4
5
6
7
8
9
10
"controlUi": {
  "allowInsecureAuth": true,
  "allowedOrigins": [
    "http://localhost:18789",
    "http://127.0.0.1:18789",
   "http://:18789", //加入这行,记得加入公网ip地址/域名
   "http://",       //加入这行,记得加入公网ip地址/域名
   "https://"       //加入这行,记得加入公网ip地址/域名
  ]
},
特殊: 小米Momo 订阅专属配置

在配置完其他token后,小米momo订阅需要额外配置,在官网区域也有解释,需要删除auth位置,加入以下内容到models.providers里(请看整体文件预览)

整体文件预览

注: nuoyis学习时配置好的文件,可以对着敲打

openclaw.yaml

位置: /server/openclaw/.openclaw/

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
{
  "agents": {
    "defaults": {
      "workspace": "/home/node/.openclaw/workspace",
      "models": {
        "xiaomi/mimo-v2-flash": {
          "alias": "Xiaomi"
        }
      },
      "model": {
        "primary": "xiaomi-coding/mimo-v2.5-pro"
      }
    }
  },
  "gateway": {
    "mode": "local",
    "auth": {
      "mode": "token",
      "token": "nuoyis-openclaw-cn20260427"
    },
    "port": 18789,
    "bind": "loopback",
    "tailscale": {
      "mode": "off",
      "resetOnExit": false
    },
    "controlUi": {
      "allowInsecureAuth": true,
      "allowedOrigins": [
        "http://localhost:18789",
        "http://127.0.0.1:18789",
	      "http://:18789",
	      "http://",
	      "https://"
      ]
    },
    "nodes": {
      "denyCommands": [
        "camera.snap",
        "camera.clip",
        "screen.record",
        "contacts.add",
        "calendar.add",
        "reminders.add",
        "sms.send",
        "sms.search"
      ]
    }
  },
  "session": {
    "dmScope": "per-channel-peer"
  },
  "tools": {
    "profile": "coding"
  },
  "models": {
    "mode": "merge",
    "providers": {
      "xiaomi": {
        "baseUrl": "https://api.xiaomimimo.com/v1",
        "api": "openai-completions",
        "models": [
          {
            "id": "mimo-v2-flash",
            "name": "Xiaomi MiMo V2 Flash",
            "reasoning": false,
            "input": [
              "text"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 262144,
            "maxTokens": 8192
          },
          {
            "id": "mimo-v2-pro",
            "name": "Xiaomi MiMo V2 Pro",
            "reasoning": true,
            "input": [
              "text"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 1048576,
            "maxTokens": 32000
          },
          {
            "id": "mimo-v2-omni",
            "name": "Xiaomi MiMo V2 Omni",
            "reasoning": true,
            "input": [
              "text",
              "image"
            ],
            "cost": {
              "input": 0,
              "output": 0,
              "cacheRead": 0,
              "cacheWrite": 0
            },
            "contextWindow": 262144,
            "maxTokens": 32000
          }
        ]
      },
      "xiaomi-coding": {
        "baseUrl": "https://token-plan-cn.xiaomimimo.com/v1",
        "apiKey": "token填写",
        "api": "openai-completions",
        "models": [
          {
            "id": "mimo-v2.5-pro",
            "name": "mimo-v2.5-pro",
            "reasoning": true,
            "input": ["text"],
            "contextWindow": 1048576,
            "maxTokens": 32000
          }
        ]
      }
    }
  },
  "wizard": {
    "lastRunAt": "2026-04-28T18:37:44.415Z",
    "lastRunVersion": "2026.4.26",
    "lastRunCommand": "onboard",
    "lastRunMode": "local"
  },
  "meta": {
    "lastTouchedVersion": "2026.4.26",
    "lastTouchedAt": "2026-04-28T18:39:57.144Z"
  },
  "plugins": {
    "entries": {
      "xiaomi": {
        "enabled": true
      }
    }
  }
}
auth-profiles.json

位置: /server/openclaw/.openclaw/agents/main/agent/

1
2
3
4
5
6
7
8
9
10
{
  "version": 1,
  "profiles": {
    "xiaomi:default": {
      "type": "api_key",
      "provider": "xiaomi",
      "key": "你的token"
    }
  }
}
models.json

位置: /server/openclaw/.openclaw/agents/main/agent/

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
{
  "providers": {
    "codex": {
      "baseUrl": "https://chatgpt.com/backend-api",
      "apiKey": "codex-app-server",
      "auth": "token",
      "api": "openai-codex-responses",
      "models": [
        {
          "id": "gpt-5.5",
          "name": "GPT-5.5",
          "api": "openai-codex-responses",
          "reasoning": true,
          "input": [
            "text",
            "image"
          ],
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "contextWindow": 272000,
          "maxTokens": 128000,
          "compat": {
            "supportsReasoningEffort": true,
            "supportsUsageInStreaming": true
          }
        },
        {
          "id": "gpt-5.4",
          "name": "gpt-5.4",
          "api": "openai-codex-responses",
          "reasoning": true,
          "input": [
            "text",
            "image"
          ],
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "contextWindow": 272000,
          "maxTokens": 128000,
          "compat": {
            "supportsReasoningEffort": true,
            "supportsUsageInStreaming": true
          }
        },
        {
          "id": "gpt-5.4-mini",
          "name": "GPT-5.4-Mini",
          "api": "openai-codex-responses",
          "reasoning": true,
          "input": [
            "text",
            "image"
          ],
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "contextWindow": 272000,
          "maxTokens": 128000,
          "compat": {
            "supportsReasoningEffort": true,
            "supportsUsageInStreaming": true
          }
        },
        {
          "id": "gpt-5.3-codex",
          "name": "gpt-5.3-codex",
          "api": "openai-codex-responses",
          "reasoning": true,
          "input": [
            "text",
            "image"
          ],
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "contextWindow": 272000,
          "maxTokens": 128000,
          "compat": {
            "supportsReasoningEffort": true,
            "supportsUsageInStreaming": true
          }
        },
        {
          "id": "gpt-5.2",
          "name": "gpt-5.2",
          "api": "openai-codex-responses",
          "reasoning": true,
          "input": [
            "text",
            "image"
          ],
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "contextWindow": 272000,
          "maxTokens": 128000,
          "compat": {
            "supportsReasoningEffort": true,
            "supportsUsageInStreaming": true
          }
        }
      ]
    },
    "xiaomi": {
      "baseUrl": "https://api.xiaomimimo.com/v1",
      "api": "openai-completions",
      "models": [
        {
          "id": "mimo-v2-flash",
          "name": "Xiaomi MiMo V2 Flash",
          "reasoning": false,
          "input": [
            "text"
          ],
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "contextWindow": 262144,
          "maxTokens": 8192,
          "api": "openai-completions"
        },
        {
          "id": "mimo-v2-pro",
          "name": "Xiaomi MiMo V2 Pro",
          "reasoning": true,
          "input": [
            "text"
          ],
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "contextWindow": 1048576,
          "maxTokens": 32000,
          "api": "openai-completions"
        },
        {
          "id": "mimo-v2-omni",
          "name": "Xiaomi MiMo V2 Omni",
          "reasoning": true,
          "input": [
            "text",
            "image"
          ],
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "contextWindow": 262144,
          "maxTokens": 32000,
          "api": "openai-completions"
        }
      ]
    },
    "xiaomi-coding": {
      "baseUrl": "https://token-plan-cn.xiaomimimo.com/v1",
      "apiKey": "你的token",
      "api": "openai-completions",
      "models": [
        {
          "id": "mimo-v2.5-pro",
          "name": "mimo-v2.5-pro",
          "reasoning": true,
          "input": [
            "text"
          ],
          "contextWindow": 1048576,
          "maxTokens": 32000,
          "cost": {
            "input": 0,
            "output": 0,
            "cacheRead": 0,
            "cacheWrite": 0
          },
          "api": "openai-completions"
        }
      ]
    }
  }
}

origin not allowed (open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins)

这是访问的地址未授权,可以使用下方命令行授权

1
docker-compose run --rm openclaw-cli config set gateway.controlUi.allowedOrigins '["https://公网IP地址"]' --strict-json

授权后记得重启

1
docker restart root-openclaw-gateway-1

浏览器授权: device pairing required (requestId: e000809e-581b-4063-8314-1fd80b1e0ad8)

如果你登陆出现一串很长的id号,例如: 9feb716a-9bd2-40e4-89fd-7a478eb910d0,则需要查询和授权

1
openclaw devices approve 9feb716a-9bd2-40e4-89fd-7a478eb910d0

授权后效果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
node@24eb00f6b4a5:/app$ openclaw devices list

🦞 OpenClaw 2026.4.26 (unknown) — I keep secrets like a vault... unless you print them in debug logs again.



Paired (2)
┌──────────────────────────────────────────────────────────────┬────────────┬────────────────────────────────────────────────────────────────────────────────────────────────────────┬────────────┬─────────────┐
│ Device                                                       │ Roles      │ Scopes                                                                                                 │ Tokens     │ IP          │
├──────────────────────────────────────────────────────────────┼────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────────┼─────────────┤
│ ba401c411de71d44d8452dbb0b62233cc341ccecd686ec25a9d60198116d │ operator   │ operator.admin, operator.read, operator.write, operator.approvals, operator.pairing                    │ operator   │ 192.168.0.1 │
│ d472                                                         │            │                                                                                                        │            │             │
│ 6509cb283a25b293bea88912a655f3cb298637e142e9f79be7d0ed21a2bc │ operator   │ operator.admin, operator.read, operator.write, operator.approvals, operator.pairing, operator.talk.    │ operator   │             │
│ 5c00                                                         │            │ secrets                                                                                                │            │             │
└──────────────────────────────────────────────────────────────┴────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────────┴─────────────┘
node@24eb00f6b4a5:/app$

基本上搭建完毕,后续接着编写其他命令行内容

基本命令

初始化&&模型添加

交互式命令

首次使用会调用npm安装依赖,国内用户需要使用加速yaml来加速使用,使用快速开始则直接进入选择模型,反之需要选择模式

1
2
3
openclaw
# 快速开始(推荐)
openclaw onboard --flow quickstart

重新配置

和 onboard差不多步骤,就是重装

1
openclaw configure

相同区域

1
openclaw onboard --non-interactive --auth-choice

deepseek演示

1
openclaw onboard --non-interactive --auth-choice deepseek-api-key --deepseek-api-key "sk-xxx" --custom-model-id ""

ollama演示

1
2
3
4
5
openclaw onboard --non-interactive \
  --auth-choice ollama \
  --custom-base-url "http://ollama-host:11434" \
  --custom-model-id "qwen3.5:27b" \
  --accept-risk