Skip to content

Deployment Overview of Openclaw on Server

Prerequisites and Basic Requirements

To ensure the successful deployment of Openclaw, the following requirements must be met:

  • Operating System: Linux (Ubuntu/Debian based systems are implied by apt usage).

  • Privileges: Root or sudo access is required for package installation, directory creation, and service management.

  • Network Ports:

    • Port 80 (HTTP) for Let's Encrypt challenges and redirection.

    • Port 443 (HTTPS) for secure web traffic.

    • Port 18789 (Gateway) for the application backend.

FQDN of the final panel on the hostkey.in domain

The access point for the management interface follows this pattern: <prefix>Server ID.hostkey.in:<port>

(Note: The specific prefix is openclaw).

File and Directory Structure

The application utilizes several specific directories for configuration, certificates, and data storage:

Path Description
/root/nginx Contains the Docker Compose deployment files.
/data/nginx Main directory for Nginx configurations and environment files.
/data/nginx/user_conf.d Stores custom Nginx server block configurations.
/data/nginx/letsencrypt Webroot for Let's Encrypt ACME challenges.
/data/nginx/nginx-certbot.env Environment variables for the Nginx container.
~/.ansible/openclaw Directory for storing gateway tokens.

Docker Containers and Their Deployment

The deployment utilizes a Dockerized Nginx instance with Certbot integration to handle SSL termination. The service is managed via Docker Compose.

  • Image: jonasal/nginx-certbot:6.2.0-nginx1.31.0

  • Deployment Method: Docker Compose

  • Network Mode: host (to allow direct access to local services and simplify SSL handling).

  • Restart Policy: unless-stopped

Proxy Servers

Nginx acts as a reverse proxy, managing SSL termination via Let's Encrypt certificates.

  • SSL Configuration:

    • Uses Certbot for automated certificate management.

    • Implements HSTS (Strict-Transport-Security) with a max-age of one year.

    • Configured to handle HTTP to HTTPS redirection.

  • Proxy Settings:

    • Proxies traffic from port 443 to the local gateway on 127.0.0.1:18789.

    • Supports WebSocket upgrades (Upgrade $http_upgrade).

    • Passes real client IP addresses and original host headers via X-Forwarded-* headers.

Permission Settings

The following directory permissions are applied during deployment:

Directory/File Owner Group Mode
/root/nginx root root 0755
/data/nginx root root 0755
/data/nginx/user_conf.d root root 0755
/data/nginx/letsencrypt/.well-known/acme-challenge root root 0755
/root/nginx/compose.yml root root 0644
/data/nginx/*.conf root root 0644

Available ports for connection

The following ports are utilized by the system:

  • 80: Public HTTP access (Redirected to HTTPS).

  • 443: Secure HTTPS web interface.

  • 18789: Internal application gateway port.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×