OpenClaw Docker Install: Step-by-Step 2026 Guide

Q: Can I run OpenClaw without docker compose?

Yes: `docker run -d --name openclaw -e OPENCLAW_API_KEY=sk-ant-... -v openclaw_data:/app/.openclaw openclaw/openclaw:latest`. But docker-compose is much easier to manage.

The OpenClaw Docker install is the recommended path for production self-hosted deployments. Docker containers provide isolation, reproducible environments, easy updates via image pulls, and clean separation between your OpenClaw instance and host system. This guide covers a complete Docker Compose setup including reverse proxy configuration and persistent data volumes.

Prerequisites

Docker Engine 24.0+ and Docker Compose v2
A domain name pointing to your server (for TLS)
Port 80 and 443 open on your firewall
An LLM API key

The Docker Compose File

Create a directory and docker-compose.yml:

version: '3.9'
services:
  openclaw:
    image: openclaw/openclaw:latest
    container_name: openclaw
    restart: unless-stopped
    environment:
      - OPENCLAW_LLM_PROVIDER=anthropic
      - OPENCLAW_API_KEY=${ANTHROPIC_API_KEY}
      - OPENCLAW_TELEGRAM_TOKEN=${TELEGRAM_TOKEN}
    volumes:
      - openclaw_data:/app/.openclaw
      - ./config/openclaw.json:/app/openclaw.json:ro
    ports:
      - "127.0.0.1:8080:8080"
    networks:
      - openclaw_net

  nginx:
    image: nginx:alpine
    container_name: nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - certbot_www:/var/www/certbot
      - certbot_conf:/etc/letsencrypt
    networks:
      - openclaw_net

volumes:
  openclaw_data:
  certbot_www:
  certbot_conf:

networks:
  openclaw_net:

Environment Variables

Create a .env file (never commit this to git):

ANTHROPIC_API_KEY=sk-ant-...
TELEGRAM_TOKEN=1234567890:AAF...

Nginx Configuration

Create nginx/conf.d/openclaw.conf:

server {
    listen 443 ssl;
    server_name yourdomain.com;
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    location / {
        proxy_pass http://openclaw:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Starting the Stack

# Get TLS certificate first
docker run --rm -v certbot_www:/var/www/certbot -v certbot_conf:/etc/letsencrypt   certbot/certbot certonly --webroot -w /var/www/certbot -d yourdomain.com --email you@example.com --agree-tos

# Start everything
docker compose up -d

# Check logs
docker compose logs -f openclaw

Updating OpenClaw

docker compose pull
docker compose up -d

Updates apply without data loss because all persistent data lives in the named openclaw_data volume.

Backup and Restore

# Backup
docker run --rm -v openclaw_data:/data -v $(pwd):/backup alpine   tar czf /backup/openclaw-backup-$(date +%Y%m%d).tar.gz /data

# Restore
docker run --rm -v openclaw_data:/data -v $(pwd):/backup alpine   tar xzf /backup/openclaw-backup-YYYYMMDD.tar.gz -C /

Frequently Asked Questions

Can I run OpenClaw without docker compose?

Yes: docker run -d --name openclaw -e OPENCLAW_API_KEY=sk-ant-... -v openclaw_data:/app/.openclaw openclaw/openclaw:latest. But docker-compose is much easier to manage.

How do I run multiple OpenClaw instances?

Duplicate the service block in docker-compose.yml with different container names, port mappings, and data volumes. Each instance is completely isolated.

Does the Docker image include all skills?

The base image includes OpenClaw core only. Skills are installed at runtime via ClawHub and persisted in the data volume.