Docker Configuration

How Docker Is Used

Every ClawHosters instance runs OpenClaw inside a Docker container on a dedicated VPS. Docker provides isolation, resource limits, and consistent deployments across all instances.

You do not need to interact with Docker directly for normal usage. ClawHosters manages the container lifecycle automatically. This reference is for users who SSH into their instance for advanced configuration.

Container Setup

The OpenClaw container is defined by a docker-compose.yml file generated by ClawHosters during deployment.

Docker Image

ghcr.io/phioranex/openclaw-docker:latest

This is a community-maintained image that receives regular updates. The image is pre-pulled during snapshot creation, so deployment does not require downloading it.

Ports

The gateway is accessible at http://your-instance-ip:8080. Nginx on the host reverse-proxies this for HTTPS access.

Container Startup Command

gateway --allow-unconfigured --bind lan

The --allow-unconfigured flag lets the gateway start even without an LLM configured. The --bind lan flag binds to the local network interface.

Resource Limits

Docker enforces memory limits based on your tier:

If the container exceeds the memory limit, Docker kills and restarts it automatically. The Node.js heap is set to roughly 75% of the Docker memory limit to leave room for other processes inside the container.

Volumes

The container uses a named Docker volume for persistent data:

Data in these volumes survives container restarts and reboots. A rebuild replaces the container but preserves the host-level data.

Health Check

Docker monitors the container's health:

healthcheck:
  test: ["CMD", "curl", "-f", "http://localhost:18789/"]
  interval: 30s
  timeout: 10s
  retries: 3
  start_period: 60s

The gateway takes up to 60 seconds to start. After that, Docker checks every 30 seconds. If three consecutive checks fail, Docker marks the container as unhealthy.

Container Permissions

The container runs as root (user: "0"). This is intentional — OpenClaw needs root access to:

• Install packages at runtime (skills may require additional tools)
• Access system resources for browser automation
• Manage files across the container filesystem

Docker Daemon Configuration

The host's Docker daemon is hardened with these settings:

Common Docker Commands

If you SSH into your instance, these commands are useful:

Check Container Status

docker ps

View Container Logs

# Last 100 lines
docker logs --tail 100 openclaw-<id>

# Follow logs in real-time
docker logs -f openclaw-<id>

Restart the Container

cd /opt/openclaw && docker compose restart

Execute Commands Inside the Container

# Interactive shell
docker exec -it openclaw-<id> bash

# Run a single command
docker exec openclaw-<id> node --version

Check Resource Usage

docker stats openclaw-<id> --no-stream

This shows current CPU, memory, and network usage.

What Not to Do

• Do not run docker compose down — This stops and removes the container. Use restart instead.
• Do not pull a new image manually — ClawHosters manages image updates through snapshots.
• Do not modify docker-compose.yml — ClawHosters overwrites it during redeployment. Custom changes will be lost.
• Do not change the memory limit — It is set based on your tier. Increasing it beyond the VPS capacity will crash the host.

Related Documentation

• Environment Variables — Variables passed to the container
• Resource Limits — CPU, RAM, storage by tier
• SSH Access — Connecting to your instance
• Rebuilding an Instance — Factory reset