Docker Configuration

How Docker Is Used

Every ClawHosters instance runs OpenClaw inside a Docker container on a dedicated VPS. Docker provides isolation, resource limits, and consistent deployments across all instances.

You do not need to interact with Docker directly for normal usage. ClawHosters manages the container lifecycle automatically. This reference is for users who SSH into their instance for advanced configuration.

Container Setup

The OpenClaw container is defined by a docker-compose.yml file generated by ClawHosters during deployment.

Docker Image

ClawHosters uses a custom OpenClaw image that includes SSH support for remote access. The image is pre-pulled during snapshot creation, so deployment is fast.

Ports

The gateway is accessible via your instance's domain. SSH access is available on port 2222.

Container Startup Command

gateway --allow-unconfigured --bind lan

The --allow-unconfigured flag lets the gateway start even without an LLM configured. The --bind lan flag binds to the local network interface.

Resource Limits

Docker enforces memory limits based on your tier to ensure stable performance. Each tier has appropriate memory allocation optimized for its workload.

If the container exceeds the memory limit, Docker automatically restarts it to maintain service availability.

Volumes

The container uses Docker volumes and bind-mounts for persistent data:

The openclaw_data named volume stores application data at /app/data. The config directory at /root/.openclaw is a separate bind-mount from ./dotopenclaw on the host (located at /opt/openclaw/dotopenclaw). This separation means config files can be updated independently without affecting application data.

Data in these volumes survives container restarts and reboots. A rebuild replaces the container but preserves the host-level data.

Health Check

Docker automatically monitors your instance's health. The gateway takes up to 60 seconds to start. After that, regular health checks ensure your instance stays online. If health checks fail repeatedly, Docker automatically attempts to restart the container.

Container Permissions

The container runs as root (user: "0"). This is intentional. OpenClaw needs root access to:

• Install packages at runtime (skills may require additional tools)
• Access system resources for browser automation
• Manage files across the container filesystem

Docker Security

The host's Docker daemon is configured with security hardening and resource management. Containers are isolated, privilege escalation is prevented, and logging is managed to prevent disk space issues.

Common Docker Commands

If you SSH into your instance, these commands are useful:

Check Container Status

docker ps

View Container Logs

# Last 100 lines
docker logs --tail 100 openclaw-<id>

# Follow logs in real-time
docker logs -f openclaw-<id>

Restart the Container

cd /opt/openclaw && docker compose restart

Execute Commands Inside the Container

# Interactive shell
docker exec -it openclaw-<id> bash

# Run a single command
docker exec openclaw-<id> node --version

Check Resource Usage

docker stats openclaw-<id> --no-stream

This shows current CPU, memory, and network usage.

What Not to Do

• Do not run docker compose down. This stops and removes the container. Use restart instead.
• Do not pull a new image manually. ClawHosters manages image updates through snapshots.
• Do not modify docker-compose.yml. ClawHosters overwrites it during redeployment. Custom changes will be lost.
• Do not change the memory limit. It is set based on your tier. Increasing it beyond the VPS capacity will crash the host.

Related Documentation

• Environment Variables: Variables passed to the container
• Resource Limits: CPU, RAM, storage by tier
• SSH Access: Connecting to your instance
• Rebuilding an Instance: Factory reset