安装依赖工具:
apt update apt install npm -y https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh nvm install node
设置国内源和代理地址:
npm config set registry https://registry.npmmirror.com npm config get registry npm config set proxy http://192.168.0.103:7897 npm config set https-proxy http://192.168.0.103:7897
安装openclaw:
npm install -g openclaw@latest openclaw onboard --install-daemon openclaw parring approve feishu 8NHTBBKG
外部访问OpenClaw Web UI:
生成ssl证书:openclaw通过nginx代理需要ssl通信,否则无法访问。
~# cat create_cert.sh
#!/bin/bash
# 配置变量
DOMAIN="openclaw.com"
WWW_DOMAIN="www.$DOMAIN"
DAYS=36500 # 证书有效期(天)
KEY_SIZE=4096 # 密钥长度
KEY_FILE="${DOMAIN}.key" # 私钥文件名
CRT_FILE="${DOMAIN}.crt" # 证书文件名
EXT_FILE="${DOMAIN}.ext" # 临时扩展配置文件
# 创建 OpenSSL 扩展配置文件(用于 SAN)
cat > "$EXT_FILE" <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = CN
ST = Shanghai
L = Shanghai
O = MyOrg
OU = IT
CN = $DOMAIN
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
DNS.2 = $WWW_DOMAIN
EOF
# 生成私钥和自签名证书(一次性完成)
openssl req -x509 \
-newkey rsa:$KEY_SIZE \
-nodes \
-keyout "$KEY_FILE" \
-out "$CRT_FILE" \
-days $DAYS \
-config "$EXT_FILE" \
-extensions v3_req
# 清理临时扩展文件
rm -f "$EXT_FILE"
# 输出结果信息
echo "证书生成完毕:"
echo "私钥:$KEY_FILE"
echo "证书:$CRT_FILE"
echo "请将这两个文件配置到 Nginx 的 ssl_certificate 和 ssl_certificate_key 指令中。"nginx的配置:
root@miaomiaomiao:/etc/nginx/conf.d# cat openclaw.conf
server {
listen 80;
listen [::]:80;
server_name openclaw.com www.openclaw.com;
# 强制跳转到 HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name openclaw.com www.openclaw.com;
# SSL 证书路径(请根据实际位置修改)
ssl_certificate /etc/nginx/ssl/openclaw.com.crt;
ssl_certificate_key /etc/nginx/ssl/openclaw.com.key;
# SSL 安全配置(推荐)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# 其他安全增强选项(可选)
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_stapling off; # 自签名证书不启用 OCSP Stapling
ssl_stapling_verify off;
# 根目录及默认首页(请按需修改)
root /var/www/openclaw.com;
index index.html index.htm;
# 示例:日志文件
access_log /var/log/nginx/openclaw.com_access.log;
error_log /var/log/nginx/openclaw.com_error.log;
# 示例:处理静态文件
#location / {
# try_files $uri $uri/ =404;
#}
# 可选:更详细的自定义配置
location / {
# 将请求转发到 OpenClaw 的默认端口
proxy_pass http://127.0.0.1:18789;
proxy_http_version 1.1;
# 传递必要的头部信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 支持 WebSocket (Control UI 可能需要)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}修改openclaw配置:
{
"gateway": {
"port": 18789,
"mode": "local",
"bind": "loopback",
"controlUi": {
"allowedOrigins": [
"https://openclaw.com",
"http://openclaw.com"
]
}
}
}Web UI页面需要填写的token:
配置文件里面有token:
"auth": {
"mode": "token",
"token": "099904248bc32f1783f7c0c61df8978bf60547db843e9c6c"
},openclaw的配置文件:仅供产考
root@miaomiaomiao:~/.openclaw# cat ~/.openclaw/openclaw.json
{
"meta": {
"lastTouchedVersion": "2026.3.23-2",
"lastTouchedAt": "2026-03-25T09:40:20.821Z"
},
"wizard": {
"lastRunAt": "2026-03-25T09:40:18.836Z",
"lastRunVersion": "2026.3.23-2",
"lastRunCommand": "onboard",
"lastRunMode": "local"
},
"auth": {
"profiles": {
"deepseek:default": {
"provider": "deepseek",
"mode": "api_key"
}
}
},
"models": {
"mode": "merge",
"providers": {
"deepseek": {
"baseUrl": "https://api.deepseek.com",
"api": "openai-completions",
"models": [
{
"id": "deepseek-chat",
"name": "DeepSeek Chat",
"api": "openai-completions",
"reasoning": false,
"input": [
"text"
],
"cost": {
"input": 0,
"output": 0,
"cacheRead": 0,
"cacheWrite": 0
},
"contextWindow": 131072,
"maxTokens": 8192,
"compat": {
"supportsUsageInStreaming": true
}
},
{
"id": "deepseek-reasoner",
"name": "DeepSeek Reasoner",
"api": "openai-completions",
"reasoning": true,
"input": [
"text"
],
"cost": {
"input": 0,
"output": 0,
"cacheRead": 0,
"cacheWrite": 0
},
"contextWindow": 131072,
"maxTokens": 65536,
"compat": {
"supportsUsageInStreaming": true
}
}
]
}
}
},
"agents": {
"defaults": {
"model": {
"primary": "deepseek/deepseek-reasoner"
},
"models": {
"deepseek/deepseek-chat": {
"alias": "DeepSeek"
},
"deepseek/deepseek-reasoner": {}
},
"workspace": "/root/.openclaw/workspace"
}
},
"tools": {
"profile": "coding"
},
"commands": {
"native": "auto",
"nativeSkills": "auto",
"restart": true,
"ownerDisplay": "raw"
},
"session": {
"dmScope": "per-channel-peer"
},
"channels": {
"feishu": {
"enabled": true,
"appId": "cli_a9000000efa5cb1",
"appSecret": "lUfwdTr1PrIuejxxxxxxK8fij0XE",
"connectionMode": "websocket",
"domain": "feishu",
"groupPolicy": "open"
}
},
"gateway": {
"port": 18789,
"mode": "local",
"bind": "loopback",
"controlUi": {
"allowedOrigins": [
"https://openclaw.com",
"http://openclaw.com"
]
},
"auth": {
"mode": "token",
"token": "099904248bc32f1783f7cabiddf8978bf60547db843e9c6c"
},
"tailscale": {
"mode": "off",
"resetOnExit": false
},
"nodes": {
"denyCommands": [
"camera.snap",
"camera.clip",
"screen.record",
"contacts.add",
"calendar.add",
"reminders.add",
"sms.send"
]
}
},
"plugins": {
"entries": {
"feishu": {
"enabled": true
}
}
}
}同意设备的访问请求:
root@miaomiaomiao:~/.openclaw# openclaw devices list OpenClaw 2026.3.23-2 (7ffe7e4) — We ship features faster than Apple ships calculator updates. │ ◇ Pending (1) ┌──────────────────────────────────────┬────────────────────────────┬──────────┬───────────────────────────────────────────────┬────────────┬────────┬────────┐ │ Request │ Device │ Role │ Scopes │ IP │ Age │ Flags │ ├──────────────────────────────────────┼────────────────────────────┼──────────┼───────────────────────────────────────────────┼────────────┼────────┼────────┤ │ 3f1c284f-02b6-480a-bb66-d84043a1a9f4 │ 0bd94879cfc0f900eaaa2a045e │ operator │ operator.admin, operator.read, operator. │ │ 1m ago │ │ │ │ 31a656c118b4d8e4c13291147b │ │ write, operator.approvals, operator.pairing │ │ │ │ │ │ 84d4adb827ad │ │ │ │ │ │ └──────────────────────────────────────┴────────────────────────────┴──────────┴───────────────────────────────────────────────┴────────────┴────────┴────────┘ Paired (2) ┌─────────────────────────────────────────────────┬────────────┬────────────────────────────────────────────────────────────────────┬────────────┬────────────┐ │ Device │ Roles │ Scopes │ Tokens │ IP │ ├─────────────────────────────────────────────────┼────────────┼────────────────────────────────────────────────────────────────────┼────────────┼────────────┤ │ c59585b2d3c6dc1462b3808a2e5f2390ab4c91320870738 │ operator │ operator.read, operator.admin, operator.write, operator. │ operator │ │ │ 40e8d4cfb23d882b4 │ │ approvals, operator.pairing │ │ │ │ c9a5e2d73ef8f6de28dad1dcf17e18cc9b94a4c7924a04d │ operator │ operator.admin, operator.read, operator.write, operator. │ operator │ │ │ 9a90059c3d87e79a2 │ │ approvals, operator.pairing │ │ │ └─────────────────────────────────────────────────┴────────────┴────────────────────────────────────────────────────────────────────┴────────────┴────────────┘ root@miaomiaomiao:~/.openclaw# openclaw devices approve 3f1c284f-02b6-480a-bb66-d84043a1a9f4 OpenClaw 2026.3.23-2 (7ffe7e4) — Your personal assistant, minus the passive-aggressive calendar reminders. │ ◇ Approved 0bd94879cfc0f900eaaa2a045e31a656c118b4d8e4c13291147b84d4adb827ad (3f1c284f-02b6-480a-bb66-d84043a1a9f4)
或者:
openclaw devices approve --all-pending
同意完成之后就可以在浏览器中通过域名来访问Web UI界面了,不再受设备限制。