Skip to main content
Project 4 min read

OpenClaw Docker: Secure AI Agents in Docker

Production-ready Docker for OpenClaw AI agents. Deploy Telegram-connected assistants in 15 minutes with security hardening and optional local LLMs.

Originally published:

GitHub by coreindustries

Purpose and Significance

Core OpenClaw Docker is a production-ready Docker deployment for OpenClaw, an open-source AI agent platform that runs securely on your machine and integrates with chat applications like Telegram. This project solves a critical friction point for developers: deploying a functional AI assistant without managing host Node.js dependencies, complex configuration, or security overhead. By containerizing the OpenClaw Gateway, it enables developers to launch a Telegram-connected AI assistant in approximately 15 minutes with minimal setup, while maintaining security best practices like capability dropping, resource limits, and localhost-only port bindings.

Key Features

  • One-Command Deployment: Docker Compose file wires the Gateway, Telegram integration, and optional TUI with a single docker compose up -d command
  • No Host Node Install Required: The Gateway runs entirely in Docker; no need to manage Node.js versions on your machine
  • Security-First Configuration: Built-in capability drops, resource limits, and localhost-only ports prevent unauthorized access and resource exhaustion
  • Local AI Option: Optional Docker Model Runner support allows running LLMs locally without cloud API keys or per-token costs
  • Multi-Channel Support: Telegram integration with optional Terminal UI (TUI) and future plugin support (Twitch, Google Chat)
  • API Key Management: Simple .env configuration for Anthropic API keys and Telegram bot tokens with clear templating
  • Upstream Sync: Automatically builds from the latest official OpenClaw Gateway release, ensuring security patches and feature updates
  • Production-Ready: Proven deployment pattern with comprehensive troubleshooting and TUI shortcut documentation

Getting Started

Setup takes three essential steps:

  1. Create a Telegram Bot: Message @BotFather in Telegram, run /newbot, and save the token provided
  2. Obtain an Anthropic API Key: Visit console.anthropic.com/account/keys and create a new key (prefixed with sk-ant-)
  3. Configure and Deploy: Copy .env.openclaw.example to .env, add your ANTHROPIC_API_KEY and TELEGRAM_BOT_TOKEN, then run make build && docker compose up -d

Within 2–3 minutes, message your bot on Telegram to verify it responds. The TUI (optional) connects via WebSocket to ws://127.0.0.1:8000 using the OpenClaw CLI: openclaw tui --url ws://127.0.0.1:8000 --token docker-local-token-change-me.

Local AI Models (Optional)

For cost-conscious deployments, run local LLMs via the included Docker Model Runner instead of cloud APIs. Execute make up-models to launch supported models (e.g., KIMI K2.5, Xiaomi MiMo-V2-Flash) alongside the Gateway. This eliminates per-token billing and API rate limits, ideal for development, testing, or private deployments.

Who It's For

  • AI/ML Developers: Need a sandboxed, production-grade agent platform to prototype and deploy AI assistants without infrastructure complexity
  • Telegram Power Users: Want to run a personal or team AI assistant on Telegram without vendor lock-in or cloud dependencies
  • DevSecOps Engineers: Require containerized, secure-by-default deployments with capability restrictions and resource isolation
  • Self-Hosters: Prefer running open-source tooling on personal hardware with transparent, auditable configuration
  • Cost-Conscious Teams: Seeking to avoid cloud API per-token pricing by leveraging local LLM inference

Security & Reliability

The container runs with dropped Linux capabilities, enforced resource limits (memory, CPU), and exposes the Gateway only on localhost ports by default. The official OpenClaw Gateway binary is fetched from github.com/openclaw/openclaw/releases at build time, ensuring you always use upstream security patches. Configuration is externalized via .env and config/openclaw.json, allowing easy credential rotation and environment-specific overrides without rebuilding.

Troubleshooting & Support

Common issues are well-documented: verify the Gateway is running with docker ps | grep openclaw, check logs via docker logs -f openclaw, and ensure port mismatches are resolved (OPENCLAW_PORT in .env must match the TUI --url port). Telegram pairing can be approved via docker exec (recommended) or the host CLI. The project includes a comprehensive skills and tooling cookbook for advanced configurations.

Resources & Links

  • Official OpenClaw Docs: docs.openclaw.ai — comprehensive guide to agents, models, and channels
  • Repository: github.com/coreindustries/core-openclaw-docker — source code, Dockerfile, and Compose files
  • Upstream Gateway: github.com/openclaw/openclaw — official OpenClaw Gateway and plugin ecosystem
  • Blog & Updates: openclaw.ai/blog — news on new model support (Twitch, Google Chat, KIMI K2.5) and feature releases
  • Docker Install Docs: Covers upstream flow, sandboxing strategies, and VPS deployment patterns
  • Contributing: CONTRIBUTING.md and CLAUDE.md files outline development workflow and AI-assisted coding guidelines

License: MIT — permissive for commercial and private use.

Read original
Share:

Original Source

https://github.com/coreindustries/core-openclaw-docker

View Original

Last updated: