Setting up OpenClaw with Docker Compose

Troubleshooting openclaw docker compose configuration and setup

OpenClaw (formerly Clawdbot and Moltbot) is an open source ai-assistant that can do things on your behalf and is getting a lot of attention recently. This post is me documenting my process to get it up and running in a docker container as there are currently some issues getting it setup, so this might be helpful to others.

Note: OpenClaw is extremely new, has had and will continue to have security vulnerabilities, and can be risky. Proceed with care.
  1. Clone the repository: git clone https://github.com/openclaw/openclaw.git
  2. Change to the project folder: cd openclaw
  3. Run ./docker-setup.sh to build the image and do some initial setup
  4. Run the containers: docker compose up -d
  5. Update the OPENCLAW_ DIR and OPENCLAW_WORKSPACE_DIR values in .env to point to your desired locations
  6. Run docker compose run --rm openclaw-cli dashboard --no-open to generate a stub config file (I suggest creating the directories below and changing ownership before running this)
  7. Update the ownership of the new folder: sudo chown -R 1000:1000 $HOME/path/to/openclaw/.openclaw and sudo chown -R 1000:1000 $HOME/path/to/openclaw/.openclaw/workspace
  8. Run the on-boarding process (this command is different to avoid problems with the current instructions from openclaw - see below): docker compose exec openclaw-gateway node /app/openclaw.mjs onboard
    1. When asked for how you want to "hatch", say later because we still need to pair your device
  9. Run docker compose exec openclaw-cli dashboard --no-open
  10. You will get a token in the "Dashboard ready" portion; copy the link
  11. Open .env and paste the token into the OPENCLAW_GATEWAY_TOKEN value
  12. Open .openclaw/openclaw.json and do the following:
    1. Change bind to lan
    2. Add the following to gateway:
"auth": {
	"mode": "token",
	"token": "YOUR_TOKEN"
},
"remote": {
	"url": "ws://openclaw-gateway:18789",
	"token": "YOUR_TOKEN"
}
  1. Open a terminal in your host machine and open an ssh tunnel with this command: ssh -N -L 18789:127.0.0.1:18789 user@192.x.x.x (your machine's network IP)
  2. Restart docker compose up -d
  3. Open the localhost link in a browser (with the #token=1234)
  4. You should get a "pairing required" error
  5. Run this to see which devices are available: docker compose exec openclaw-gateway node /app/openclaw.mjs devices list
  6. It will show pending devices; copy the request ID
  7. Paste it in this command and run it to allow: docker compose exec openclaw-gateway node /app/openclaw.mjs devices approve <requestId>
  8. You should now be able to use openclaw in a docker context!

Model selection

I'm new to all this, but I have had some level of success with lower quants of Qwen3-Coder-Next-GGUF for slower and local tasks. However, these agents really require a lot of context, so it's currently challenging to get them working properly with local ollama models and the Anthropic/OpenAI/Gemini models can get expensive for this.

Safeguarding/optimizing

These changes can be made in the configuration directly, or you can just ask OpenClaw to do them:

  1. Limit "heartbeat" to use a less powerful model and less often
  2. Create an active hours block so it only runs when needed
  3. Use a service like n8n or Zapier as a middle service so you don't give credentials directly to OpenClaw

Troubleshooting

Following the steps to install openclaw on docker compose, I kept running into problems with the local IP routing.

They recommend this command to get your auth token: docker compose run --rm openclaw-cli dashboard --no-open

Followed by docker compose run --rm openclaw-cli devices list to list the devices. This resulted in the first error for me:

[openclaw] CLI failed: Error: gateway closed (1006 abnormal closure (no close frame)): no close reason
Gateway target: ws://127.0.0.1:18789
Source: local loopback
Config: /home/node/.openclaw/openclaw.json
Bind: lan

Since I'm running this in a docker container, the address is wrong. Docker containers on the same host let you reference one another with their name. We can explicitly define the URL like so:

docker compose run --rm openclaw-cli devices list --url ws://openclaw-gateway:18789 --token YOUR_TOKEN

Now there's another error:

gateway connect failed: Error: pairing required[openclaw] CLI failed: Error: gateway closed (1008): pairing required
Gateway target: ws://openclaw-gateway:18789
Source: cli --url
Config: /home/node/.openclaw/openclaw.json

We are connecting to the gateway, but cannot run the command without it starting, so we should run it directly: docker compose exec openclaw-gateway node /app/openclaw.mjs devices list

Next, I ran into a mismatch error:

[openclaw] Failed to start CLI: Error: gateway closed (1008): unauthorized: gateway token mismatch (set gateway.remote.token to match gateway.auth.toke)

To resolve this, make sure OPENCLAW_GATEWAY_TOKEN is the same as both gateway.auth.token and gateway.remote.token . You may need to restart the container docker compose restart

Now I was able to run the commands listed in the openclaw guide from the container directly:

  • Onboard: docker compose exec openclaw-cli node /app/openclaw.mjs onboard
  • List devices docker compose exec openclaw-gateway node /app/openclaw.mjs devices list
  • Approve devices docker compose exec openclaw-gateway node /app/openclaw.mjs devices approve <requestId>